RE: SSPSA 202501-01
42 views
Skip to first unread message
Mark Boyce
Mar 18, 2025, 5:15:24 PMMar 18
to simple...@googlegroups.com
Good Afternoon,
The advisory states that one shout either upgrade to the latest version or “manually bump the simplesamlphp/saml2 dependency to v4.17.0”. For those of us not on version 2.x (yet) is that still applicable and if so, what other changes need to be made to composer.json/composer.lock to perform said update?
Appreciated,
m.
Mark L. Boyce
Senior Identity Management Analyst
University of California, Office of the President
Office: 510.987.9681
Cell: 209.851.0196
Dubravko Penezic
Mar 18, 2025, 5:23:15 PMMar 18
to simple...@googlegroups.com
HI Mark,
depends on version you have , it is change just in one file , and you
may implement it by hends. I did i few different version and work well,
but will work only if follow command return any results in SSP installed
directory :
# grep -R "Assert::same" *
cheng you need to made is in file HTTPRedirect.php
according diff from
https://github.com/simplesamlphp/saml2/compare/v4.16.14...v4.17.0
Regards,
Dubravko Penezic
Srce
On 3/18/25 10:15 PM, 'Mark Boyce' via SimpleSAMLphp wrote:
> Good Afternoon,
>
> The advisory states that one shout either upgrade to the latest version
> or “manually bump the simplesamlphp/saml2 dependency to v4.17.0”. For
> those of us not on version 2.x (yet) is that still applicable and if so,
> what other changes need to be made to composer.json/composer.lock to
> perform said update?
>
> Appreciated,
>
> m.
>
> *Mark L. Boyce*
> This is a mailing list for users of SimpleSAMLphp, not a support
> service. If you are willing to buy commercial support, please take a
> look here:
>
> https://simplesamlphp.org/support <https://simplesamlphp.org/support>
>
> Before sending your question, make sure it is related to SimpleSAMLphp,
> and not your web server's configuration or any other third-party
> software. This mailing list cannot help with software that uses
> SimpleSAMLphp, only regarding SimpleSAMLphp itself.
>
> Make sure to read the documentation:
>
> https://simplesamlphp.org/docs/stable/ <https://simplesamlphp.org/docs/
> stable/>
>
> If you have an issue with SimpleSAMLphp that you cannot resolve and
> reading the documentation doesn't help, you are more than welcome to ask
> here for help. Subscribe to the list and send an email with your
> question. However, you will be expected to comply with some minimum,
> common sense standards in your questions. Please read this carefully:
>
> http://catb.org/~esr/faqs/smart-questions.html <http://catb.org/~esr/
> faqs/smart-questions.html>
> ---
> You received this message because you are subscribed to the Google
> Groups "SimpleSAMLphp" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to simplesamlph...@googlegroups.com
> <mailto:simplesamlph...@googlegroups.com>.
> To view this discussion visit https://groups.google.com/d/msgid/
> simplesamlphp/
> SJ0PR06MB72274DC4AACAFF5C3CFC819EE0DE2%40SJ0PR06MB7227.namprd06.prod.outlook.com <https://groups.google.com/d/msgid/simplesamlphp/SJ0PR06MB72274DC4AACAFF5C3CFC819EE0DE2%40SJ0PR06MB7227.namprd06.prod.outlook.com?utm_medium=email&utm_source=footer>.
depends on version you have , it is change just in one file , and you
may implement it by hends. I did i few different version and work well,
but will work only if follow command return any results in SSP installed
directory :
# grep -R "Assert::same" *
cheng you need to made is in file HTTPRedirect.php
according diff from
https://github.com/simplesamlphp/saml2/compare/v4.16.14...v4.17.0
Regards,
Dubravko Penezic
Srce
On 3/18/25 10:15 PM, 'Mark Boyce' via SimpleSAMLphp wrote:
> Good Afternoon,
>
> The advisory states that one shout either upgrade to the latest version
> or “manually bump the simplesamlphp/saml2 dependency to v4.17.0”. For
> those of us not on version 2.x (yet) is that still applicable and if so,
> what other changes need to be made to composer.json/composer.lock to
> perform said update?
>
> Appreciated,
>
> m.
>
>
> Senior Identity Management Analyst
>
> University of California, Office of the President
>
> Office: 510.987.9681
>
> Cell: 209.851.0196
>
> --
> Senior Identity Management Analyst
>
> University of California, Office of the President
>
> Office: 510.987.9681
>
> Cell: 209.851.0196
>
> This is a mailing list for users of SimpleSAMLphp, not a support
> service. If you are willing to buy commercial support, please take a
> look here:
>
> https://simplesamlphp.org/support <https://simplesamlphp.org/support>
>
> Before sending your question, make sure it is related to SimpleSAMLphp,
> and not your web server's configuration or any other third-party
> software. This mailing list cannot help with software that uses
> SimpleSAMLphp, only regarding SimpleSAMLphp itself.
