CAS 3.2.1.1 Release and CAS 3.3-RC2 Release

[Scott Battaglia]

All,

First, the most important, we've released a minor point release of version
3.2.1.1 which addresses an opportunity to inject HTML into the logout page
via the url parameter.  You can't hijack CAS sessions or anything with but
you can create some really funky HTML pages which could trick your users if
they're not paying attention.  If you've based your logout page at your
local institution off of the "example default" pages then you should update
your logout page (just to be safe we also updated the "confirm view" also.
Thanks to Romain Bourgue for identifying this.  There are no other changes
in the 3.2.1.1 release.

We've also released CAS 3.3-RC2.  If you've been keeping track we last left
off at 3.2.2-RC1.  We've made some exciting additions such as Terracotta
support, Memcache Support, updated RESTful support, and a lot of minor bug
fixes.  Because of a change to an internal property on the tickets (changing
from Atomic Boolean to boolean) and its affect on the JPATicketRegistry we
bumped up the version to 3.3.

You can download both releases from
http://www.ja-sig.org/products/cas/downloads/

Thanks!
-Scott

-Scott Battaglia
PGP Public Key Id: 0x383733AA
LinkedIn: http://www.linkedin.com/in/scottbattaglia
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://tp.its.yale.edu/pipermail/cas/attachments/20080715/c3c341a3/attachment.html