Fedora 25: php-pear-CAS Authentication Bypass Fix - Critical Update

This package is a PEAR library for using a Central Authentication Service.

Autoloader '%{pear_phpdir}/CAS/Autoload.php';

**Changes in version 1.3.5** * Security Fixes: * Fix possible

authentication bypass in validateCAS20 [#228] (Gregory Boddin) * Bug Fixes:

* Fix file permissions (non-executable) [#177] (Remi Collet) * Fixed

translations Greek and Japanese [#192] (ikari7789) * Fix errors under phpdbg

[#204] (MasonM) * Fix logout replication error [#213] (Gregory Boddin) *

Improvement: * Add more debug info to logout code [#95] (Joachim Fritschi)

* Allow longer ticket >32 chars for PGTStorage [#130] (Joachim Fritchi) *

Improved verification of supplied CA arguments [#172] (Joachim Fritschi) *

Change minimum supported php version to 5.4 in documentation (Joachim Fritschi)

* Add message to CAS_Authentication_Exception [#197] (Baldinof) * Ingnore

composer related files and directories [#201] (greg0ire) * Add setter for

cas client [#206] (greg0ire) * Add callback for attribute parsing [#205]

(Gregory Boddin) * Added setter for base url [#208] (LeopardDennis) *

Fix documentation of code documentation [#216] (erozqba) * Improved https

detection by HTTP_X_FORWARDED_Protocol [#220] (Gregory Boddin) * Add

language support for simplified chinese [#227] (phy25)

su -c 'dnf upgrade php-pear-CAS' at the command line.

For more information, refer to the dnf documentation available at

https://dnf.readthedocs.io/en/latest/command_ref.html

All packages are signed with the Fedora Project GPG key. More details on the

GPG keys used by the Fedora Project can be found at

package-announce mailing list -- package-announce@lists.fedoraproject.org

To unsubscribe send an email to package-announce-leave@lists.fedoraproject.org