In order to give those who need to schedule updates (such as migrating from mod_cas to mod_auth_cas) time to do their upgrade, we're holding off on releasing all of the details for the moment. We'll release the details 30 days after the initial announcement.
Thanks for your understanding. -Scott On Thu, Jul 30, 2009 at 11:36 PM, Shivani Chandna <shivani.chan...@gmail.com > wrote: > I too am interested in knowing the details of the patch, for > reasons similar as mentioned by Marvin. > Shivani. > > On Thu, Jul 30, 2009 at 10:12 PM, Marvin Addison <marvin.addi...@gmail.com > > wrote: > >> > Vulnerabilities were reported to Jasig about the legacy Yale mod_cas >> filter >> > and the CCCI ISAPI filter. >> >> Where can we get further information on the nature of these >> vulnerabilities? We have both of these in production and would like >> as much information as possible, which would hopefully allow us to >> decide for ourselves whether we could mitigate vulnerabilities instead >> of upgrade. I will of course +1 your recommendation to upgrade, but >> giving folks an option would be best. >> >> M >> >> -- >> You are currently subscribed to cas-dev@lists.jasig.org as: >> shivani.chan...@gmail.com >> To unsubscribe, change settings or access archives, see >> http://www.ja-sig.org/wiki/display/JSG/cas-dev >> > > -- > You are currently subscribed to cas-dev@lists.jasig.org as: > scott.battag...@gmail.com > > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > > -- You are currently subscribed to cas-dev@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev