phpCAS 1.6 was released recently to address a security concern. In previous versions, the library automatically generated the service URL (URL of the symfony app you're protecting) by using various HTTP request headers like Host or X-Forwarded-Host. These can be faked, leading to a serious security issue. phpCAS 1.6 requires you explicitly set the service base URL instead.
phpCAS 1.6 was released recently to address a security concern. In previous versions, the library automatically generated the service URL (URL of the symfony app you're protecting) by using various HTTP request headers like Host or X-Forwarded-Host. These can be faked, leading to a serious security issue. phpCAS 1.6 requires you explicitly set the service base URL instead.