|
1 | 1 | # Changelog |
2 | 2 |
|
3 | 3 |
|
| 4 | +## 6.5.0 (2021-01-20) - Security release |
| 5 | + |
| 6 | +- Fix processing of invalid SAML XML documents - [CVE-2021-21238] |
| 7 | +- Fix unspecified xmlsec1 key-type preference - [CVE-2021-21239] |
| 8 | +- Add more tests regarding XSW attacks |
| 9 | +- Add XML Schemas for SAML2 and common extensions |
| 10 | +- Fix the XML parser to not break on ePTID AttributeValues |
| 11 | +- Fix the initialization value of the return_addrs property of the StatusResponse object |
| 12 | +- Fix SWAMID entity-category policy regarding eduPersonTargetedID |
| 13 | +- data: use importlib to load package data (backwards compatibility through the importlib_resources package) |
| 14 | +- docs: improve the documentation for the signing_algorithm and digest_algorithm options |
| 15 | +- examples: fix the logging configuration of the example-IdP |
| 16 | +- tests: allow tests to pass on 32bit systems by properly choosing dates in test XML documents |
| 17 | +- tests: improvements on the generation of response and assertion objects |
| 18 | +- tests: expand tests on python-3.9 and python-3.10-dev |
| 19 | + |
| 20 | + |
4 | 21 | ## 6.4.1 (2020-12-08) |
5 | 22 |
|
6 | 23 | - Indicate minimum required python version during installation |
|
110 | 127 | - docs: document default value for 'want_response_signed' |
111 | 128 |
|
112 | 129 |
|
113 | | -## 5.0.0 (2020-01-13) |
| 130 | +## 5.0.0 (2020-01-13) - Security release |
114 | 131 |
|
115 | | -- Fix XML Signature Wrapping (XSW) vulnerabilities - CVE-2020-5390 |
| 132 | +- Fix XML Signature Wrapping (XSW) vulnerabilities - [CVE-2020-5390] |
116 | 133 | - Add freshness period feature for MetaDataMDX |
117 | 134 | - Fix bug in duration calculation in time_util library |
118 | 135 | - Fix ipv6 validation to accommodate for addresses with brackets |
@@ -234,7 +251,7 @@ Refactor AttributeValueBase::set_text method. |
234 | 251 | - tests: fix test that depended on actual datetime |
235 | 252 | - build: Set minimum build-tool version through pyproject.toml |
236 | 253 |
|
237 | | -## 4.6.0 (2018-08-07) |
| 254 | +## 4.6.0 (2018-08-07) - Security release |
238 | 255 |
|
239 | 256 | - Allow configuration and specification of id attribute name |
240 | 257 | - Retrieve SLO endpoint by the appropriate service type |
@@ -284,3 +301,9 @@ Refactor AttributeValueBase::set_text method. |
284 | 301 | - Add backwards compatibility with ElementTree in python < 2.7. |
285 | 302 | - Fix minor bugs in the tests. |
286 | 303 | - Support one more nameid format. |
| 304 | + |
| 305 | + |
| 306 | + [CVE-2017-1000246]: https://github.com/advisories/GHSA-cq94-qf6q-mf2h |
| 307 | + [CVE-2020-5390]: https://github.com/advisories/GHSA-qf7v-8hj3-4xw7 |
| 308 | + [CVE-2021-21238]: https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-f4g9-h89h-jgv9 |
| 309 | + [CVE-2021-21239]: https://github.com/IdentityPython/pysaml2/security/advisories/GHSA-5p3x-r448-pc62 |
0 commit comments