Release 1.5.0

pitbulk · pitbulk · commit 29e1b51c1d83 · 2019-01-29T18:14:20.000+01:00
diff --git a/README.md b/README.md
@@ -14,6 +14,8 @@ This version supports Python3, There is a separate version that only support Pyt
 
 #### Warning ####
 
+Update python3-saml to 1.5.0, this version includes security improvements for preventing XEE and Xpath Injections.
+
 Update python3-saml to 1.4.0, this version includes a fix for the [CVE-2017-11427](https://www.cvedetails.com/cve/CVE-2017-11427/) vulnerability.
 
 This version also changes how the calculate fingerprint method works, and will expect as input a formatted x509 certificate
diff --git a/changelog.md b/changelog.md
@@ -1,4 +1,14 @@
 # python3-saml changelog
+### 1.5.0 (Jan 29, 2019)
+* Security improvements. Use of tagid to prevent XPath injection. Disable DTD on fromstring defusedxml method
+* [#97](https://github.com/onelogin/python3-saml/pull/97) Check that the response has all of the AuthnContexts that we provided
+* Adapt renders from Django demo for Django 1.11 version
+* Update pylint dependency to 1.9.1
+* If debug enable, print reason for the SAMLResponse invalidation
+* Fix DSA constant
+* [#106](https://github.com/onelogin/python3-saml/pull/106) Support NameID children inside of AttributeValue elements
+* Start using flake8 for code quality
+
 ### 1.4.1 (Apr 25, 2018)
 * Add ID to EntityDescriptor before sign it on add_sign method.
 * Update defusedxml, coveralls and coverage dependencies
diff --git a/setup.py b/setup.py
@@ -9,7 +9,7 @@
 
 setup(
     name='python3-saml',
-    version='1.4.1',
+    version='1.5.0',
     description='Onelogin Python Toolkit. Add SAML support to your Python software using this library',
     classifiers=[
         'Development Status :: 5 - Production/Stable',
