Release Announcement: CAS Security Patches

classic Classic list List threaded Threaded
8 messages Options
Reply | Threaded
Open this post in threaded view
|

Release Announcement: CAS Security Patches

Misagh Moayyed-2

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/CAGSBKkejbjfeyPZW66UiuTbgRCraWFZS2cxw1eAQKATf%2BgE1eg%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Release Announcement: CAS Security Patches

Jim Mulvey
Hello, I see that CAS 5.2.x was removed from the Maintenace Policy (and thus considered EOL) 5 days ago, although it was previously set to go EOL on November 27th, 2019.
What does this vulnerability mean to those of us running 5.2.x ? Are we advised to upgrade to 5.3.x immediately? Why did support for 5.2.x end so abruptly?

On Monday, September 30, 2019 at 5:29:43 AM UTC-4, Misagh Moayyed wrote:
Please see <a href="https://apereo.github.io/2019/09/27/numvulndisc/" style="font-family:Arial,Helvetica,sans-serif" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fapereo.github.io%2F2019%2F09%2F27%2Fnumvulndisc%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNH3bpPRb0_gl4EUmogLaWLct6dmyg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fapereo.github.io%2F2019%2F09%2F27%2Fnumvulndisc%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNH3bpPRb0_gl4EUmogLaWLct6dmyg&#39;;return true;">https://apereo.github.io/2019/09/27/numvulndisc/ 
--
- Misagh

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org.
Reply | Threaded
Open this post in threaded view
|

Re: Release Announcement: CAS Security Patches

David Curry
Bump. We have the same questions that Jim asked...

--

DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL  INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • [hidden email]



On Mon, Sep 30, 2019 at 11:16 AM Jim Mulvey <[hidden email]> wrote:
Hello, I see that CAS 5.2.x was removed from the Maintenace Policy (and thus considered EOL) 5 days ago, although it was previously set to go EOL on November 27th, 2019.
What does this vulnerability mean to those of us running 5.2.x ? Are we advised to upgrade to 5.3.x immediately? Why did support for 5.2.x end so abruptly?

On Monday, September 30, 2019 at 5:29:43 AM UTC-4, Misagh Moayyed wrote:

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org.

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/CA%2Bd9XAPGbdUFuKi3%3DJVE4cfwmiZ7tT9zpG8%2B14-Wj2cqGyUN%2Bg%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Release Announcement: CAS Security Patches

Jim Mulvey
Hi David, based on this thread: https://groups.google.com/a/apereo.org/forum/#!topic/cas-appsec-public/zXqxDN9rB8A
I believe the solution for those on the 5.2 branch is to upgrade to 5.2.7
Also, that thread suggests that if you're using an alternative MFA solution (we're using Duo) then we're unaffected.

I'm not the authority on this, but that's what I'm piecing together.
- Jim

On Tuesday, October 1, 2019 at 9:24:11 AM UTC-4, David Curry wrote:
Bump. We have the same questions that Jim asked...

--

DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL  INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • <a href="javascript:" target="_blank" gdf-obfuscated-mailto="k_qxSIa_CQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">david...@...



On Mon, Sep 30, 2019 at 11:16 AM Jim Mulvey <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="k_qxSIa_CQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">jmulv...@...> wrote:
Hello, I see that CAS 5.2.x was removed from the Maintenace Policy (and thus considered EOL) 5 days ago, although it was previously set to go EOL on November 27th, 2019.
What does this vulnerability mean to those of us running 5.2.x ? Are we advised to upgrade to 5.3.x immediately? Why did support for 5.2.x end so abruptly?

On Monday, September 30, 2019 at 5:29:43 AM UTC-4, Misagh Moayyed wrote:
Please see <a href="https://apereo.github.io/2019/09/27/numvulndisc/" style="font-family:Arial,Helvetica,sans-serif" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fapereo.github.io%2F2019%2F09%2F27%2Fnumvulndisc%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNH3bpPRb0_gl4EUmogLaWLct6dmyg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fapereo.github.io%2F2019%2F09%2F27%2Fnumvulndisc%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNH3bpPRb0_gl4EUmogLaWLct6dmyg&#39;;return true;">https://apereo.github.io/2019/09/27/numvulndisc/ 
--
- Misagh

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="javascript:" target="_blank" gdf-obfuscated-mailto="k_qxSIa_CQAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">cas...@....
To view this discussion on the web visit <a href="https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org?utm_medium=email&amp;utm_source=footer" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;">https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org.

