Hi,
SimpleSAMLphp 1.17.7 has just been released. This is a critical security release, as previously announced, addressing SSPSA 201911-01. The advisory with details on the security issue is still embargoed, although it will be made public in the website tomorrow, November 7, around 2PM CET.
We would like to stress that this is a critical security release, and as it affects all SimpleSAMLphp users using it as a service provider (that is, in order to protect access to their applications), we encourage all to upgrade as soon as possible.
The new release is available for download here:
https://github.com/simplesamlphp/simplesamlphp/releases/download/v1.17.7/simplesamlphp-1.17.7.tar.gz
You can verify the integrity of this file by comparing the SHA256 digest: 848996e0c8a8367f2e98960b54f719740c3da1dd62081e712eb2c5beb28d971e
Regards,
--
Jaime Pérez
Uninett / Feide
PGP: 9A08 EA20 E062 70B4 616B 43E3 562A FE3A 6293 62C2
https://keybase.io/jaimeperez
"Two roads diverged in a wood, and I, I took the one less traveled by, and that has made all the difference."
- Robert Frost