Sync upgrade notes & changelog

e98c1cda · Tim van Dijen · 44bc48f0 · e98c1cda · e98c1cda · e98c1cda
Commit e98c1cda authored 1 year ago by Tim van Dijen
--- a/docs/simplesamlphp-changelog.md
+++ b/docs/simplesamlphp-changelog.md
@@ -5,6 +5,22 @@
 This document lists the changes between versions of SimpleSAMLphp.
 See the upgrade notes for specific information about upgrading.

+## Version 2.1.1
+
+Released 2023-11-28
+
+* Fix static call for non-static method in bin/initMDSPdo.php (#1892)
+* Restore logout-behaviour for IdP's that do not send a saml:NameID in their LogoutRequest (#1894)
+* Fix code error in docs (#1895)
+* Fixed a TypeError when accessing the module.php endpoint without specifying a module (#1907)
+* Fixed the precondition-functionality for more complex authproc-filters (#1905)
+* Reverted a case of 'constructor property promotion' in SAMLParser, causing the validators to be empty (#1904)
+* Drop ext-intl in favour of a polyfill (#1908)
+
+`multiauth`
+
+* Fix TypeError due to missing keys in source array (#1900)
+
 ## Version 2.1.0

 Released 2023-07-31
@@ -18,6 +34,42 @@ Released 2023-07-31
 * Specified the allowed HTTP methods for each route
 * Our dependency on `composer/composer` was dropped in favour of a packaged phar-file.

+## Version 2.0.8
+
+Released 2023-11-28
+
+* Fix static call for non-static method in bin/initMDSPdo.php (#1892)
+* Restore logout-behaviour for IdP's that do not send a saml:NameID in their LogoutRequest (#1894)
+* Fix code error in docs (#1895)
+* Fixed a TypeError when accessing the module.php endpoint without specifying a module (#1907)
+* Drop ext-intl in favour of a polyfill (#1908)
+
+`multiauth`
+
+* Fix TypeError due to missing keys in source array (#1900)
+
+## Version 2.0.7
+
+Released 2023-10-30
+
+* Fixed a missing Accept-header for metadata queries (#1865)
+* Update vulnerable composer (CVE-2023-43655; not affected)
+* Fixed a potential XSS-through-DOM (3x; not affected)
+* Fixed a warning in the RequestedAuthnContextSelector
+* Fixed file logging handler to not fail on the first write after file-creation (#1877)
+
+## Version 2.0.6
+
+Released 2023-09-07
+
+* Fixed a legacy endpoint causing to break iframe-logout (#1846)
+* Fixed an incorrect return-type in RunnableResponse
+* Fix for admin.protectmetadata=true - it would show a blank page
+* Fix default for entity attributes NameFormat in XML metadata to be 'URI'.
+* Fix error message when invoking SSO endpoint without the required parameters.
+* Security header regression
+* Fixed a regression that made it impossible to configure metadata-signing on individual hosted IdP's (#1792)
+
 ## Version 2.0.5

 * Never expose the cron-API if secret is not properly configured (#1831)

--- a/docs/simplesamlphp-upgrade-notes-2.1.md
+++ b/docs/simplesamlphp-upgrade-notes-2.1.md
@@ -14,3 +14,10 @@ The following changes are relevant for installers and/or developers.
 As of SimpleSAMLphp 2.1 two builds are created for every release.
 The 'slim' build is a lightweight build without any modules other than the core modules installed (alike the 2.0 build).
 A new 'full' build is added that will come with the most used modules pre-installed.
+
+## Default security-headers
+
+The default security headers have been adjusted to a more strict set. This may cause issues if you use any modules
+or custom themes that use inline CSS or JavaScript. You can adjust these settings in `config.php` using the
+`headers.security` setting, but we recommend updating the custom module/theme and move and inline CSS or JavaScript
+to a file. All modules within the `simplesamlphp/*` namespace are fixed and should not cause any issues.
--- a/docs/simplesamlphp-upgrade-notes-2.2.md
+++ b/docs/simplesamlphp-upgrade-notes-2.2.md
+# Upgrade notes for SimpleSAMLphp 2.2
+
+SimpleSAMLphp 2.2 is a minor new release which introduces a few new features.
+The following changes are relevant for installers and/or developers.
+
+## Deprecations
+
+The following methods were marked `deprecated` and will be removed in a next major release.
+
+- SimpleSAML\Error\ErrorCodes::defaultGetAllErrorCodeTitles - Use getDefaultTitles instead
+- SimpleSAML\Error\Errorcodes::getCustomErrorCodeTitles - Use getCustomTitles instead
+- SimpleSAML\Error\Errorcodes::getAllErrorCodeTitles - Use getAllTitles instead
+- SimpleSAML\Error\Errorcodes::defaultGetAllErrorCodeDescriptions - Use getDefaultDescriptions instead
+- SimpleSAML\Error\Errorcodes::getCustomErrorCodeDescriptions - Use getCustomErrorCodeDescriptions instead
+- SimpleSAML\Error\Errorcodes::getAllErrorCodeDescriptions - Use getAllDescriptions instead
+- SimpleSAML\Error\Errorcodes::getAllErrorCodeMessages - Use getAllMessages instead
+- SimpleSAML\Error\Errorcodes::getErrorCodeTitle - Use getTitle instead
+- SimpleSAML\Error\Errorcodes::getErrorCodeDescription - Use getDescription instead
+- SimpleSAML\Error\Errorcodes::getErrorCodeMessage - Use getMessage instead