[cas-user] Spring beans vulnerability CAS Server 6.3.7.4

Hi all, We are using CAS server version as 6.3.7.4. Our team reported the presence of Spring beans 5.2.12.RELEASE.jar inside cas.war file in below location *cas.war/WEB-INF/lib/cas-server-webapp-tomcat-6.3.7.4.war/WEB-INF/lib* We can't exclude cas-server-webapp-tomcat-6.3.7.4.war as this has str

[cas-user] cas.properties regular expressions?

Do the properties in cas.properties support regular expressions? E.g.: cas.monitor.endpoints.endpoint.defaults.requiredIpAddresses=10.10.10.[234] yields: TRACE [org.apereo.cas.web.security.CasWebSecurityExpressionRoot] - java.lang.IllegalArgumentException: Failed to parse address10.10.10.[234]

[cas-user] Trouble with ActiveMQ/Artemis JMS ticketing system on Cas 6.5.6.

We have a cas environment with 2 front ends, and want to point to a central jms server for distributed ticketing. We have artemis set up on a third box (not using artemis specifically, just using it as the next activemq release). Auth is handed off via delegated saml (to okta) so pac4j is used