<!DOCTYPE html> <html data-bs-theme="dark"> <head> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= 'https://www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-MZG9L7');</script> <meta charset="utf-8"> <meta http-equiv="X-UA-Compatible" content="IE=edge"> <title>Apereo Community Blog</title> <link rel="dns-prefetch" href="//maxcdn.bootstrapcdn.com"> <link rel="dns-prefetch" href="//cdnjs.cloudflare.com"> <meta name="viewport" content="width=device-width, initial-scale=1"> <meta name="description" content="This is a blog managed and edited by the Apereo project participants. It is typically used to post project updates, announce news, etc."> <meta name="robots" content="all"> <meta name="author" content="Apereo Project Participants"> <link rel="canonical" href="https://apereo.github.io/"> <link rel="alternate" type="application/rss+xml" title="RSS Feed for Apereo Community Blog" href="/feed.xml" /> <link rel="stylesheet" href="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/css/bootstrap.min.css"> <script src="https://ajax.googleapis.com/ajax/libs/jquery/1.12.4/jquery.min.js"></script> <script src="https://cdnjs.cloudflare.com/ajax/libs/tether/2.0.0/js/tether.min.js"></script> <script src="https://cdn.jsdelivr.net/npm/bootstrap@5.2.3/dist/js/bootstrap.min.js"></script> <!-- Custom CSS --> <link rel="stylesheet" href="/css/pixyll.css?202412031133" type="text/css"> <!-- Fonts --> <link href='//fonts.googleapis.com/css?family=Merriweather:900,900italic,300,300italic&subset=latin-ext,latin' rel='stylesheet' type='text/css'> <link href='//fonts.googleapis.com/css?family=Lato:900,300&subset=latin-ext,latin' rel='stylesheet' type='text/css'> <link href="//maxcdn.bootstrapcdn.com/font-awesome/latest/css/font-awesome.min.css" rel="stylesheet"> <!-- MathJax --> <script type="text/javascript" src="//cdnjs.cloudflare.com/ajax/libs/mathjax/3.2.2/MathJax.js??config=TeX-AMS-MML_HTMLorMML"> </script> <!-- Verifications --> <!-- Open Graph --> <!-- From: https://github.com/mmistakes/hpstr-jekyll-theme/blob/master/_includes/head.html --> <meta property="og:locale" content="en_US"> <meta property="og:type" content="article"> <meta property="og:title" content="Apereo Community Blog"> <meta property="og:description" content="This is a blog managed and edited by the Apereo project participants. It is typically used to post project updates, announce news, etc."> <meta property="og:url" content="https://apereo.github.io/"> <meta property="og:site_name" content="Apereo Community Blog"> <meta property="og:image" content="https://apereo.github.io/images/me.jpeg"> <!-- Twitter Card --> <meta name="twitter:card" content="summary" /> <meta name="twitter:site" content="@Apereo" /> <meta name="twitter:creator" content="@Apereo" /> <meta name="twitter:title" content="Apereo Community Blog" /> <meta name="twitter:description" content="This is a blog managed and edited by the Apereo project participants. It is typically used to post project updates, announce news, etc." /> <meta name="twitter:url" content="https://apereo.github.io/" /> <meta name="twitter:image" content="https://apereo.github.io/images/me.jpeg" /> <!-- Icons --> <link rel="apple-touch-icon" sizes="57x57" href="/apple-touch-icon-57x57.png"> <link rel="apple-touch-icon" sizes="114x114" href="/apple-touch-icon-114x114.png"> <link rel="apple-touch-icon" sizes="72x72" href="/apple-touch-icon-72x72.png"> <link rel="apple-touch-icon" sizes="144x144" href="/apple-touch-icon-144x144.png"> <link rel="apple-touch-icon" sizes="60x60" href="/apple-touch-icon-60x60.png"> <link rel="apple-touch-icon" sizes="120x120" href="/apple-touch-icon-120x120.png"> <link rel="apple-touch-icon" sizes="76x76" href="/apple-touch-icon-76x76.png"> <link rel="apple-touch-icon" sizes="152x152" href="/apple-touch-icon-152x152.png"> <link rel="apple-touch-icon" sizes="180x180" href="/apple-touch-icon-180x180.png"> <link rel="icon" type="image/png" href="/favicon-192x192.png" sizes="192x192"> <link rel="icon" type="image/png" href="/favicon-160x160.png" sizes="160x160"> <link rel="icon" type="image/png" href="/favicon-96x96.png" sizes="96x96"> <link rel="icon" type="image/png" href="/favicon-16x16.png" sizes="16x16"> <link rel="icon" type="image/png" href="/favicon-32x32.png" sizes="32x32"> <script type="text/javascript"> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ga('create', 'UA-83384532-1', 'auto'); ga('send', 'pageview'); </script> </head> <body class="site animated fade-in-down"> <noscript><iframe src="//www.googletagmanager.com/ns.html?id=GTM-MZG9L7" height="0" width="0" style="display:none;visibility:hidden"></iframe></noscript> <script>(function(w,d,s,l,i){w[l]=w[l]||[];w[l].push({'gtm.start': new Date().getTime(),event:'gtm.js'});var f=d.getElementsByTagName(s)[0], j=d.createElement(s),dl=l!