> Does this affect ALL versions of the Java client prior to 3.3.2? I did code review of the latest 3.2 and 3.1 versions and they were both vulnerable. I built one-off patches for my institution, but we will consider providing official patches for those lines if there is interest.
> Also, is there a way to get the 3.3.2 jar without having to do a Maven > build? Latest on the downloads site is 3.2.x. I noticed there's no download bundle as well. I imagine Scott simply hasn't gotten to it yet, but I'm sure simply mentioning it here will make it magically appear :) M -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user