diff --git a/docs/simplesamlphp-changelog.txt b/docs/simplesamlphp-changelog.txt index cc957e04139a57eb814630528f44b514cea8ab0e..01334ee6be9c1392a323a8ca81cd4dda3f6e16a2 100644 --- a/docs/simplesamlphp-changelog.txt +++ b/docs/simplesamlphp-changelog.txt @@ -5,6 +5,31 @@ simpleSAMLphp changelog Here is changes between simpleSAMLphp versions. Look here if you are upgrading, to see if there are any changes to the config format. + +## Version 1.5.1 + +Released 2010-01-08. + + * Fix security vulnerability due to insecure temp file creation: + * statistics: The logcleaner script outputs to a file in /tmp. + * InfoCard: Saves state directly in /tmp. Changed to the simpleSAMLphp temp directory. + * openidProvider: Default configuration saves state information in /tmp. + Changed to '/var/lib/simplesamlphp-openid-provider'. + * SAML 1 artifact support: Saves certificates temporarily in '/tmp/simplesaml', but directory creation was insecure. + * statistics: Handle new year wraparound. + * Dictionary updates. + * Fix bridged logout. + * Some documentation updates. + * Fix all metadata to use assignments to arrays. + * Fix $session->getIdP(). + * Support AuthnContextClassRef in saml-module. + * Do not attempt to send logout request to an IdP that does not support logout. + * LDAP: Disallow bind with empty password. + * LDAP: Assume that LDAP_NO_SUCH_OBJECT is an error due to invalid username/password. + * statistics: Fix configuration template. + * Handle missing authority in idp-hosted metadata better. + + ## Version 1.5 Released 2009-11-05. Revision 1937.