3:04 p.m.
Hello again,
I have released SATOSA v7.0.2 which sets the minimum pysaml2 version
to the one that contains the fixes.
If users don't want or cannot upgrade their SATOSA version, they can
always update just the dependency.
References:
- https://pypi.org/project/SATOSA/7.0.2/
- https://github.com/IdentityPython/SATOSA/releases/tag/v7.0.2
Cheers,
On Wed, 20 Jan 2021 at 15:09, Ivan Kanakarakis <ivan.kanak at gmail.com> wrote:
Hello everyone,
PySAML2 v6.5.0 has been released.
This is a security release with fixes for the two vulnerabilities that
we had mentioned before.
We urge you to update your setup to the latest pySAML2 version.
A new SATOSA release is on its way to accommodate for the security
release of this dependency.
References:
- https://pypi.org/project/pysaml2/6.5.0/
- https://github.com/IdentityPython/pysaml2/releases/tag/v6.5.0
-
https://github.com/IdentityPython/pysaml2/blob/master/CHANGELOG.md#650-2021…
- https://github.com/IdentityPython/pysaml2/security/advisories
Cheers,
On Thu, 7 Jan 2021 at 14:40, Ivan Kanakarakis <ivan.kanak at gmail.com> wrote:
--
Ivan c00kiemon5ter Kanakarakis >:3
Dear users of IdentityPython,
this is a heads-up about two vulnerabilities affecting pySAML2.
Software that uses pySAML2 is indirectly affected, too (ie, SATOSA).
The issues were reported to the IdentityPython incident-response
mailing list and we have been working on a mitigation. A new version
of pySAML2 that includes the fixes will be released on Wednesday
20th of January between 13:00 CET and 17:00 CET. We urge
everyone to be prepared to update their setup to the latest version.
Kind regards,
Ivan Kanakarakis on behalf of the incident-response team
--
Ivan c00kiemon5ter Kanakarakis >:3