='dataLayer'?'&l='+l:'';j.async=true;j.src= '//www.googletagmanager.com/gtm.js?id='+i+dl;f.parentNode.insertBefore(j,f); })(window,document,'script','dataLayer','GTM-MZG9L7');</script> <div class="site-wrap"> <header class="site-header px2 px-responsive"> <div class="mt2 wrap"> <div class="measure"> <a href="https://apereo.github.io" class="site-title">Apereo Community Blog</a> <nav class="site-nav"> <a href="/about/">About</a> <a href="/contact/">Say Hello</a> <a href="/tags/">All Posts</a> <a href="/search/">Search</a> </nav> <div class="clearfix"></div> <div class="social-icons"> <div class="social-icons-right"> <a class="fa fa-github" href="https://github.com/apereo"></a> <a class="fa fa-rss" href="/feed.xml"></a> <a class="fa fa-twitter" href="https://twitter.com/Apereo"></a> </div> <div class="right"> </div> </div> <div class="clearfix"></div> </div> </div> </header> <div class="post p2 p-responsive wrap" role="main"> <div class="measure"> <div class="home"> <div class="posts"> <div class="post py3"> <p class="post-meta">Wednesday, Jun 26, 2024</p> <a href="/2024/06/26/oidc-vuln/" class="post-link"><h3 class="h1 post-title">CAS OAuth/OpenID Connect Vulnerability Disclosure</h3></a> <span class="post-summary"> Disclosure of a security issue with the Apereo CAS software acting as an OAuth/OpenID Connect provider. </span> </div> <div class="post py3"> <p class="post-meta">Saturday, May 18, 2024</p> <a href="/2024/05/18/oauth-vuln/" class="post-link"><h3 class="h1 post-title">CAS OAuth/OpenID Connect Vulnerability Disclosure</h3></a> <span class="post-summary"> Disclosure of a security issue with the Apereo CAS software acting as an OAuth/OpenID Connect provider. </span> </div> <div class="post py3"> <p class="post-meta">Saturday, Mar 9, 2024</p> <a href="/2024/03/09/develocity/" class="post-link"><h3 class="h1 post-title">Apereo CAS is now on Develocity</h3></a> <span class="post-summary"> An overview of how Apereo CAS is using Gradle and Develocity to improve its build and test execution cycle. </span> </div> <div class="post py3"> <p class="post-meta">Thursday, Sep 14, 2023</p> <a href="/2023/09/14/oauth-vuln/" class="post-link"><h3 class="h1 post-title">CAS OAuth/OpenID Connect Vulnerability Disclosure</h3></a> <span class="post-summary"> Disclosure of a security issue with the Apereo CAS software acting as an OAuth/OpenID Connect provider. </span> </div> <div class="post py3"> <p class="post-meta">Wednesday, Aug 30, 2023</p> <a href="/2023/08/30/groovy-vuln/" class="post-link"><h3 class="h1 post-title">CAS Groovy Vulnerability Disclosure</h3></a> <span class="post-summary"> Disclosure of a security issue with the Apereo CAS software when using Groovy. </span> </div> <div class="post py3"> <p class="post-meta">Friday, Jul 21, 2023</p> <a href="/2023/07/21/oidc-vuln/" class="post-link"><h3 class="h1 post-title">CAS OpenID Connect Vulnerability Disclosure</h3></a> <span class="post-summary"> Disclosure of a security issue with the Apereo CAS software acting as an OpenID Connect Provider. </span> </div> <div class="post py3"> <p class="post-meta">Monday, Feb 20, 2023</p> <a href="/2023/02/20/x509-vuln/" class="post-link"><h3 class="h1 post-title">CAS X.509 Vulnerability Disclosure</h3></a> <span class="post-summary"> Disclosure of a security issue with the CAS software and its X.509 features. </span> </div> <div class="post py3"> <p class="post-meta">Wednesday, Aug 3, 2022</p> <a href="/2022/08/03/oidc-vuln/" class="post-link"><h3 class="h1 post-title">CAS OpenID Connect Vulnerability Disclosure</h3></a> <span class="post-summary"> Disclosure of a security issue with the CAS software acting as an OpenID Connect Provider. </span> </div> </div> <div class="pagination clearfix mb1 mt4"> <div class="left"> <span class="pagination-item disabled">Newer</span> </div> <div class="right"> <a class="pagination-item" href="/page2">Older</a> </div> <div class="pagination-meta">Page 1 of 26</div> </div> </div> </div> </div> </div> <footer class="center"> <div class="measure"> <small> Theme crafted with &lt;3 by <a href="http://johnotander.com">John Otander</a> (<a href="https://twitter.com/4lpine">@4lpine</a>).<br> &lt;/&gt; available on <a href="https://github.com/johnotander/pixyll">Github</a>. </small> </div> </footer> <!-- AnchorJS --> <script src="https://cdnjs.cloudflare.com/ajax/libs/anchor-js/5.0.0/anchor.min.js"></script> <script> anchors.options.visible = 'always'; anchors.add('article h1, article h2, article h3, article h4, article h5, article h6'); </script> </body> </html>