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/be79e1f5-f18f-4b72-adfe-12c7229cdac8%40apereo.org.
Reply | Threaded
Open this post in threaded view
|

Re: [cas-user] Re: [cas-dev] Re: Release Announcement: CAS Security Patches

Riley Wills
In reply to this post by David Curry
Check out https://apereo.github.io/2019/09/27/numvulndisc/ that does mention "previous CAS versions are considered EOL and are advised to upgrade.” 

— 
Riley Wills
Senior Programmer, Enterprise Applications




On Oct 1, 2019, at 8:23 AM, David Curry <[hidden email]> wrote:

Bump. We have the same questions that Jim asked...

--
DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL  INFORMATION TECHNOLOGY
71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • [hidden email]


On Mon, Sep 30, 2019 at 11:16 AM Jim Mulvey <[hidden email]> wrote:
Hello, I see that CAS 5.2.x was removed from the Maintenace Policy (and thus considered EOL) 5 days ago, although it was previously set to go EOL on November 27th, 2019.
What does this vulnerability mean to those of us running 5.2.x ? Are we advised to upgrade to 5.3.x immediately? Why did support for 5.2.x end so abruptly?

On Monday, September 30, 2019 at 5:29:43 AM UTC-4, Misagh Moayyed wrote:

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org.

--
- Website: https://apereo.github.io/cas
- Gitter Chatroom: https://gitter.im/apereo/cas
- List Guidelines: https://goo.gl/1VRrw7
- Contributions: https://goo.gl/mh7qDG
---
You received this message because you are subscribed to the Google Groups "CAS Community" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-user/CA%2Bd9XAPGbdUFuKi3%3DJVE4cfwmiZ7tT9zpG8%2B14-Wj2cqGyUN%2Bg%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/398C0FB5-70EB-4B05-BEA1-03181140D8A6%40acu.edu.
Reply | Threaded
Open this post in threaded view
|

Re: Release Announcement: CAS Security Patches

Riley Wills-2
In reply to this post by Jim Mulvey
This thread doesn't appear to relate to the current vulnerability. A CVE does exist at https://www.cvedetails.com/cve/CVE-2019-10754/ which might help answer some questions. Seems like the path forward for 5.2.x deployments is to upgrade to 5.3.12.1 or a newer version.

On Tuesday, October 1, 2019 at 8:49:37 AM UTC-5, Jim Mulvey wrote:
Hi David, based on this thread: <a href="https://groups.google.com/a/apereo.org/forum/#!topic/cas-appsec-public/zXqxDN9rB8A" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/a/apereo.org/forum/#!topic/cas-appsec-public/zXqxDN9rB8A&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/a/apereo.org/forum/#!topic/cas-appsec-public/zXqxDN9rB8A&#39;;return true;">https://groups.google.com/a/apereo.org/forum/#!topic/cas-appsec-public/zXqxDN9rB8A
I believe the solution for those on the 5.2 branch is to upgrade to 5.2.7
Also, that thread suggests that if you're using an alternative MFA solution (we're using Duo) then we're unaffected.

I'm not the authority on this, but that's what I'm piecing together.
- Jim

On Tuesday, October 1, 2019 at 9:24:11 AM UTC-4, David Curry wrote:
Bump. We have the same questions that Jim asked...

--

DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL  INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • [hidden email]



On Mon, Sep 30, 2019 at 11:16 AM Jim Mulvey <[hidden email]> wrote:
Hello, I see that CAS 5.2.x was removed from the Maintenace Policy (and thus considered EOL) 5 days ago, although it was previously set to go EOL on November 27th, 2019.
What does this vulnerability mean to those of us running 5.2.x ? Are we advised to upgrade to 5.3.x immediately? Why did support for 5.2.x end so abruptly?

On Monday, September 30, 2019 at 5:29:43 AM UTC-4, Misagh Moayyed wrote:
Please see <a href="https://apereo.github.io/2019/09/27/numvulndisc/" style="font-family:Arial,Helvetica,sans-serif" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fapereo.github.io%2F2019%2F09%2F27%2Fnumvulndisc%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNH3bpPRb0_gl4EUmogLaWLct6dmyg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fapereo.github.io%2F2019%2F09%2F27%2Fnumvulndisc%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNH3bpPRb0_gl4EUmogLaWLct6dmyg&#39;;return true;">https://apereo.github.io/2019/09/27/numvulndisc/ 
--
- Misagh

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit <a href="https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org?utm_medium=email&amp;utm_source=footer" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;">https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org.

