File: NEWS

package info (click to toggle)

ocsinventory-server 2.8.1%2Bdfsg1-1%2Bdeb11u1

links: PTS, VCS
area: main
in suites: bullseye
size: 8,684 kB
sloc: php: 37,167; javascript: 28,347; perl: 8,234; sql: 2,725; sh: 1,636; xml: 1,071; python: 77; makefile: 29

file content (13 lines) | stat: -rw-r--r-- 589 bytes

ocsinventory-server (2.8.1+dfsg1-1+deb11u1) bullseye; urgency=medium

 If you are using CAS for authentification to ocsinventory-reports:

 To mitigate CVE-2022-39369, a vulnerablity in php-cas, the library used to
 implement the CAS protocol, had to introduce an API breaking change and now
 requires the baseURL of to-be-authenticated service to be configured.

 For ocsinventory-reports, is configured with the variable
 $cas_service_base_url in
 /usr/share/ocsinventory-reports/backend/require/cas.config.php

 -- Bastien Roucariès <rouca@debian.org>  Thu, 11 Jul 2024 18:31:20 +0000