In which I share instructions on how to fix your uPortal security.properties to immediately block the CVE-2014-5059 vulnerability. Structure of this blog post This blog post provides: Why you should care How to determine if your uPortal deployment is affected How to compose a fix for your security.properties,

In which I share a Java Servlet Filter that blocks the CVE-2014-4172 illicit proxy vulnerability to which old Java CAS client libraries are prone, as an alternative to upgrading to the latest Java CAS Client 3.3. What problem is being solved here? On August 11th 2014, the CAS project