Hello, I just saw this in a CAS 3.5.3 update release note:
You must notice that there is a security fix for the "LDAP login with wilcards" attack (CVE-2015-1169). You must upgrade if you use LDAP authentication Are you saying one SHOULD upgrade if we use LDAP to CAS ver 3.5.3 to close the vulnerability (CVE-2015-1169) ? Thank You, Chris Cheltenham SwainTechs / HHS Cell# 267-586-2369 From: Jérôme LELEU [mailto:lel...@gmail.com] Sent: Thursday, January 22, 2015 5:06 AM To: cas-user@lists.jasig.org Subject: [cas-user] CAS server release v3.5.3 Hi, I'm proud to announce the new release 3.5.3 of the CAS server. It's available on the Maven Central repository: http://search.maven.org/#artifactdetails%7Corg.jasig.cas%7Ccas-server-webapp%7C3.5.3%7Cwar. Here are the release notes: https://github.com/Jasig/cas/releases/tag/v3.5.3. You must notice that there is a security fix for the "LDAP login with wilcards" attack (CVE-2015-1169). You must upgrade if you use LDAP authentication. There won't be any new 3.5.x version unless a security patch is required. Thanks. Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com<http://www.casinthecloud.com> | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas<http://www.jasig.org/cas> | Creator of pac4j: www.pac4j.org<http://www.pac4j.org> -- You are currently subscribed to cas-user@lists.jasig.org<mailto:cas-user@lists.jasig.org> as: cchelten...@swaintechs.com<mailto:cchelten...@swaintechs.com> To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user