Skip to content
Snippets Groups Projects
Select Git revision
  • master default protected
  • cesnet_simplesamlphp-1.19.8
  • elixir_simplesamlphp-1.19.8
  • simplesamlphp-1.19.8
  • cesnet_simplesamlphp-1.19.5
  • simplesamlphp-2.0
  • feature/assets
  • feature/rac-source-selector
  • cleanup/remove-base64-attributes
  • simplesamlphp-1.19
  • elixir_simplesamlphp-1.19.5
  • aarc_idp_hinting
  • feature/validate-authstate-before-processing
  • feature/build-two-tarballs
  • dependabot/composer/twig/twig-3.4.3
  • tvdijen-patch-1
  • unchanged-acs-url-no-www-script
  • feature/translation-improvements
  • symfony6
  • move_tests
  • v1.19.9
  • v2.1.3
  • v2.0.10
  • v2.1.2
  • v2.0.9
  • v2.1.1
  • v2.0.8
  • v2.1.0
  • v2.0.7
  • v2.1.0-rc1
  • v2.0.6
  • v2.0.5
  • 2.0.4-alpha.1
  • v2.0.4-alpha.1
  • v2.0.4
  • v2.0.3
  • v2.0.2
  • v2.0.1-alpha.1
  • v2.0.1
  • v1.19.8
40 results
Blame Permalink
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
simplesamlphp-changelog.md 86.89 KiB

SimpleSAMLphp changelog

This document lists the changes between versions of SimpleSAMLphp. See the upgrade notes for specific information about upgrading.

Version 1.19.1

Released TBD

  • Fixed a bug in the Artifact Resolution Service (#1428)
  • Fixed compatibility with Composer pre 1.8.5 (Debian 10) (#1427)
  • Updated npm dependencies up to February 1, 2021
  • Fixed a bug where it was impossible to set WantAssertionsSigned=true on SP-metadata (#1433)

memcacheMonitor

  • Fix a bug in the Twig-template that causes an exception on newer Twig-versions

negotiate

  • Fix a bug that was breaking the module when using the old UI

statistics

  • Fix a bug in the Twig-template that causes an exception on newer Twig-versions

Version 1.19.0

Released 2021-01-21

  • This version will be the last of the 1.x branch and will provide a migration path to our new templating system, routing system and translation system.
  • SAML 1 / Shib 1.3 support is now marked deprecated and will be removed in SimpleSAMLphp 2.0.
  • Raised minimum PHP version to 7.1
  • Dropped support for Symfony 3.x
  • Update the SAML2 library dependency to 4.1.9
  • Fix a bug where SSP wouldn't write to the tmp-directory if it didn't own it, but could write to it (#1314)
  • Fixed several bugs in saml:NameIDAttribute (#1245)
  • Fix artifact resolution (#1343)
  • Allow additional audiences to be specified (#1345)
  • Allow configurable ProviderName (#1348)
  • Support saml:Extensions in saml:SP authsources (#1349)
  • The attributename-setting in the core:TargetedID authproc-filter has been deprecated in favour of the identifyingAttribute-setting.
  • Filter multiauth authentication sources from SP using AuthnContextClassRef (#1362)
  • Allow easy enabling of SameSite = 'None' (#1382)
  • Do not accept the hashed admin password for authentication (#1418)

Version 1.18.8

Released 2020-09-02

  • Fixed Artifact Resolution due to incorrect use of Issuer objects (#1343).
  • Fixed some of the German translations (#1331). Thanks @htto!
  • Harden against CVE-2020-13625; this package is not affected, but 3rd party modules may (#1333).
  • Harden against sevaral JS issues (npm update & npm audit fix)
  • Fixed inconsistent configuration of backtraces logging
  • Support for Symfony 3.x is now deprecated
  • Support for Twig 1.x is now deprecated

authcrypt

  • The dependency for whitehat101/apr1-md5 was moved from the base repository to the module (v0.9.2)

authx509

  • Restore PHP 5.6 compatibility (v0.9.5)

cron

  • Fixed old-ui (#1248)

ldap

  • Moved array with binary attributes to authsource config (v0.9.9) Instead of having to edit code, you can now set 'attributes.binary' in the authsource configuration.

metarefresh

  • Add attributewhitelist to support e.g. R&S+Sirtfi (v0.9.5)
  • Restore PHP 5.6 compatibility (v0.9.6)

negotiate

  • Restore PHP 5.6 compatibility (v0.9.8)
  • Fixed a link (v0.9.9)

saml2 library

  • Fixed a bug in the AuthnRequest-class that would raise an InvalidArgumentException when setting the AssertionConsumerServiceIndex as an integer on an saml:SP authsource. Thanks to Andrea @ Oracle for reporting this.

Version 1.18.7

Released 2020-05-12

  • Fix spurious warnings when session_create_id() fails to create ID (#1291)
  • Fix inconsistency in the way PATH_INFO is being used (#1227).
  • Fix a potential security issue CVE-2020-11022 by updating jQuery. If any of your custom modules rely on jQuery, make sure you read the following update notes, since jQuery has solved this in a non-BC way (#1321).
  • Fix incorrect Polish translations (#1311).
  • Fix a broken migration query in the LogoutStore (#1324).
  • Fix an issue with the SameSite cookie parameter when running on PHP versions older than 7.3 (#1320).

adfs

  • Fixed a broken link to one of the assets (v0.9.6).

ldap

  • Handle binary attributes in a generic way (v0.9.5).

oauth

  • Fix PHP 7.4 incompatibility (v0.9.2).