In order to give those who need to schedule updates (such as migrating from
mod_cas to mod_auth_cas) time to do their upgrade, we're holding off on
releasing all of the details for the moment.  We'll release the details 30
days after the initial announcement.

Thanks for your understanding.
-Scott


On Thu, Jul 30, 2009 at 11:36 PM, Shivani Chandna <shivani.chan...@gmail.com
> wrote:

> I too am interested in knowing the details of the patch, for
> reasons similar as mentioned by Marvin.
> Shivani.
>
> On Thu, Jul 30, 2009 at 10:12 PM, Marvin Addison <marvin.addi...@gmail.com
> > wrote:
>
>> > Vulnerabilities were reported to Jasig about the legacy Yale mod_cas
>> filter
>> > and the CCCI ISAPI filter.
>>
>> Where can we get further information on the nature of these
>> vulnerabilities?  We have both of these in production and would like
>> as much information as possible, which would hopefully allow us to
>> decide for ourselves whether we could mitigate vulnerabilities instead
>> of upgrade.  I will of course +1 your recommendation to upgrade, but
>> giving folks an option would be best.
>>
>> M
>>
>> --
>> You are currently subscribed to cas-dev@lists.jasig.org as:
>> shivani.chan...@gmail.com
>> To unsubscribe, change settings or access archives, see
>> http://www.ja-sig.org/wiki/display/JSG/cas-dev
>>
>
> --
> You are currently subscribed to cas-dev@lists.jasig.org as: 
> scott.battag...@gmail.com
>
>
> To unsubscribe, change settings or access archives, see 
> http://www.ja-sig.org/wiki/display/JSG/cas-dev
>
>

-- 
You are currently subscribed to cas-dev@lists.jasig.org as: 
arch...@mail-archive.com
To unsubscribe, change settings or access archives, see 
http://www.ja-sig.org/wiki/display/JSG/cas-dev

Reply via email to