The Shibboleth Project has released a security advisory that involves a vulnerability to information disclosure via the CAS protocol. A patch release is now available that corrects the issue.