From 6e5f719b3252e66807a93da85c7f540555ff6327 Mon Sep 17 00:00:00 2001
From: Olav Morken <olav.morken@uninett.no>
Date: Tue, 11 May 2010 12:53:37 +0000
Subject: [PATCH] Changelog for version 1.5.1.

git-svn-id: https://simplesamlphp.googlecode.com/svn/trunk@2294 44740490-163a-0410-bde0-09ae8108e29a
---
 docs/simplesamlphp-changelog.txt | 25 +++++++++++++++++++++++++
 1 file changed, 25 insertions(+)

diff --git a/docs/simplesamlphp-changelog.txt b/docs/simplesamlphp-changelog.txt
index cc957e041..01334ee6b 100644
--- a/docs/simplesamlphp-changelog.txt
+++ b/docs/simplesamlphp-changelog.txt
@@ -5,6 +5,31 @@ simpleSAMLphp changelog
 
 Here is changes between simpleSAMLphp versions. Look here if you are upgrading, to see if there are any changes to the config format.
 
+
+## Version 1.5.1
+
+Released 2010-01-08.
+
+  * Fix security vulnerability due to insecure temp file creation:
+    * statistics: The logcleaner script outputs to a file in /tmp.
+    * InfoCard: Saves state directly in /tmp. Changed to the simpleSAMLphp temp directory.
+    * openidProvider: Default configuration saves state information in /tmp.
+      Changed to '/var/lib/simplesamlphp-openid-provider'.
+    * SAML 1 artifact support: Saves certificates temporarily in '/tmp/simplesaml', but directory creation was insecure.
+  * statistics: Handle new year wraparound.
+  * Dictionary updates.
+  * Fix bridged logout.
+  * Some documentation updates.
+  * Fix all metadata to use assignments to arrays.
+  * Fix $session->getIdP().
+  * Support AuthnContextClassRef in saml-module.
+  * Do not attempt to send logout request to an IdP that does not support logout.
+  * LDAP: Disallow bind with empty password.
+  * LDAP: Assume that LDAP_NO_SUCH_OBJECT is an error due to invalid username/password.
+  * statistics: Fix configuration template.
+  * Handle missing authority in idp-hosted metadata better.
+
+
 ## Version 1.5
 
 Released 2009-11-05. Revision 1937.
-- 
GitLab