This thread doesn't appear to relate to the current vulnerability. A CVE does exist at https://www.cvedetails.com/cve/CVE-2019-10754/ which might help answer some questions. Seems like the path forward for 5.2.x deployments is to upgrade to 5.3.12.1 or a newer version.
On Tuesday, October 1, 2019 at 8:49:37 AM UTC-5, Jim Mulvey wrote: > > Hi David, based on this thread: > https://groups.google.com/a/apereo.org/forum/#!topic/cas-appsec-public/zXqxDN9rB8A > I believe the solution for those on the 5.2 branch is to upgrade to 5.2.7 > Also, that thread suggests that if you're using an alternative MFA > solution (we're using Duo) then we're unaffected. > > I'm not the authority on this, but that's what I'm piecing together. > - Jim > > On Tuesday, October 1, 2019 at 9:24:11 AM UTC-4, David Curry wrote: >> >> Bump. We have the same questions that Jim asked... >> >> -- >> >> DAVID A. CURRY, CISSP >> *DIRECTOR • INFORMATION SECURITY & PRIVACY* >> THE NEW SCHOOL • INFORMATION TECHNOLOGY >> >> 71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003 >> +1 646 909-4728 • david...@newschool.edu >> >> >> On Mon, Sep 30, 2019 at 11:16 AM Jim Mulvey <jmulv...@gmail.com> wrote: >> >>> Hello, I see that CAS 5.2.x was removed from the Maintenace Policy (and >>> thus considered EOL) 5 days ago, although it was previously set to go EOL >>> on November 27th, 2019. >>> What does this vulnerability mean to those of us running 5.2.x ? Are we >>> advised to upgrade to 5.3.x immediately? Why did support for 5.2.x end so >>> abruptly? >>> >>> On Monday, September 30, 2019 at 5:29:43 AM UTC-4, Misagh Moayyed wrote: >>>> >>>> Please see https://apereo.github.io/2019/09/27/numvulndisc/ >>>> -- >>>> *- Misagh* >>>> >>> -- >>> You received this message because you are subscribed to the Google >>> Groups "CAS Developer" group. >>> To unsubscribe from this group and stop receiving emails from it, send >>> an email to cas...@apereo.org. >>> To view this discussion on the web visit >>> https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org >>> >>> <https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org?utm_medium=email&utm_source=footer> >>> . >>> >> -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6709ae84-6460-476d-8085-18f4f7306097%40apereo.org.
