Permalink
Browse files

Release 2.10.4

  • Loading branch information...
pitbulk committed Feb 28, 2017
1 parent 2de73ac commit e1d6b8dc2e6abea3185b59da8b52002eb7dc9a87
Showing with 16 additions and 3 deletions.
  1. +10 −0 CHANGELOG
  2. +3 −0 README.md
  3. +1 −1 composer.json
  4. +2 −2 lib/Saml2/version.json
View
@@ -1,5 +1,15 @@
CHANGELOG
=========
v.2.10.4
* [+](https://github.com/onelogin/php-saml/commit/949359f5cad5e1d085c4e5447d9aa8f49a6e82a1) Security update for signature validation on LogoutRequest/LogoutResponse
* [#192](https://github.com/onelogin/php-saml/pull/192) Added ability to configure DigestAlgorithm in settings
* [#183](https://github.com/onelogin/php-saml/pull/183) Fix strpos bug when decrypting assertions
* [#186](https://github.com/onelogin/php-saml/pull/186) Improve info on entityId validation Exception
* [#188](https://github.com/onelogin/php-saml/pull/188) Fixed issue with undefined constant of UNEXPECTED_SIGNED_ELEMENT
* Read ACS binding on AuthNRequest builder from settings
* Be able to relax Destination validation on SAMLResponses and let this
attribute to be empty with the 'relaxDestinationValidation' setting
v.2.10.3
* Implement a more specific exception class for handling some validation errors
* Minor changes on time validation/exceptions
View
@@ -10,6 +10,9 @@ and supported by OneLogin Inc.
Warning
-------
Update php-saml to 2.10.4, this version includes a security patch related to
[signature validations on LogoutRequests/LogoutResponses](https://github.com/onelogin/php-saml/commit/949359f5cad5e1d085c4e5447d9aa8f49a6e82a1)
Update php-saml to 2.10.0, this version includes a security patch that contains extra validations that will prevent signature wrapping attacks. [CVE-2016-1000253](https://github.com/distributedweaknessfiling/DWF-Database-Artifacts/blob/ab8ae6e845eb506fbeb10a7e4ccb379f0b4222ca/DWF/2016/1000253/CVE-2016-1000253.json)
php-saml < v2.10.0 is vulnerable and allows signature wrapping!
View
@@ -2,7 +2,7 @@
"name": "onelogin/php-saml",
"description": "OneLogin PHP SAML Toolkit",
"license": "MIT",
"version": "2.10.3",
"version": "2.10.4",
"homepage": "https://onelogin.zendesk.com/hc/en-us/sections/200245634-SAML-Toolkits",
"keywords": ["saml", "saml2", "onelogin"],
"autoload": {
View
@@ -1,6 +1,6 @@
{
"php-saml": {
"version": "2.10.3",
"released": "11/01/2017"
"version": "2.10.4",
"released": "28/02/2017"
}
}

0 comments on commit e1d6b8d

Please sign in to comment.