Newer
Older
This document lists the changes between versions of SimpleSAMLphp.
See the upgrade notes for specific information about upgrading.
## Version 2.1.1
Released 2023-11-28
* Fix static call for non-static method in bin/initMDSPdo.php (#1892)
* Restore logout-behaviour for IdP's that do not send a saml:NameID in their LogoutRequest (#1894)
* Fix code error in docs (#1895)
* Fixed a TypeError when accessing the module.php endpoint without specifying a module (#1907)
* Fixed the precondition-functionality for more complex authproc-filters (#1905)
* Reverted a case of 'constructor property promotion' in SAMLParser, causing the validators to be empty (#1904)
* Drop ext-intl in favour of a polyfill (#1908)
`multiauth`
* Fix TypeError due to missing keys in source array (#1900)
## Version 2.1.0
Released 2023-07-31
* Functionality that before was provided by the sanitycheck-module is now implicit.
The module has been archived and should no longer be used. (#1843)
* Add support for TLS configuration for Redis Store (#1828)
* Add support for Metadata Deployment Profile for errorURL (#1841)
* Raised minimum Symfony version to 6.0
* Raise minimum PHP version to 8.0
* Specified the allowed HTTP methods for each route
* Our dependency on `composer/composer` was dropped in favour of a packaged phar-file.
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
## Version 2.0.8
Released 2023-11-28
* Fix static call for non-static method in bin/initMDSPdo.php (#1892)
* Restore logout-behaviour for IdP's that do not send a saml:NameID in their LogoutRequest (#1894)
* Fix code error in docs (#1895)
* Fixed a TypeError when accessing the module.php endpoint without specifying a module (#1907)
* Drop ext-intl in favour of a polyfill (#1908)
`multiauth`
* Fix TypeError due to missing keys in source array (#1900)
## Version 2.0.7
Released 2023-10-30
* Fixed a missing Accept-header for metadata queries (#1865)
* Update vulnerable composer (CVE-2023-43655; not affected)
* Fixed a potential XSS-through-DOM (3x; not affected)
* Fixed a warning in the RequestedAuthnContextSelector
* Fixed file logging handler to not fail on the first write after file-creation (#1877)
## Version 2.0.6
Released 2023-09-07
* Fixed a legacy endpoint causing to break iframe-logout (#1846)
* Fixed an incorrect return-type in RunnableResponse
* Fix for admin.protectmetadata=true - it would show a blank page
* Fix default for entity attributes NameFormat in XML metadata to be 'URI'.
* Fix error message when invoking SSO endpoint without the required parameters.
* Security header regression
* Fixed a regression that made it impossible to configure metadata-signing on individual hosted IdP's (#1792)
## Version 2.0.5
* Never expose the cron-API if secret is not properly configured (#1831)
* Fixed a bug where IdP-initiated SLO using the HTTP-POST binding wasn't properly dealt with
## Version 2.0.4
Released TBD
* The source that was selected by the SourceSelector is now available in the state.
* The zone that was selected by the SourceIPSelector is now available in the state.
Tim van Dijen
committed
* The defaultSource for the SourceIPSelector can now be set to `null`. If none of the zones
are matched, a NotFound exception will be thrown.
* It is now possible to set a default AuthnContext in the RequestedAuthnContextSelector.
* Fixed a bug in MDQ metadata expiration
* Resolved a possible object injection vulnerability in MDQ metadata cache
* Restored the possibility to use HTTP-Artifact binding on AuthnRequests
* Fix exception when translation-file does not exist
* Correct host in generated URLS for IdPs with 'host' config in admin/federation (#1774, #1781)
`authyubikey`
* The module wasn't fully compatible with SSP 2.0 yet (v2.0.1)
`cas`
* Fixed a broken controller (simplesamlphp/simplesamlphp-module-cas#6) (v1.1.2)
`saml2debug`
* Fixed a broken controller (simplesamlphp/simplesamlphp-module-saml2debug#4) (v1.0.5)
## Version 2.0.2
Released 2023-03-10
* Fixed the broken 2.0.1 release by restoring an accidentally removed file
Released 2023-03-10
* The language-menu on mobile devices was fixed
* Fix some issues with logout (#1776, #1780, #1785)
* The `loginpage_links` functionality for authsources was restored and documented (#1770, #1773)
* Several issues regarding the use of the back-button were fixed (#1720)
* Many fixes in documentation
* Fixed config/authsources.php.dist so you can just rename it for new deployments to get you started (#1771)
* Fixed incompatibility with SSP 2.0 for the following modules;
* consent
* consentadmin
* consentsimpleadmin
* exampleattributeserver
* expirycheck
* memcachemonitor
* memcookie
* metaedit
* negotiate
* negotiateext
* preprodwarning
* saml2debug
* sanitycheck
* sqlauth
`authtwitter`
* A legacy route was added for backwards compatibility
* Docs have been updated
`ldap`
* Fixed the possibility to return ALL attributes (simplesamlphp/simplesamlphp-module-ldap#39)
* Restored the possibility to use anonymous bind (simplesamlphp/simplesamlphp-module-ldap#41)
`negotiate`
* Added support for multi-realm environments
`statistics`
* Fixed missing script-tag to load jQuery
* Fixed static calls to SSP utilities
* Docs have been updated
* Many changes, upgrades and improvements since the 1.x series.
* Most notably the new templating system based on Twig, a new
localization system based on gettext.
* Most modules have been moved out of the core package but can
easily be installed on-demand as required via composer.
* Better conformance by default to the SAML2INT standard.
* Code cleanups, improvements and simplifications.
* Improved test coverage and more use of standard libraries.
* Compatibility with modern versions of PHP.
* Various new features, including:
* SAML SubjectID and Pairwise ID support
* Accepting unsolicited responses can be disabled by setting `enable_unsolicited` to `false` in the SP authsource.
* Certificates and private keys can now be retrieved from a database
* Support for Redis sentinel was added.
* Please read the upgrade notes for 2.0 because this release breaks
backwards compatibility in a number of places.