Yes indeed, you should upgrade to close the vulnerability if you use LDAP authentication.
Best regards, Jérôme LELEU Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org 2015-01-22 14:47 GMT+01:00 Chris Cheltenham <cchelten...@swaintechs.com>: > Hello, > > > > I just saw this in a CAS 3.5.3 update release note: > > > > You must notice that there is a security fix for the "LDAP login with > wilcards" attack (CVE-2015-1169). *You must upgrade if you use LDAP > authentication* > > > > Are you saying one SHOULD upgrade if we use LDAP to CAS ver 3.5.3 to close > the vulnerability (CVE-2015-1169) ? > > > > > > Thank You, > > > > Chris Cheltenham > > SwainTechs / HHS > > > > Cell# 267-586-2369 > > > > *From:* Jérôme LELEU [mailto:lel...@gmail.com] > *Sent:* Thursday, January 22, 2015 5:06 AM > *To:* cas-user@lists.jasig.org > *Subject:* [cas-user] CAS server release v3.5.3 > > > > Hi, > > > > I'm proud to announce the new release 3.5.3 of the CAS server. It's > available on the Maven Central repository: > http://search.maven.org/#artifactdetails%7Corg.jasig.cas%7Ccas-server-webapp%7C3.5.3%7Cwar > . > > > > Here are the release notes: > https://github.com/Jasig/cas/releases/tag/v3.5.3. > > > > You must notice that there is a security fix for the "LDAP login with > wilcards" attack (CVE-2015-1169). *You must upgrade if you use LDAP > authentication.* > > > > There won't be any new 3.5.x version unless a security patch is required. > > > > Thanks. > > Best regards, > > > > > Jérôme LELEU > > Founder of CAS in the cloud: www.casinthecloud.com | Twitter: @leleuj > > Chairman of CAS: www.jasig.org/cas | Creator of pac4j: www.pac4j.org > > > > -- > > You are currently subscribed to cas-user@lists.jasig.org as: > cchelten...@swaintechs.com > > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- > You are currently subscribed to cas-user@lists.jasig.org as: lel...@gmail.com > To unsubscribe, change settings or access archives, see > http://www.ja-sig.org/wiki/display/JSG/cas-user > > -- You are currently subscribed to cas-user@lists.jasig.org as: arch...@mail-archive.com To unsubscribe, change settings or access archives, see http://www.ja-sig.org/wiki/display/JSG/cas-user
