I came across this announcement on an RSS feed: https://apereo.github.io/2020/07/24/credvuln/
I searched for it on the public security list ( https://groups.google.com/a/apereo.org/forum/#!forum/cas-appsec-public) listed here: https://apereo.github.io/cas/Mailing-Lists.html And I didn’t see any discussion of this vulnerability here. Where are we supposed to be getting this information apart from the blog? On a side note, I note that 5.3.x is not listed, but wanted to double-check that it is not affected. As I understand it, 5.3.x is in security-patch mode through October 29, 2020: https://apereo.github.io/cas/developer/Maintenance-Policy.html -- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to cas-user+unsubscr...@apereo.org. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CAEdMQHWX8d4y1XGsUEO5YCa7G5BcU70-ZqWyWB%2BBfdJbcim-Zg%40mail.gmail.com.