Hi, Nathan reminds me of the fact that I have to raise a security warning on OAuth server support in CAS.
There is a security breach due to redirection on unvalidated urls in cas-server-support-oauth 3.5.0 (authorize call) [1]. This has been corrected in 3.5.1 [2]. I updated the wiki to warn users. I'm the only one to blame for that ! Best regards, Jérôme 1 = https://github.com/Jasig/cas/blob/v3.5.0/cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/web/OAuth20AuthorizeController.java 2 = https://github.com/Jasig/cas/blob/master/cas-server-support-oauth/src/main/java/org/jasig/cas/support/oauth/web/OAuth20AuthorizeController.java -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
