===================================================================== CERT-Renater Note d'Information No. 2010/VULN091 _____________________________________________________________________ DATE : 25/03/2010 HARDWARE PLATFORM(S) : / OPERATING SYSTEM(S) : Systems running phpCAS. ====================================================================== http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog ______________________________________________________________________ phpCAS ChangeLog Changes in version 1.1.0 Security fixes * fix a XSS vulnerability on the error page [PHPCAS-52] (Joachim Fritschi) New features * added SAML support [PHPCAS-40] (Brian Long and Matthias Crauwels). * added custom validation Urls [PHPCAS-45] (Joachim Fritschi). Bug fixes * fixed invalid validation URLs [PHPCAS-39] (Alex Danieli). * removed old PHP4 references [PHPCAS-41] (Yann Richard). * fixed curl options [PHPCAS-38] (Andy Cowling). * fixed PGT DB storage parameter list [PHPCAS-47] (Paul Merchant, Jr.) * fixed parsing of STs [PHPCAS-44] (Joachim Fritschi) * fixed session initialisation [PHPCAS-50] (Joachim Fritschi) * fixed urls with than one query parameter [PHPCAS-42] (Caio Chassot, Joachim Fritschi) * fixed use PHP4 functions to parse saml11 attributes [PHPCAS-51] (Joachim Fritschi) Improvement * added accept IP addresses for allowed clients [PHPCAS-37] (Arunas Stockus) ====================================================================== ========================================================= Les serveurs de référence du CERT-Renater http://www.urec.fr/securite http://www.cru.fr/securite http://www.renater.fr ========================================================= + CERT-RENATER | tel : 01-53-94-20-44 + + 151 bd de l'Hopital | fax : 01-53-94-20-41 + + 75013 Paris | email: certsvp@renater.fr + =========================================================