Release 1.18.1

pitbulk · pitbulk · commit 8c395b5d75a2 · 2025-07-29T20:51:00.000+02:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,8 @@
 # Ruby SAML Changelog
 
+### 1.18.1  (Jul 29, 2025)
+* Fix vulnerability CVE-2025-54572 Prevent DOS due large SAML Message
+
 ### 1.18.0  (Mar 12, 2025)
 * [#750](https://github.com/SAML-Toolkits/ruby-saml/pull/750) Fix vulnerabilities: CVE-2025-25291, CVE-2025-25292: SAML authentication bypass via Signature Wrapping attack allowed due parser differential. Fix vulnerability: CVE-2025-25293: Potential DOS abusing of compressed messages.
 * [#718](https://github.com/SAML-Toolkits/ruby-saml/pull/718/) Add support to retrieve from SAMLResponse the AuthnInstant and AuthnContextClassRef values
diff --git a/README.md b/README.md
@@ -34,6 +34,9 @@ Thanks to the following sponsors for securing the open source ecosystem,
 
 ## Vulnerabilities
 
+CVE-2025-54572 affects version ruby-saml < 1.18.1
+
+
 There are critical vulnerabilities affecting ruby-saml < 1.18.0, two of them allows SAML authentication bypass (CVE-2025-25291, CVE-2025-25292, CVE-2025-25293). Please upgrade to a fixed version (1.18.0)
 
 ## Overview
diff --git a/lib/onelogin/ruby-saml/version.rb b/lib/onelogin/ruby-saml/version.rb
@@ -1,5 +1,5 @@
 module OneLogin
   module RubySaml
-    VERSION = '1.18.0'
+    VERSION = '1.18.1'
   end
 end
