@mmoayyed mmoayyed released this Dec 20, 2014 · 13092 commits to master since this release

Assets 3


  • [CAS-1199] - log4j-over-slf4j.jar AND slf4j-log4j12.jar in CAS server webapp
  • [CAS-1231] - Set content type to plain text for /accessToken in OAuth server mode
  • [CAS-1244] - AuthenticationManagerImpl continues to try auth handlers after exception
  • [CAS-1253] - multiple versions of joda-time when including ldap support
  • [CAS-1259] - HealthCheckMonitor Needs Additional Error Checking


  • [CAS-1169] - excessive logging when tickets expire
  • [CAS-1181] - LDAP Authentication Failures Produce Excessively Verbose Log Output
  • [CAS-1201] - Ehcache-core dependency is missing from the pom
  • [CAS-1202] - Allow the maven build to report back missing language keys from other bundles
  • [CAS-1207] - Reslet Integration and cglib-all
  • [CAS-1208] - Support state parameter in OAuth server
  • [CAS-1220] - Set content type to JSON for profile in OAuth server mode
  • [CAS-1222] - Upgrade scribe-up to 1.2.0
  • [CAS-1248] - CentralAuthenticationServiceImpl ignore metadata attributes on registered service that ignore attributes

New Feature

  • [CAS-598] - Account Management System

Security Bug

  • [CAS-1209] - Default ClearPass Configuration Allows Circumventing Allowed Proxy Chains
  • [CAS-1251] - Possible Cross-Site Scripting on /login using execution parameter