EngineBlock 4.4.0
Security & Push Metadata release.
Fixes minor security issues found (no known exploits) and introduces support for multiple sources of metadata.
Supported out of the box are:
- OpenConext Stoker
- Janus REST API v1
- Local database. Particulairly useful when filled with Janus Push metadata.
Metadata Repositories can be composed and ordered.
Notable issues resolved with this release:
- Push service configuration to EngineBlock #67
- Open Redirect vulnerabilities in Profile #113
- XSS in HTTP Host header #111
- Make it also possible (and configurable) to use ePPN for the identifier instead of SHO+uid #98
- Disable the loading of external entities in XML documents.