This code bundles a copy of ucam_webauth.php 0.51 which suffers from a recently discovered security vulnerability Further details here:

https://wiki.cam.ac.uk/raven/March_2015_security_vulnerability

To fix this it may be sufficient to replace the supplied copy of .../app/lib/ucam_webauth.php with version 0.52 (or later) of this code from:

https://git.csx.cam.ac.uk/x/ucs/raven/php.git

Jon Warbrick, Raven Support, University of Cambridge. raven-support@ucs.cam.ac.uk

Hi Jon,

Yes, I saw your email to the raven list; our version of ucam_webauth.php has a few changes to fix some issues with different PHP releases, but I'll be merging the new file as soon as I'm back in front of a computer on Monday.

Cheers,
Conor

On 13 Mar 2015, at 15:43, Jon Warbrick notifications@github.com wrote:

This code bundles a copy of ucam_webauth.php 0.51 which suffers from a recently discovered security vulnerability Further details here:

https://wiki.cam.ac.uk/raven/March_2015_security_vulnerability

To fix this it may be sufficient to replace the supplied copy of .../app/lib/ucam_webauth.php with version 0.52 (or later) of this code from:

https://git.csx.cam.ac.uk/x/ucs/raven/php.git

Jon Warbrick, Raven Support, University of Cambridge. raven-support@ucs.cam.ac.uk

—
Reply to this email directly or view it on GitHub.

Great - thanks.

Whan it's done, feel free to email an nnounceemnt to cs-raven-announce@lists.cam.ac.uk - the message will need approval beforev it goes out, but I'd be happy to do that. Or I can pass on an announcement.

Updated to incorporate changes, and I've sent an email to the announce list.