[mitreid-connect] New Security Releases

Justin Richer jricher at MIT.EDU
Sun Nov 23 02:13:31 EST 2014


Versions 1.1.12 and 1.0.20 have been released and are being uploaded to Maven Central. These two releases close a long-standing bug in the processing of refresh tokens that could allow stolen refresh tokens to be used by different clients. Immediate upgrade is recommended.

1.1.12 also has several UI enhancements that have been back ported from the 1.2 development branch. 

— Justin
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 455 bytes
Desc: Message signed with OpenPGP using GPGMail
Url : http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20141123/4d17be68/attachment.bin


More information about the mitreid-connect mailing list