IdP 3.3.3/CAS Advisory clarification

O'Dowd, Josh Josh.O'Dowd at mso.umt.edu
Wed May 16 13:54:59 EDT 2018


Thanks Marvin,

The question was really more about trying to confirm that v3.3.3 fixes SimpleTicketService.  We have a number of services under the phpCAS client limitation.  I want to make sure they don’t break if I upgrade to v3.3.3, since the EncodingTicketService isn’t an option for them.

Josh

From: users [mailto:users-bounces at shibboleth.net] On Behalf Of Marvin Addison
Sent: Wednesday, May 16, 2018 11:23 AM
To: Shib Users <users at shibboleth.net>
Subject: Re: IdP 3.3.3/CAS Advisory clarification

On Wed, May 16, 2018 at 11:34 AM O'Dowd, Josh <Josh.O'Dowd at mso.umt.edu<mailto:Josh.O%27Dowd at mso.umt.edu>> wrote:
The solutions appear to be upgrade to 3.3.3, or change cas config to use encoding service ticket.

That is correct. Upgrade or swap components to mitigate the vulnerability.

M

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20180516/b188c6aa/attachment.html>


More information about the users mailing list