[mitreid-connect] Critical Security Release: 1.1.19

Justin Richer jricher at MIT.EDU
Thu Oct 22 11:40:28 EDT 2015


Version 1.1.19 has just been released to Maven Central. This release fixes a critical security vulnerability that can allow remote execution of system commands on the server through a well crafted URI parameter to the authorization endpoint. Details on the exploit can be found in CVE-2015-7864.

This release also includes a fix to SNI support. 

The 1.2 series of releases is not affected by this exploit. (In fact, 1.1 was fixed by backporting some changes from 1.2). 


Immediate upgrade is strongly encouraged.


 — Justin
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mailman.mit.edu/pipermail/mitreid-connect/attachments/20151022/cea26b3d/attachment.html


More information about the mitreid-connect mailing list