Update CAS to 6.2
Closed, ResolvedPublic
Actions

Assigned To

Authored By

	MoritzMuehlenhoff
	Oct 19 2020, 6:48 AM

Description

We should upgrade CAS to the latest upstream branch (6.2, so 6.2.4).

This also fixes a security issue in gauth (CVE-2020-27178, https://apereo.github.io/2020/10/14/gauthvuln/), we doesn't affect us, since we don't use the affected functionality.

Details

Subject	Repo	Branch	Lines +/-
Point idp CNAME to idp2001	operations/dns	master	+1 -1
Disable apereo_cas_jobs in Prometheus scraping	operations/puppet	production	+1 -1
cas: gradle seems to have switch to using implmentation for dependencies	operations/software/cas-overlay-template	master	+17 -11
Bump to 6.2.4	operations/software/cas-overlay-template	master	+7 -1

Customize query in gerrit

Event Timeline

MoritzMuehlenhoff created this task.Oct 19 2020, 6:48 AM

Change 634907 had a related patch set uploaded (by Muehlenhoff; owner: Muehlenhoff):
[operations/software/cas-overlay-template@master] Bump to 6.2.4

https://gerrit.wikimedia.org/r/634907

gerritbot added a project: Patch-For-Review.Oct 19 2020, 7:25 AM

• Marostegui triaged this task as Medium priority.Oct 19 2020, 10:33 AM

Change 634907 merged by Muehlenhoff:
[operations/software/cas-overlay-template@master] Bump to 6.2.4

https://gerrit.wikimedia.org/r/634907

Maintenance_bot removed a project: Patch-For-Review.Oct 19 2020, 12:10 PM

Mentioned in SAL (#wikimedia-operations) [2020-10-26T13:48:55Z] <moritzm> imported cas 6.2.4-1 to apt.wikimedia.org T265857

Change 639098 had a related patch set uploaded (by Jbond; owner: John Bond):
[operations/software/cas-overlay-template@master] cas: gradle seems to have switch to using implmentation for dependencies

https://gerrit.wikimedia.org/r/639098

gerritbot added a project: Patch-For-Review.Nov 4 2020, 12:35 PM

Change 639098 merged by Jbond:
[operations/software/cas-overlay-template@master] cas: gradle seems to have switch to using implmentation for dependencies

https://gerrit.wikimedia.org/r/639098

Maintenance_bot removed a project: Patch-For-Review.Nov 4 2020, 3:47 PM

I was looking at prometheus jobs down alert today and idp shows up there, I'm assuming because the prometheus endpoint has been removed in Ia4b089af. Please remove the IDP prometheus job as well, thanks!

Change 640086 had a related patch set uploaded (by Muehlenhoff; owner: Muehlenhoff):
[operations/puppet@production] Disable apereo_cas_jobs in Prometheus scraping

https://gerrit.wikimedia.org/r/640086

gerritbot added a project: Patch-For-Review.Nov 9 2020, 9:53 AM

Change 640086 merged by Muehlenhoff:
[operations/puppet@production] Disable apereo_cas_jobs in Prometheus scraping

https://gerrit.wikimedia.org/r/640086

Maintenance_bot removed a project: Patch-For-Review.Nov 9 2020, 10:11 AM

Change 641416 had a related patch set uploaded (by Muehlenhoff; owner: Muehlenhoff):
[operations/dns@master] Point idp CNAME to idp2001

https://gerrit.wikimedia.org/r/641416

Change 641416 merged by Jbond:
[operations/dns@master] Point idp CNAME to idp2001

https://gerrit.wikimedia.org/r/641416

An overview of changes that landed in 6.2 can be found here:
https://apereo.github.io/2019/11/29/620rc1-release/
https://apereo.github.io/2019/12/27/620rc2-release/
https://apereo.github.io/2020/03/03/620rc3-release/
https://apereo.github.io/2020/04/17/620rc4-release/
https://apereo.github.io/2020/05/29/620rc5-release/