On 2014/08/11, 12:46 PM, "Marvin Addison" <marvin.addi...@gmail.com> wrote:
>> Does this affect ALL versions of the Java client prior to 3.3.2? > >I did code review of the latest 3.2 and 3.1 versions and they were >both vulnerable. I built one-off patches for my institution, but we >will consider providing official patches for those lines if there is >interest. So far I'm doing fact-finding before I announce to folks here, but if they were available that would ease the patching, I'm sure. Don't know how much trouble that is. :) For my couple of apps, I will probably take the opportunity to get current. > >> Also, is there a way to get the 3.3.2 jar without having to do a Maven >> build? Latest on the downloads site is 3.2.x. > >I noticed there's no download bundle as well. I imagine Scott simply >hasn't gotten to it yet, but I'm sure simply mentioning it here will >make it magically appear :) > >M :) As always, the work of those of you officially involved with CAS is much appreciated. Thanks, Tim -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
