v3.5.3

• #411 CAS-1429 Escape inputs into LDAP filter expressions. (@serac)
• #768 Fix for #763: fetch ticket and do proxy check before callback. (@serac)
• #408 CAS-1431: Build is broken because of the last Twitter change to SSL (@leleuj)
• #319 CAS-1355: Set allowedToProxy to false by default (SEC_3) (@leleuj)
• #321 CAS-1166/1168 (3.5.x) login form is not shown on error of Spnego/login form is not shown on error of Spnego (@Unicon)
• #325 CAS-1347: Missing language keys prevents access should not cause a crash (@leleuj)
• 21a0f23 CAS-1352: Usename attribute should not be required in the list of allowed attributes (@mmoayyed)
• d0adc14 Update Ehcache version to 2.7.2. Adjusted gitignore to exlucde bin/ directory. (@mmoayyed)
• #300 CAS-1343 Fix LDAP resource leak in ContextSourceMonitor (@serac)
• #294 Don't hard-code the name of a Logger to be the name of a particular subclass (@laszlovandenhoek)
• #201 CAS-1261 Align HTML views with previously existing views. (@fjollberg)

v4.0.1

• f18dabf update NOTICEs (@leleuj)
• fa9f0f0 Issue-782: Update the security filter to version 2.0.0 (@leleuj)
• 09b3340 Issue #670: Client authentication from pac4j should always return 'typed' identifier (@leleuj)
• d608dd9 updated script to generate docs for 4.0.0 (@mmoayyed)
• 4f26b84 #612 for 4.0.x: Attributes other than String and element iterable in foreach are not supported (@leleuj)

v4.0.0

Release Notes - CAS Server - Version 4.0

Sub-task

• [CAS-1006] - Update CAS theme documentation
• [CAS-1008] - Update Services Management UI
• [CAS-1173] - LPPE: Incorrect handling of "password never expires" active directory flag
• [CAS-1198] - LPPE: pwdReset attribute not preventing login/directing user to change password
• [CAS-1214] - Disallow falling back to system locale when resolving message bundles

Bug

• [CAS-890] - Logon with Invalid TGT and no service= goes to Success page
• [CAS-1096] - NPE in DefaultTicketRegistryCleaner due to Null-Objects in Ticket-Collection
• [CAS-1168] - After fix in CAS-1065, login form is not shown on error of Spnego
• [CAS-1175] - Username field currently has attribute "autocomplete=false"
• [CAS-1192] - Typo in X509CertificateCredentialsToSubjectPrinciplalResolver class name
• [CAS-1195] - LPPE: account expired is very different from password expired
• [CAS-1197] - LPPE breaking on the (ldap) domaint that don't have password policy
• [CAS-1199] - log4j-over-slf4j.jar AND slf4j-log4j12.jar in CAS server webapp
• [CAS-1213] - Disallow falling back to system locale when resolving message bundles
• [CAS-1231] - Set content type to plain text for /accessToken in OAuth server mode
• [CAS-1233] - cas.properties breaks clearpass config
• [CAS-1234] - language resources in messages_fr.properties are invalid in download link but ok in git
• [CAS-1241] - Changing Service URL from Ant-style Pattern to Regular Expression does not update db entry to correct discriminator value
• [CAS-1253] - multiple versions of joda-time when including ldap support
• [CAS-1259] - HealthCheckMonitor Needs Additional Error Checking
• [CAS-1261] - Align HTML views with previously existing views.
• [CAS-1275] - Upgrade to Spring 3.2.2
• [CAS-1277] - Javascript error
• [CAS-1278] - fluid reordering javascript throws js exception on add/edit service page
• [CAS-1279] - 2 copies of jquery are loaded in the services manager
• [CAS-1280] - Services management webapp doesn't work in French
• [CAS-1293] - X509 module Unit Tests try to load SimpleTestUsernamePasswordAuthenticationHandler from main classpath
• [CAS-1303] - Redirection from the password warning page should not consume the service parameter
• [CAS-1310] - Complex attributes are not properly returned by the OAuth /profile url
• [CAS-1311] - Add missing headers in protocol HTML specs
• [CAS-1315] - wrong response content-type for /serviceValidate
• [CAS-1318] - CAS Login Does not Overwrite expired/invalid Ticket Granting Cookie
• [CAS-1320] - CAS server webapp fails to instantiate a EAPTTLSAuthenticator for each authentication request
• [CAS-1333] - always throw FailedLoginException in cas-server-support-ldap
• [CAS-1339] - Cannot build "CAS ClearPass Extension"
• [CAS-1344] - restlet depends on org.springframework:spring-asm:jar:3.0.1.RELEASE
• [CAS-1347] - Missing language keys prevents access; app should not cause a crash
• [CAS-1348] - Proxy chain missing on proxy validate
• [CAS-1352] - Usename attribute should not be required in the list of allowed attributes
• [CAS-1371] - top.jsp session=true
• [CAS-1380] - Module "cas-server-webapp-support" pulls in stale Spring dependencies that crash CAS
• [CAS-1382] - D&D functionality of mgmt app is broken; Javascript version conflicts
• [CAS-1383] - multiple versions of libraries in classpath
• [CAS-1384] - AccountNotFoundException error bubbling up on the login form
• [CAS-1385] - LPPE fails with lppe.dateAttribute = null
• [CAS-1386] - Fix IV handling for ClearPass in clustered environments
• [CAS-1393] - Memcached serialization fails when creating a proxy ticket
• [CAS-1394] - pgtInit returns null pgtIou due to pgtUrl readTimeout (less t...

