Skip to content

Commit 27bce00

Browse files
pitbulkpitbulk
committed
Release 2.4.0
1 parent 826f4f5 commit 27bce00

File tree

3 files changed

+13
-1
lines changed

3 files changed

+13
-1
lines changed

README.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -14,6 +14,10 @@ Python3: [python3-saml](https://github.com/onelogin/python3-saml).
1414

1515
#### Warning ####
1616

17+
Update python-saml to 2.4.0, this version includes a fix for the [CVE-2017-11427](https://www.cvedetails.com/cve/CVE-2017-11427/) vulnerability.
18+
19+
That version also change how calculate fingerprint method works, and will expect as input a formatted x509 certificate
20+
1721
Update python-saml to 2.2.3, this version replaces some etree.tostring calls, that were introduced recently, by the sanitized call provided by defusedxml
1822

1923
Update python-saml to 2.2.0, this version includes a security patch that contains extra validations that will prevent signature wrapping attacks. [CVE-2016-1000252](https://github.com/distributedweaknessfiling/DWF-Database-Artifacts/blob/master/DWF/2016/1000252/CVE-2016-1000252.json)

changelog.md

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,12 @@
11
# python-saml changelog
2+
### 2.4.0 (Feb 27, 2018)
3+
* Fix vulnerability [CVE-2017-11427](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11427). Process text of nodes properly, ignoring comments
4+
* Improve how fingerprint is calcultated
5+
* Fix issue with LogoutRequest rejected by ADFS due NameID with unspecified format instead no format attribute
6+
* Be able to invalidate a SAMLResponse if it contains InResponseTo value but no RequestId parameter provided at the is_valid method. See rejectUnsolicitedResponsesWithInResponseTo security parameter (By default deactivated)
7+
* Fix signature position in the SP metadata
8+
* Redefine NSMAP constant
9+
210
### 2.3.0 (Sep 15, 2017)
311
* [#205](https://github.com/onelogin/python-saml/pull/205) Improve decrypt method, Add an option to decrypt an element in place or copy it before decryption.
412
* [#204](https://github.com/onelogin/python-saml/pull/204) On a LogoutRequest if the NameIdFormat is entity, NameQualifier and SPNameQualifier will be ommited. If the NameIdFormat is not entity and a NameQualifier is provided, then the SPNameQualifier will be also added.

setup.py

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,7 @@
99

1010
setup(
1111
name='python-saml',
12-
version='2.3.0',
12+
version='2.4.0',
1313
description='Onelogin Python Toolkit. Add SAML support to your Python software using this library',
1414
classifiers=[
1515
'Development Status :: 5 - Production/Stable',

0 commit comments

Comments
 (0)