Indeed, the *allowedToProxy *default value has been changed from true to false.
In most cases, for already defined registered services, there will be no problem. But, in some cases, depending on the way to load services, it can break things... Sounds a bit strange subsequently, but we must have agreed on this to push the change. It can be easily reverted though... Best, Jérôme 2014-01-30 Marvin Addison <[email protected]>: > I'd like to gauge the suitability of the present HEAD of the 3.5.x > branch for a release in the near term. There are some commits in there > related to security hardening, and I'm curious whether any of the > changes would affect behavior in an upgrade scenario. In other words, > do any of the changes break drop-in compatibility needed for a point > release? > > Thanks, > M > > -- > You are currently subscribed to [email protected] as: > [email protected] > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-dev > -- You are currently subscribed to [email protected] as: [email protected] To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-dev
