Shibboleth SP and IdP patches next week

classic Classic list List threaded Threaded
1 message Options
Reply | Threaded
Open this post in threaded view

Shibboleth SP and IdP patches next week

Cantor, Scott E.
We are expecting to release patches for the SP and IdP in the next 7-10 days to address some low to moderate security issues in both.

The SP issue is another KeyInfo parsing bug like the one fixed recently, but is fairly hard to exploit so it's more notable as just a bug fix release to some libraries.

The IdP issue is a CAS vulnerability that as far as is known has some mitigating factors keeping it from being more serious. Additional deprecation warnings will be backported in this patch to plug some of the gaps identified since 3.4/3.4.1 were released.

-- Scott

To unsubscribe from this list send an email to [hidden email]