[satosa-users] Vulnerabilities affecting pySAML2 and forthcoming release
20 Jan
2021
20 Jan
'21
2:09 p.m.
Hello everyone,
PySAML2 v6.5.0 has been released.
This is a security release with fixes for the two vulnerabilities that
we had mentioned before.
We urge you to update your setup to the latest pySAML2 version.
A new SATOSA release is on its way to accommodate for the security
release of this dependency.
References:
- https://pypi.org/project/pysaml2/6.5.0/
- https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0
-
https://github.com/IdentityPython/pysaml2/blob/master/CHANGELOG.md#650-2021…
- https://github.com/IdentityPython/pysaml2/security/advisories
Cheers,
On Thu, 7 Jan 2021 at 14:40, Ivan Kanakarakis <ivan.kanak at gmail.com> wrote:
Dear users of IdentityPython,
this is a heads-up about two vulnerabilities affecting pySAML2.
Software that uses pySAML2 is indirectly affected, too (ie, SATOSA).
The issues were reported to the IdentityPython incident-response
mailing list and we have been working on a mitigation. A new version
of pySAML2 that includes the fixes will be released on Wednesday
20th of January between 13:00 CET and 17:00 CET. We urge
everyone to be prepared to update their setup to the latest version.
Kind regards,
Ivan Kanakarakis on behalf of the incident-response team
--
Ivan c00kiemon5ter Kanakarakis >:3