RC5 Release Notes

We strongly recommend that you take advantage of the release candidates as they come out. Waiting for a GA release is only going to set you up for unpleasant surprises. A GA is a tag and nothing more. Note that CAS releases are strictly time-based releases; they are not scheduled or based on specific benchmarks, statistics or completion of features. To gain confidence in a particular release, it is strongly recommended that you start early by experimenting with release candidates and/or follow-up snapshots.

Apereo Membership

If you benefit from Apereo CAS as free and open-source software, we invite you to join the Apereo Foundation and financially support the project at a capacity that best suits your deployment. Note that all development activity is performed almost exclusively on a voluntary basis with no expectations, commitments or strings attached. Having the financial means to better sustain engineering activities will allow the developer community to allocate dedicated and committed time for long-term support, maintenance and release planning, especially when it comes to addressing critical and security issues in a timely manner. Funding will ensure support for the software you rely on and you gain an advantage and say in the way Apereo, and the CAS project at that, runs and operates. If you consider your CAS deployment to be a critical part of the identity and access management ecosystem, this is a viable option to consider.

Get Involved



In the gradle.properties of the CAS WAR Overlay, adjust the following setting:

System Requirements
There are no changes to the minimum system/platform requirements for this release.

New & Noteworthy

The following items are new improvements and enhancements presented in this release.

Puppeteer Tests

Documentation is now available to highlight test processes used by the CAS project and developers/contributors. The newest addition is the availability of functional/browser testing mechanisms that are backed by the Puppeteer framework. The test scenarios that are designed are executed by the CAS continuous integration system and will be improved over time to account for advanced use cases such as ensuring protocol compatibility and other variations of the authentication webflow.

Apple Signin

Delegated authentication can now hand off authentication requests to sign in with Apple.

WebAuthN for Primary Authentication

WebAuthn FIDO2 multifactor authentication can now, optionally, act as a standalone factor for primary authentication, for user accounts and devices that have an existing registration record with CAS.


Duo Security Universal Prompt

Support for Duo Security’s Universal Prompt for multifactor authentication is now available.

QR Code Authentication

QR Code authentication is a strategy that allows the user to scan a QR code, generated by the CAS server, using a mobile device and subsequently login after having successfully validated it.


WebAuthN LDAP Repository

WebAuthn FIDO2 multifactor authentication can now, manage and track device registration records inside LDAP directories.

Test Coverage

CAS test coverage across all modules in the codebase has now reached 90% and continues to climb. Additional validation rules are also applied to fail all pull requests that fall below this threshold.

Other Stuff

  • Attribute resolution has gained a new option to force all attribute repositories to produce data and short-circuit the resolution logic if any repository fails to resolve the person details.
  • Maven repositories managed by the Spring project are removed from the CAS gradle build.
  • Improvements to password management flows to handle invalid tokens more gracefully, and allow password reset with or without single sign-on sessions.
  • Releasing attributes with a space in the attribute name, due to misconfiguration, will force CAS to replace the space with _ upon release.
  • Loading Kerberos and JAAS configuration files for SPNEGO authentication is changed to use Spring resources for syntax. You may need to ensure paths in the CAS configuration start with the file: prefix.
  • Attribute resolution for LDAP has been improved to support fetching and mapping attributes with tags/options.
  • All external links found in the CAS documentation are corrected to point to valid resources. Validation processes are also adjusted to prevent bad links.

Library Upgrades

  • JRadius
  • Hazelcast
  • MySQL Driver
  • MongoDb Driver
  • HSQL Driver
  • MariaDb Driver
  • Groovy
  • Caffeine
  • Pac4j
  • Apache Tomcat
  • Spring Boot
  • Hibernate
  • Infinispan
  • Thymeleaf Dialect
  • Micrometer