Releases for CAS

Fixed #3576314: CasServerConfig::setConnectionTimeout(): Argument #1 ($timeout) must be of type int, null given which adds an update hook to add an old configuration value that may be missing on some sites.

Important changes since 3.0.0-beta1

New rules were introduced in Coder 8.3.27 requiring renaming of some enum cases:

New Features

• #3038279: Add option to respect Drupal's registration configuration when auto-registration is enabled
• #3374764: Lengthen the max allowed values for custom messages

Bug Fixes

Adds compatibility with phpCAS v1.6.0. Note that this version of phpCAS was released to address a security vulnerability. However, upgrading to it will not address the security concern on your Drupal site.

Fixes a compatibility issue with version 2.0.x of the External Auth module.

There's only minor change since 2.0.0-beta3 to fix a code styling issue: #3241523: Tests failing with coding standards

There's one change from the last beta release, #3207386: Drop dependency on drupal/cas_mock_server:dev-0.x, which changes the order of parameters for the CasUserManager::register function. If you have custom code that manually registers CAS users, you must update the parameter order.

Note that you must have at least version 1.2 of the External Auth module installed with this release. It was already a dependency of this module and the 1.2 release was released months ago.

Bug fixes:

The following issues were fixed as part of this minor release:
#3020014: Take blocked users into account
#2850958: Add some text on settings form that mentions the CAS attributes module.

Includes one minor bug fix and two new features required by the CAS Attributes module:

- Fixed issue where user login error messages were being shown as status messages instead of errors
- Added token support with just one token for retrieving the original CAS username of the logged in user
- Added a post login event that's dispatched after a user logs in to Drupal. The CAS Attributes module needed an event like this.

This release is identical to the 8.x-1.0-rc2 release. No bugs have been found since that release.

This release contains many bug fixes and a few features for both the main CAS module and the CAS Server sub-module.

This release contains the follow fixes/enhancements:

This release contains API breaking changes. A commit that was meant for beta1 was never committed (sorry). If you extend the CAS module please look at the changes made in #2830620: Use method calls to modify event boolean data instead of making the properties public.

Other than that issue, the other changes are minor and related to cleaning up the settings form a bit.

Fixes CAS - Moderately Critical - Information Disclosure - DRUPAL-SA-CONTRIB-2016-005

This release contains a security fix as well as various bug fixes and improvements. Below is a list of issues that are included in this release:

Development for Drupal 8

Fixes SA-CONTRIB-2014-035 - CAS Server - Access Bypass

CAS Server Module

Force no caching on validation pages.

A release candidate for 7.x-1.3. Please report any bugs in the issue tracker.

Changes since 7.x-1.2

• Issue #1827482: phpCAS::setPGTStorageFile() no longer accepts the $format parameter.
• Issue #1781192 by MarcElbichon, bfroehle: Fixed Single sign out breaks entity cache logout process.
• Issue #1788480 by bfroehle: Fix coder errors.
• Add missing @file block.
• Fix coder warnings from @see references.
• Use lowercase_and_underscore, not camelCase.
• Filter username in drupal_set_title.
• Add space between control statement and opening parenthesis.
• Issue #1698002 follow-up by vinmassaro: Added user roles to CAS accounts via Drush (patch attached).
• fixed syntax in cas_drush_user_get_users_from_arguments()
• Issue #1181310 follow-up by bircher | Fix preg_match call in API example.
• casLogin: Reset the internal cache and load the user from the database.
• Add $reset option to cas_user_load_by_name() to match user_load().
• #1653004 Mixed case logins on postgres cause error on login.
• Issue #1659916 by neilnz, bfroehle: CAS single-sign-out doesn't work with double-URL-encoded logoutRequest
• Add tests for urlencoded logoutRequest.
• CAS single-sign-out doesn't work with double-URL-encoded logoutRequest

Features & Bugfixes

#1461046: Drush integration
#1547368: drush cas-user-create does not populate LDAP token values into fields

If upgrading from 6.x-2.x, please read the release notes for CAS 6.x-3.0.

We are proud to announce the first release in the 6.x-3.0 branch. Please back up your database and read the release notes before upgrading. It is not possible to downgrade to 6.x-2.x after upgrading. This release is identical to 6.x-3.0-beta2.