Closed fhlarif closed 1 year ago
When will this be fixed? roave/security-advisories
has tagged apereo/phpcas
<1.6 as vulnerable.
https://github.com/Roave/SecurityAdvisories/blob/latest/composer.json#L32
@fhlarif - Thank you for the detailed report.
I'll have to look at the diffs on phpCAS 1.6 vs 1.5 to see what may have caused the breaking change. Can you attach your sanitized config.php content here or relevant .env file content? That may help with debugging.
@dstepe I can patch this as soon as I know why it broke and whether the patch will remain backwards compatible. Otherwise this will be a new release / minor tag.
If you have a testing resource for CAS auth that doesn't require certificates, that will help a ton with automating CI and eventual CD.
Blank Page when using the latest phpCAS 1.6.0
Environment
"php": "^8.0.2|^8.1"
"laravel/framework": "^9.37"
"subfission/cas": "^4.2"
"apereo/phpcas": "1.6.0"
Steps to reproduce
Expected behaviour
Actual behaviour
Received blank page instead. Using verbose debugging received such error:
Current Workaround