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/6709ae84-6460-476d-8085-18f4f7306097%40apereo.org.
Reply | Threaded
Open this post in threaded view
|

Re: Release Announcement: CAS Security Patches

David Curry
But Jim's original question remains: why was 5.2.x suddenly removed from the support list 6 days ago when it was originally not scheduled to hit EOL until November 27th?

If there's no way to fix it and an upgrade is required, then say that. But just removing it from the list of supported releases 60 days before its support is scheduled to end, with no notice and no explanation, is not helpful.


--

DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL  INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • [hidden email]



On Tue, Oct 1, 2019 at 9:55 AM Riley Wills <[hidden email]> wrote:
This thread doesn't appear to relate to the current vulnerability. A CVE does exist at https://www.cvedetails.com/cve/CVE-2019-10754/ which might help answer some questions. Seems like the path forward for 5.2.x deployments is to upgrade to 5.3.12.1 or a newer version.

On Tuesday, October 1, 2019 at 8:49:37 AM UTC-5, Jim Mulvey wrote:
Hi David, based on this thread: https://groups.google.com/a/apereo.org/forum/#!topic/cas-appsec-public/zXqxDN9rB8A
I believe the solution for those on the 5.2 branch is to upgrade to 5.2.7
Also, that thread suggests that if you're using an alternative MFA solution (we're using Duo) then we're unaffected.

I'm not the authority on this, but that's what I'm piecing together.
- Jim

On Tuesday, October 1, 2019 at 9:24:11 AM UTC-4, David Curry wrote:
Bump. We have the same questions that Jim asked...

--

DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL  INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • [hidden email]



On Mon, Sep 30, 2019 at 11:16 AM Jim Mulvey <[hidden email]> wrote:
Hello, I see that CAS 5.2.x was removed from the Maintenace Policy (and thus considered EOL) 5 days ago, although it was previously set to go EOL on November 27th, 2019.
What does this vulnerability mean to those of us running 5.2.x ? Are we advised to upgrade to 5.3.x immediately? Why did support for 5.2.x end so abruptly?

On Monday, September 30, 2019 at 5:29:43 AM UTC-4, Misagh Moayyed wrote:

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org.

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/6709ae84-6460-476d-8085-18f4f7306097%40apereo.org.

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/CA%2Bd9XAPnxhhezt4zs5Vf2VmxvZEuFTtAxjc%2BmSJu-g%3DW6ph%3DxA%40mail.gmail.com.
Reply | Threaded
Open this post in threaded view
|

Re: Release Announcement: CAS Security Patches

Riley Wills-2
I see your point now. You would expect a patch to 5.2.x to address this vulnerability if this version has not reached its EOL.

On Tuesday, October 1, 2019 at 9:02:15 AM UTC-5, David Curry wrote:
But Jim's original question remains: why was 5.2.x suddenly removed from the support list 6 days ago when it was originally not scheduled to hit EOL until November 27th?

If there's no way to fix it and an upgrade is required, then say that. But just removing it from the list of supported releases 60 days before its support is scheduled to end, with no notice and no explanation, is not helpful.


--

DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL  INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • <a href="javascript:" target="_blank" gdf-obfuscated-mailto="lZTkXSuRBwAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">david...@...



On Tue, Oct 1, 2019 at 9:55 AM Riley Wills <<a href="javascript:" target="_blank" gdf-obfuscated-mailto="lZTkXSuRBwAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">rjw...@...> wrote:
This thread doesn't appear to relate to the current vulnerability. A CVE does exist at <a href="https://www.cvedetails.com/cve/CVE-2019-10754/" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwww.cvedetails.com%2Fcve%2FCVE-2019-10754%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNG45Id5TyPDWbjeYWaHk0QckjILoA&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fwww.cvedetails.com%2Fcve%2FCVE-2019-10754%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNG45Id5TyPDWbjeYWaHk0QckjILoA&#39;;return true;">https://www.cvedetails.com/cve/CVE-2019-10754/ which might help answer some questions. Seems like the path forward for 5.2.x deployments is to upgrade to 5.3.12.1 or a newer version.

