Shibboleth Developers

The machine holding the cvs that contains the Shibboleth source was 
compromised on May 21. The situation was discovered on May 24,  and 
the machine was immediately shut down. Needless to say, we treated 
this incident as an extremely serious situation. However, after 
extensive investigation and forensics, we are convinced that we know 
when the incident occurred, how the breakin occurred, and -- most 
importantly -- are convinced that the Shibboleth code was not 
compromised. The machine has been completely rebuilt, using backup 
tapes that predate the incident

We have now posted *final final* tarballs to 
http://wayf.internet2.edu/shibboleth/ .We would encourage EVERYONE 
using a previous version of Shibboleth v1.2 to move to the final 
version. This will make it much easier for us to answer questions, 
and will ensure consistent behavior among sites running Shib 1.2.

Our cvs is currently NOT available for  anonymous access. However, we 
are working  with the  sysadmins, and hope  to restore this 
functionality soon.

We are distributing this announcement to let people know that this 
incident occurred... However, as noted previously,  we are SURE that 
it has had no effect on the Shibboleth source that we are currently 
using. If there are any issues or concerns, please contact us.

Thank  you for your interest in Shibboleth, and your support! We're 
sorry that this incident delayed the final  release of Shibboleth 
1.2. However, we're sure people will  understand why we delayed the 
release, while investigating the incident.