Skip to content

Version 6.5.0
Compare
Choose a tag to compare
@c00kiemon5ter c00kiemon5ter released this 20 Jan 12:52
· 274 commits to master since this release
v6.5.0
This tag was signed with the committer’s verified signature. The key has expired.
c00kiemon5ter Ivan Kanakarakis
GPG key ID: 762A5045469270CF
Expired
Learn about vigilant mode.
12ec4a7
This commit was signed with the committer’s verified signature. The key has expired.
c00kiemon5ter Ivan Kanakarakis
GPG key ID: 762A5045469270CF
Expired
Learn about vigilant mode.

6.5.0 (2021-01-20) - Security release

  • Fix processing of invalid SAML XML documents - CVE-2021-21238
  • Fix unspecified xmlsec1 key-type preference - CVE-2021-21239
  • Add more tests regarding XSW attacks
  • Add XML Schemas for SAML2 and common extensions
  • Fix the XML parser to not break on ePTID AttributeValues
  • Fix the initialization value of the return_addrs property of the StatusResponse object
  • Fix SWAMID entity-category policy regarding eduPersonTargetedID
  • data: use importlib to load package data (backwards compatibility through the importlib_resources package)
  • docs: improve the documentation for the signing_algorithm and digest_algorithm options
  • examples: fix the logging configuration of the example-IdP
  • tests: allow tests to pass on 32bit systems by properly choosing dates in test XML documents
  • tests: improvements on the generation of response and assertion objects
  • tests: expand tests on python-3.9 and python-3.10-dev
Assets 2
Loading