Release version 2.3.0

SAML-Toolkits · Jan 13, 2015 · 42d6c1f · 42d6c1f
1 parent df2a40c
commit 42d6c1f
Show file tree

Hide file tree

Showing 2 changed files with 21 additions and 0 deletions.
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,6 +1,19 @@
 CHANGELOG
 =========
 
+v.2.3.0
+-------
+* Resolve namespace problem. Some IdPs uses saml2p:Response and saml2:Assertion instead of samlp:Response saml:Assertion.
+* Improve test and documentation.
+* Improve ADFS compatibility.
+* Remove unnecessary XSDs files.
+* Make available the reason for the saml message invalidation.
+* Adding ability to set idp cert once the Setting object initialized.
+* Fix status info issue.
+* Reject SAML Response if not signed and strict = false.
+* Support NameId and SessionIndex in LogoutRequest.
+* Add ForceAuh and IsPassive support.
+
 v.2.2.0
 -------
 * Fix bug with Encrypted nameID on LogoutRequest

diff --git a/README.md b/README.md
@@ -134,6 +134,14 @@ namespaces, remember that calls to the class must be done by adding a \ to the
 start, for example to use the static method getSelfURLNoQuery use:
 \OneLogin_Saml2_Utils::getSelfURLNoQuery()
 
+
+Security warning
+----------------
+
+In production, the **strict** parameter MUST be set as **"true"**. Otherwise 
+your environment is not secure and will be exposed to attacks.
+
+
 Getting started
 ---------------