: cas-user@lists.jasig.org Cc:
> cas-u...@jasig.org, cas-u...@jasig.org, mperumalr...@lynn.edu Date: 05/06/2014
> 09:39 PM Subject: Re: [cas-user] Critical vulnerabilitie CAS 3.5.2
> --
>
>
>
> Hi,
>
> After further investigations, the vulnerability
09:39 PM
Subject:
Re: [cas-user] Critical vulnerabilitie CAS 3.5.2
Hi,
After further investigations, the vulnerability comes from a customization
added to the CAS server and not from the CAS server itself.
One must always be careful when it comes to customization.
Thanks for reporting anyway
, Malarvizhi Perumalraja wrote:
>
> Okay Thank you
>
>
>
> *From:* Scott Battaglia [mailto:scott.b...@gmail.com ]
> *Sent:* Monday, May 05, 2014 10:00 AM
> *To:* cas-...@lists.jasig.org
> *Subject:* Re: [cas-user] Critical vulnerabilitie CAS 3.5.2
>
>
>
Okay Thank you
From: Scott Battaglia [mailto:scott.battag...@gmail.com]
Sent: Monday, May 05, 2014 10:00 AM
To: cas-user@lists.jasig.org
Subject: Re: [cas-user] Critical vulnerabilitie CAS 3.5.2
Please contact the security group:
https://wiki.jasig.org/display/JSG/Security+Contact+Group
if you
Hi,
For security issue, please report privately the problem at
secur...@jasig.org.
Thanks.
Best regards,
Jérôme
2014-05-05 15:50 GMT+02:00 Malarvizhi Perumalraja :
> Hi,
>
> We recently upgraded to CAS 3.5.2 version. Today our security software
> detected a cross-site scripting Critical vulne
Please contact the security group:
https://wiki.jasig.org/display/JSG/Security+Contact+Group
if you feel you may have found a vulnerability, providing as many details
as possible.
Thanks!
Scott
On Mon, May 5, 2014 at 9:50 AM, Malarvizhi Perumalraja <
mperumalr...@lynn.edu> wrote:
> Hi,
>
> We
Hi,
We recently upgraded to CAS 3.5.2 version. Today our security software detected
a cross-site scripting Critical vulnerabilities on our CAS website.
Does anyone else have the same issue. Please advise what actions needs to be
taken. Is there any security patch?
Thanks
Malar
This email is i