The text was copied from https://code.google.com/p/simplesamlphp/wiki/LostState, corrected some language and added a piece on http/https stemming from the comments on that page.

Fixes #214

Corrected logic in checkSessionCookie

Raise InvalidArgumentException if $retryURL is not a string AND is not null

Support file uploads in metadata converter.

Set PHP session cookie configuation to be true by default.

Remove override.host config variable.

# By Brook Schofield
# Via Brook Schofield (1) and Jaime Pérez Crespo (1)
* 'master' of github.com:simplesamlphp/simplesamlphp:
  Improve the local generation of metadata for attributes.required

Fix the phpdoc for SimpleSAML\Utils\Random::generateID() and add a constant with the length of generated IDs.

This option made it possible to override the configuration per host, but it has never been documented, and it can be replaced with simple PHP code in the configuration.

Closes #2

It's obviously more secure and therefore better as a default.

Improve the local generation of metadata to support registrationAutho…

Closes #17

A-Select: always add uid+organization to attributes

Useful in the leadup to entity category support to publish
registrationAuthority (which might be overridden by a federation) and
attributes.required.

Use robrichards/xmlseclibs instead simplesamlphp/xmlseclibs

Implies update simplesamlphp/saml2 because share the same dependency

extend authX509 module with authentication processing filter for generating certificate expiry warnings

uid and organization attributes are not always in `$creds['attributes']`, so we add an option for that.

It has been marked deprecated and generates warnings since 2013.
The functionality is easily replaced by using the smartattributes module.

Since PHP 5.3 is required, there's no need to treat users of 5.1.2-5.2 specially. Also we can safely use LDAP_OPT_NETWORK_TIMEOUT now.

No need to keep it around as deprecated, since it has only been in master, never in a released version, and has been added just a few months ago.

Add tests for most of the data retrieval functions. No tests
for the metadata functions present though.

It has never really gained traction and is now superseeded by the composer module installer.

* One test suite for all tests.
* One file per class that is tested.

These changes should make it easier to add new tests.

This class has been broken for several years, and we are not aware of
any users of it. Delete that class and any code instantiating that class.

Update IPv6 CIDR checks.