v3.5.2

Bug

• [CAS-1199] - log4j-over-slf4j.jar AND slf4j-log4j12.jar in CAS server webapp
• [CAS-1231] - Set content type to plain text for /accessToken in OAuth server mode
• [CAS-1244] - AuthenticationManagerImpl continues to try auth handlers after exception
• [CAS-1253] - multiple versions of joda-time when including ldap support
• [CAS-1259] - HealthCheckMonitor Needs Additional Error Checking

Improvement

• [CAS-1169] - excessive logging when tickets expire
• [CAS-1181] - LDAP Authentication Failures Produce Excessively Verbose Log Output
• [CAS-1201] - Ehcache-core dependency is missing from the pom
• [CAS-1202] - Allow the maven build to report back missing language keys from other bundles
• [CAS-1207] - Reslet Integration and cglib-all
• [CAS-1208] - Support state parameter in OAuth server
• [CAS-1220] - Set content type to JSON for profile in OAuth server mode
• [CAS-1222] - Upgrade scribe-up to 1.2.0
• [CAS-1248] - CentralAuthenticationServiceImpl ignore metadata attributes on registered service that ignore attributes

New Feature

• [CAS-598] - Account Management System

Security Bug

• [CAS-1209] - Default ClearPass Configuration Allows Circumventing Allowed Proxy Chains
• [CAS-1251] - Possible Cross-Site Scripting on /login using execution parameter