ocsinventory-server (2.8.1+dfsg1-1+deb11u1) bullseye; urgency=medium

 If you are using CAS for authentification to ocsinventory-reports:

 To mitigate CVE-2022-39369, a vulnerablity in php-cas, the library used to
 implement the CAS protocol, had to introduce an API breaking change and now
 requires the baseURL of to-be-authenticated service to be configured.

 For ocsinventory-reports, is configured with the variable
 $cas_service_base_url in
 /usr/share/ocsinventory-reports/backend/require/cas.config.php

 -- Bastien Roucariès <rouca@debian.org>  Thu, 11 Jul 2024 18:31:20 +0000