CAS OAuth/OpenID Connect Vulnerability Disclosure
Image
This is an Apereo CAS project vulnerability disclosure, describing an issue in CAS acting as an OAuth/OpenID Connect provider. If your CAS server is not acting as an OAuth/OpenID Connect provider, there is nothing for you to do here. Keep calm and carry on.
The problem addressed here affects the Apereo CAS server for the following versions:
-6.6.x
-7.0.x
See the full article on the Apereo CAS GitHub Blog.
Announcement
Project News