>
> Make sure to read the documentation:
>
> https://simplesamlphp.org/docs/stable/ <https://simplesamlphp.org/docs/
> stable/>
>
> If you have an issue with SimpleSAMLphp that you cannot resolve and
> reading the documentation doesn't help, you are more than welcome to ask
> here for help. Subscribe to the list and send an email with your
> question. However, you will be expected to comply with some minimum,
> common sense standards in your questions. Please read this carefully:
>
> http://catb.org/~esr/faqs/smart-questions.html <http://catb.org/~esr/
> faqs/smart-questions.html>
> ---
> You received this message because you are subscribed to the Google
> Groups "SimpleSAMLphp" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to simplesamlph...@googlegroups.com
> <mailto:simplesamlph...@googlegroups.com>.
> To view this discussion visit https://groups.google.com/d/msgid/
> simplesamlphp/
> SJ0PR06MB72274DC4AACAFF5C3CFC819EE0DE2%40SJ0PR06MB7227.namprd06.prod.outlook.com <https://groups.google.com/d/msgid/simplesamlphp/SJ0PR06MB72274DC4AACAFF5C3CFC819EE0DE2%40SJ0PR06MB7227.namprd06.prod.outlook.com?utm_medium=email&utm_source=footer>.
Mark Boyce
Mar 24, 2025, 10:42:15 AMMar 24
to simple...@googlegroups.com
Hi Dubravko,
We're running v1.19.8 and the HTTPRedirect.php file looks much different... should I simply copy the file in its entirety and replace the existing?
Thanks,
m.
Mark L. Boyce
From: simple...@googlegroups.com <simple...@googlegroups.com> On Behalf Of Dubravko Penezic
Sent: Tuesday, March 18, 2025 4:23 PM
To: simple...@googlegroups.com
Subject: Re: UNS: [simplesamlphp-users] RE: SSPSA 202501-01
CAUTION: EXTERNAL EMAIL
To unsubscribe from this group and stop receiving emails from it, send an email to simplesamlph...@googlegroups.com.
To view this discussion visit https://groups.google.com/d/msgid/simplesamlphp/3490e656-cbdb-4446-907b-c6cbaeebb2d3%40srce.hr.
We're running v1.19.8 and the HTTPRedirect.php file looks much different... should I simply copy the file in its entirety and replace the existing?
Thanks,
m.
Mark L. Boyce
Senior Identity Management Analyst
University of California, Office of the President
Office: 510.987.9681
Cell: 209.851.0196
-----Original Message-----
University of California, Office of the President
Office: 510.987.9681
Cell: 209.851.0196
From: simple...@googlegroups.com <simple...@googlegroups.com> On Behalf Of Dubravko Penezic
Sent: Tuesday, March 18, 2025 4:23 PM
To: simple...@googlegroups.com
Subject: Re: UNS: [simplesamlphp-users] RE: SSPSA 202501-01
CAUTION: EXTERNAL EMAIL
To view this discussion visit https://groups.google.com/d/msgid/simplesamlphp/3490e656-cbdb-4446-907b-c6cbaeebb2d3%40srce.hr.
Dubravko Penezic
Mar 24, 2025, 12:01:52 PMMar 24
to simple...@googlegroups.com
Hi Mark,
to be honest you have 3 options :
1) do proper install via composer
2) upgrade to latest version
3) do it manually
skill level is follow (from less to expert)
2, 1, 3
Unfortunately it is look like you dont have good programmer. I will give
you explanation, but if your programmer isnt skill enough consider to do
option 2.
HTTPRedirect.php was change on time, and it is normal that same file
have differ from so big different in version. However (and that is
reason I believe you dont have good programmer) in this case is so
obvious that you change one set of if closes with another , then change
variable name , because of fist changes and add additional check on end.
It is thru you can apply diff automatically, but in lest of 5 minutes
skilled programmer may do change (and change is very obvious and self
explanatory).
Additional if you didnt add some modules, moving from one version to
another is mostly meter of implementig proper configuration in config
directory and secure you have correct metadata in metadata directory.
Regards,
Dubravko
to be honest you have 3 options :
1) do proper install via composer
2) upgrade to latest version
3) do it manually
skill level is follow (from less to expert)
2, 1, 3
Unfortunately it is look like you dont have good programmer. I will give
you explanation, but if your programmer isnt skill enough consider to do
option 2.
HTTPRedirect.php was change on time, and it is normal that same file
have differ from so big different in version. However (and that is
reason I believe you dont have good programmer) in this case is so
obvious that you change one set of if closes with another , then change
variable name , because of fist changes and add additional check on end.
It is thru you can apply diff automatically, but in lest of 5 minutes
skilled programmer may do change (and change is very obvious and self
explanatory).
Additional if you didnt add some modules, moving from one version to
another is mostly meter of implementig proper configuration in config
directory and secure you have correct metadata in metadata directory.
Regards,
Dubravko
Reply all
Reply to author
Forward
0 new messages