v4.0.0-RC4

[maven-release-plugin]  copy for tag v4.0.0-RC4

v4.0.0-RC3

[maven-release-plugin]  copy for tag v4.0.0-RC3

v4.0.0-RC2

[maven-release-plugin]  copy for tag v4.0.0-RC2

v4.0.0-RC1

[maven-release-plugin]  copy for tag v4.0.0-RC1

v3.5.2

Bug

• [CAS-1199] - log4j-over-slf4j.jar AND slf4j-log4j12.jar in CAS server webapp
• [CAS-1231] - Set content type to plain text for /accessToken in OAuth server mode
• [CAS-1244] - AuthenticationManagerImpl continues to try auth handlers after exception
• [CAS-1253] - multiple versions of joda-time when including ldap support
• [CAS-1259] - HealthCheckMonitor Needs Additional Error Checking

Improvement

• [CAS-1169] - excessive logging when tickets expire
• [CAS-1181] - LDAP Authentication Failures Produce Excessively Verbose Log Output
• [CAS-1201] - Ehcache-core dependency is missing from the pom
• [CAS-1202] - Allow the maven build to report back missing language keys from other bundles
• [CAS-1207] - Reslet Integration and cglib-all
• [CAS-1208] - Support state parameter in OAuth server
• [CAS-1220] - Set content type to JSON for profile in OAuth server mode
• [CAS-1222] - Upgrade scribe-up to 1.2.0
• [CAS-1248] - CentralAuthenticationServiceImpl ignore metadata attributes on registered service that ignore attributes

New Feature

• [CAS-598] - Account Management System

Security Bug

• [CAS-1209] - Default ClearPass Configuration Allows Circumventing Allowed Proxy Chains
• [CAS-1251] - Possible Cross-Site Scripting on /login using execution parameter

v3.5.2-CAS-1181

Update version number in cas-server-documentation module.

v3.5.1

Bug

• [CAS-1059] - Svenskt should be Svenska on casLoginView.jsp
• [CAS-1060] - Portuguese not is the list of languages in casLoginView.jsp
• [CAS-1087] - requesting a proxy ticket for an unauthorized service generates an uncaught exception
• [CAS-1126] - LPPE: missing password policy messages from messages_en.properties (and other languages)
• [CAS-1142] - Submitting blank login form results in 'CAS is unavailable'
• [CAS-1144] - Multiple AuditResourceResolvers share the same key
• [CAS-1151] - ibernate cannot serialize org.scribe.up.profile.facebook.FacebookObject, ticket persistence on database fails
• [CAS-1156] - Clearpass is incompatiable with EhCache Ticket Registry
• [CAS-1160] - Providers' authorization urls are lost during login webflow
• [CAS-1162] - Service Registry UI: Add DnD support allowing automatic updates to the service evaluation order
• [CAS-1163] - Classcast error in OAuth20AccessTokenController
• [CAS-1174] - The cache manager of ClearPass conflicts with EhCache Ticket Registry
• [CAS-1177] - SPNEGO 401 Header Status sent along with CAS Login Page
• [CAS-1191] - Minor Typo in SamlMetaDataPopulator

Improvement

• [CAS-951] - Upgrade to OpenSAML 2.x for SAML Support
• [CAS-989] - Include tx namespace / schema by default in deployerConfigContext.xml
• [CAS-1061] - Improve CAS skinning
• [CAS-1138] - There are some dependencies on slf4j 1.5.8 API which is incompatible with newer versions
• [CAS-1140] - Develop Monitors for Vital System Components
• [CAS-1141] - Improve OAuth module
• [CAS-1143] - Externalize the followServiceRedirects property, default to false
• [CAS-1147] - Refactor service authorization check to the beginning of the login flow
• [CAS-1150] - Update to the latest jasig-parent pom (34)
• [CAS-1153] - Optimization : delete web sessions on redirect
• [CAS-1155] - Update the build to require JDK 1.6
• [CAS-1157] - Polish (Poland) translation
• [CAS-1159] - Service Registry UI: sort services by evaluation order, instead of name
• [CAS-1161] - OAuth : Request attributes lost going through oauth authentication
• [CAS-1172] - Expose Option on HttpClient to Ignore Redirects
• [CAS-1176] - Externalize the configuration of quartz scheduler that reloads services.
• [CAS-1180] - Add support for logging when CAS tries to determine the principal Id for a given service.
• [CAS-1184] - Generate source / javadoc for snapshot artefacts
• [CAS-1185] - Add Support for Moving Service Manager to Alternate URI Base

New Feature

• [CAS-999] - per-service selection of user attribute as username

Security Bug

• [CAS-1190] - Follow Redirects from LogoutController Should Honor Registered Services

Task

• [CAS-1154] - Update missing maven plugin versions in the pom
• [CAS-1158] - Update project POMs to note the organization as "Jasig"
• [CAS-1178] - Upgrade the person directory dependency to v.1.5.1