[satosa-users] Vulnerabilities affecting pySAML2 and forthcoming release

Dear users of IdentityPython, this is a heads-up about two vulnerabilities affecting pySAML2. Software that uses pySAML2 is indirectly affected, too (ie, SATOSA). The issues were reported to the IdentityPython incident-response mailing list and we have been working on a mitigation. A new version of pySAML2 that includes the fixes will be released on Wednesday 20th of January between 13:00 CET and 17:00 CET. We urge everyone to be prepared to update their setup to the latest version. Kind regards, Ivan Kanakarakis on behalf of the incident-response team