Skip to content

Commit 3a9d1fe

Browse files
pitbulkpitbulk
committed
Release 1.4.0
1 parent b5c6c4d commit 3a9d1fe

File tree

3 files changed

+23
-1
lines changed

3 files changed

+23
-1
lines changed

README.md

Lines changed: 4 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,9 @@
11
# Ruby SAML [![Build Status](https://secure.travis-ci.org/onelogin/ruby-saml.png)](http://travis-ci.org/onelogin/ruby-saml) [![Coverage Status](https://coveralls.io/repos/onelogin/ruby-saml/badge.svg?branch=master%0A)](https://coveralls.io/r/onelogin/ruby-saml?branch=master%0A) [![Gem Version](https://badge.fury.io/rb/ruby-saml.svg)](http://badge.fury.io/rb/ruby-saml)
22

3+
## Updating from 1.3.x to 1.4.X
4+
5+
Version `1.4.0` is a recommended update for all Ruby SAML users as it includes security improvements.
6+
37
## Updating from 1.2.x to 1.3.X
48

59
Version `1.3.0` is a recommended update for all Ruby SAML users as it includes security fixes. It adds security improvements in order to prevent Signature wrapping attacks. [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697)

changelog.md

Lines changed: 18 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,23 @@
11
# RubySaml Changelog
22

3+
### 1.4.0 (October 13, 2016)
4+
* Several security improvements:
5+
* Conditions element required and unique.
6+
* AuthnStatement element required and unique.
7+
* SPNameQualifier must math the SP EntityID
8+
* Reject saml:Attribute element with same “Name” attribute
9+
* Reject empty nameID
10+
* Require Issuer element. (Must match IdP EntityID).
11+
* Destination value can't be blank (if present must match ACS URL).
12+
* Check that the EncryptedAssertion element only contains 1 Assertion element.
13+
14+
* [#335](https://github.com/onelogin/ruby-saml/pull/335) Explicitly parse as XML and fix setting of Nokogiri options.
15+
* [#345](https://github.com/onelogin/ruby-saml/pull/345)Support multiple settings.auth_context
16+
* More tests to prevent XML Signature Wrapping
17+
* [#342](https://github.com/onelogin/ruby-saml/pull/342) Correct the usage of Mutex
18+
* [352](https://github.com/onelogin/ruby-saml/pull/352) Support multiple AttributeStatement tags
19+
20+
321
### 1.3.1 (July 10, 2016)
422
* Fix response_test.rb of gem 1.3.0
523
* Add reference to Security Guidelines

lib/onelogin/ruby-saml/version.rb

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
11
module OneLogin
22
module RubySaml
3-
VERSION = '1.3.1'
3+
VERSION = '1.4.0'
44
end
55
end

0 commit comments

Comments
 (0)