On Tuesday, October 1, 2019 at 8:49:37 AM UTC-5, Jim Mulvey wrote:
Hi David, based on this thread: <a href="https://groups.google.com/a/apereo.org/forum/#!topic/cas-appsec-public/zXqxDN9rB8A" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://groups.google.com/a/apereo.org/forum/#!topic/cas-appsec-public/zXqxDN9rB8A&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/a/apereo.org/forum/#!topic/cas-appsec-public/zXqxDN9rB8A&#39;;return true;">https://groups.google.com/a/apereo.org/forum/#!topic/cas-appsec-public/zXqxDN9rB8A
I believe the solution for those on the 5.2 branch is to upgrade to 5.2.7
Also, that thread suggests that if you're using an alternative MFA solution (we're using Duo) then we're unaffected.

I'm not the authority on this, but that's what I'm piecing together.
- Jim

On Tuesday, October 1, 2019 at 9:24:11 AM UTC-4, David Curry wrote:
Bump. We have the same questions that Jim asked...

--

DAVID A. CURRY, CISSP
DIRECTOR • INFORMATION SECURITY & PRIVACY
THE NEW SCHOOL  INFORMATION TECHNOLOGY

71 FIFTH AVE., 9TH FL., NEW YORK, NY 10003
+1 646 909-4728 • [hidden email]



On Mon, Sep 30, 2019 at 11:16 AM Jim Mulvey <[hidden email]> wrote:
Hello, I see that CAS 5.2.x was removed from the Maintenace Policy (and thus considered EOL) 5 days ago, although it was previously set to go EOL on November 27th, 2019.
What does this vulnerability mean to those of us running 5.2.x ? Are we advised to upgrade to 5.3.x immediately? Why did support for 5.2.x end so abruptly?

On Monday, September 30, 2019 at 5:29:43 AM UTC-4, Misagh Moayyed wrote:
Please see <a href="https://apereo.github.io/2019/09/27/numvulndisc/" style="font-family:Arial,Helvetica,sans-serif" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fapereo.github.io%2F2019%2F09%2F27%2Fnumvulndisc%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNH3bpPRb0_gl4EUmogLaWLct6dmyg&#39;;return true;" onclick="this.href=&#39;https://www.google.com/url?q\x3dhttps%3A%2F%2Fapereo.github.io%2F2019%2F09%2F27%2Fnumvulndisc%2F\x26sa\x3dD\x26sntz\x3d1\x26usg\x3dAFQjCNH3bpPRb0_gl4EUmogLaWLct6dmyg&#39;;return true;">https://apereo.github.io/2019/09/27/numvulndisc/ 
--
- Misagh

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit <a href="https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org?utm_medium=email&amp;utm_source=footer" rel="nofollow" target="_blank" onmousedown="this.href=&#39;https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;">https://groups.google.com/a/apereo.org/d/msgid/cas-dev/132ff915-c774-4eb6-a04c-a0cc1767b72d%40apereo.org.

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to <a href="javascript:" target="_blank" gdf-obfuscated-mailto="lZTkXSuRBwAJ" rel="nofollow" onmousedown="this.href=&#39;javascript:&#39;;return true;" onclick="this.href=&#39;javascript:&#39;;return true;">cas...@....
To view this discussion on the web visit <a href="https://groups.google.com/a/apereo.org/d/msgid/cas-dev/6709ae84-6460-476d-8085-18f4f7306097%40apereo.org?utm_medium=email&amp;utm_source=footer" target="_blank" rel="nofollow" onmousedown="this.href=&#39;https://groups.google.com/a/apereo.org/d/msgid/cas-dev/6709ae84-6460-476d-8085-18f4f7306097%40apereo.org?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;" onclick="this.href=&#39;https://groups.google.com/a/apereo.org/d/msgid/cas-dev/6709ae84-6460-476d-8085-18f4f7306097%40apereo.org?utm_medium\x3demail\x26utm_source\x3dfooter&#39;;return true;">https://groups.google.com/a/apereo.org/d/msgid/cas-dev/6709ae84-6460-476d-8085-18f4f7306097%40apereo.org.

--
You received this message because you are subscribed to the Google Groups "CAS Developer" group.
To unsubscribe from this group and stop receiving emails from it, send an email to [hidden email].
To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/7607f81f-bcf3-4564-83d5-9db932142f68%40apereo.org.