7.2.0-RC4 Release Notes

We strongly recommend that you take advantage of the release candidates as they come out. Waiting for a GA release is only going to set you up for unpleasant surprises. A GA is a tag and nothing more. Note that CAS releases are strictly time-based releases; they are not scheduled or based on specific benchmarks, statistics or completion of features. To gain confidence in a particular release, it is strongly recommended that you start early by experimenting with release candidates and/or follow-up snapshots.

Apereo Membership

If you benefit from Apereo CAS as free and open-source software, we invite you to join the Apereo Foundation and financially support the project at a capacity that best suits your deployment. Note that all development activity is performed almost exclusively on a voluntary basis with no expectations, commitments or strings attached. Having the financial means to better sustain engineering activities will allow the developer community to allocate dedicated and committed time for long-term support, maintenance and release planning, especially when it comes to addressing critical and security issues in a timely manner.

Get Involved

• Start your CAS deployment today. Try out features and share feedback.
• Better yet, contribute patches.
• Suggest and apply documentation improvements.

Resources

• Release Schedule
• Release Policy

System Requirements

The JDK baseline requirement for this CAS release is and MUST be JDK 21. All compatible distributions such as Amazon Corretto, Zulu, Eclipse Temurin, etc should work and are implicitly supported.

New & Noteworthy

The following items are new improvements and enhancements presented in this release.

OpenRewrite Recipes

CAS continues to produce and publish OpenRewrite recipes that allow the project to upgrade installations in place from one version to the next. See this guide to learn more.

Graal VM Native Images

A CAS server installation and deployment process can be tuned to build and run as a Graal VM native image. We continue to polish native runtime hints. The collection of end-to-end browser tests based on Puppeteer have selectively switched to build and verify Graal VM native images and we plan to extend the coverage to all such scenarios in the coming releases.

Testing Strategy

The collection of end-to-end browser tests based on Puppeteer continue to grow to cover more use cases and scenarios. At the moment, the total number of jobs stands at approximately 508 distinct scenarios. The overall test coverage of the CAS codebase is approximately 94%.

WebAuthN via QR Codes

CAS can be configured to support FIDO2 WebAuthn authentication using QR codes. Once enabled, this feature allows users to authenticate using a secondary FIDO2-enabled secondary device by scanning a QR code presented by CAS.

Passwordless Authentication Selection

Passwordless Authentication at the direction of the account store can now be instructed to allow the user to select from a menu of available authentication options.

Mailgun Integration

Support for Mailgun is now available for sending email messages.

SAML2 Metadata via DynamoDb

SAML2 metadata for service providers and CAS as the identity provider can now be stored and fetched from Amazon DynamoDb.

Google Cloud Storage Service Registry

CAS can now store service and application definitions in Google Cloud Storage.

Database Authentication via Stored Procedures

CAS can now authenticate users by invoking stored procedures in SQL databases.

Other Stuff

• OAuth Refresh Tokens can optionally be generated as JWTs.
• Email notifications now test the connection to the email server before sending the actual message.

Library Upgrades

• Spring Boot
• Spring
• Apache Tomcat
• Java Melody
• Logback
• Spring Integration
• Apache CXF
• Spring Retry
• Zipkin Brave
• Spring Shell
• Micrometer
• Thymeleaf
• Amazon SDK
• Jetty
• Gradle
• Spring Data
• Apache Log4j
• Apache CXF
• Hibernate
• Sentry
• Spring Session
• GCP Logging