For completeness, here are the full details of the "Medium impact"
vulnerabilities. You can look up the details by replacing the reference
number with the appropriate one
(https://www.cvedetails.com/cve-details.php?t=1&cve_id=CVE-2015-3250):
CVE-2015-3250 CWE-200 Information Exposure Medium(5.0
More detail on the "High impact" vulnerabilities in CAS - libraries
included in the war file:
CVE-2011-5034 CWE-20 Improper Input Validation High(7.8)
geronimo-spec-jta-1.0.1B-rc4.jar
CVE-2011-2730 CWE-16 Configuration High(7.5) spring-webmvc-pac4j-2.0.0.jar
CVE-2018-1270 CWE-358 Improperly Im
Hi,
I have application.properties read like this:
spring.jpa.hibernate.naming_strategy=org.hibernate.cfg.EJB3NamingStrategy
spring.jpa.hibernate.naming.implicit-strategy=org.hibernate.boot.model.naming.ImplicitNamingStrategyLegacyJpaImpl
spring.jpa.hibernate.naming.physical-strategy=org.hibernat
Hi,
After moving cas-client initialization from web.xml to spring beans we
can't get anymore the proxy-ticket from the assertion. Did someone
encounter the problem ? I don't see any bug repport about this problem. It
would be to fix this problem : https://github.com/Jasig/uPortal/issues/1374
I do something like this in my old cas installation (3.5), where I get an
attribute from ldap and use that to query a database for another attribute.
As far as I can see, this feature was not included in the property based
configuration system.
(And the documentation for configuring the beans ma
Hi,
i've need to deploy cas ear on wildfly 10, so someone can explain how to do:
- put war in ear
- deploy it on wildfly
Regards
G
--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl
