On Tuesday, August 28, 2018 at 10:39:43 AM UTC+2, leleuj wrote: > > Hi, > > The MFA features of the Apereo CAS server have a critical security > vulnerability that allows one to bypass follow-up authentication factors. > > If your CAS deployment uses an MFA integration other than one with Duo > Security, you *MUST* upgrade the version of your CAS server to the latest > appropriate release: > > - using the 5.3.x stream, upgrade to the version 5.3.3 > - using the 5.2.x stream, upgrade to the version 5.2.7 > - using older versions, upgrade to the version 5.2.7. > > We will provide more details after a grace period of two weeks. For more > information on the security policy, please see: > https://apereo.github.io/cas/development/planning/Security-Guide.html > > Thanks. > Best regards, > Jérôme > >
-- - Website: https://apereo.github.io/cas - Gitter Chatroom: https://gitter.im/apereo/cas - List Guidelines: https://goo.gl/1VRrw7 - Contributions: https://goo.gl/mh7qDG --- You received this message because you are subscribed to the Google Groups "CAS Community" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/6444770b-22f6-4eea-a868-341537408b9c%40apereo.org.
