Page tree

Get started by adding some pages to this space. Create page.

Skip to end of metadata
Go to start of metadata

You can follow this space for news about the project and software releases, though it is strongly advised that you subscribe to the announce mailing list instead. There may be lag in important information appearing here.

The Shibboleth Project has released a security advisory https://shibboleth.net/community/advisories/secadv_20180803.txt that highlights a bug corrected in a third-party library that addresses a denial of service vulnerability in the SP. Updated packages are available that correct the issue. Note that this is the first issue that impacts SP V2 that cannot efficiently be addressed by the project,…
A second SP patch release has been made available to fix more bugs identified by early adopters and make other library updates available to Windows deployers. Additional patch releases may be warranted as more adoption and testing occurs so please stay tuned to the announce https://shibboleth.net/mailman/listinfo/announce list.
An SP patch release has been quickly made available to fix some major problems identified by early adopters. Additional patch releases may be warranted as more adoption and testing occurs so please stay tuned to the announce https://shibboleth.net/mailman/listinfo/announce list.
The Shibboleth Project has released https://shibboleth.net/pipermail/announce/2018-July/000183.html the first major upgrade to the Service Provider software in a number of years. It is a backward-compatible release designed to be a direct upgrade for existing deployments. This release provides long-awaited support for OpenSSL 1.1 to facilitate availability in newer Linux distributions.
The Shibboleth Project has announced http://shibboleth.net/pipermail/announce/2018-May/000181.html the release of V3.3.3 https://shibboleth.net/downloads/identity-provider/3.3.3/ of the Identity Provider software, a patch upgrade. This release is in conjunction with a security advisory https://shibboleth.net/community/advisories/secadv_20180516.txt.
The Shibboleth Project has released a security advisory https://shibboleth.net/community/advisories/secadv_20180516.txt that involves a vulnerability to information disclosure via the CAS protocol. A patch release is now available https://shibboleth.net/downloads/identity-provider/3.3.3/ that corrects the issue.
The Shibboleth Project has released a security advisory https://shibboleth.net/community/advisories/secadv_20180227.txt that involves the XML processing performed by the Service Provider. An xmltooling patch update, V1.6.4, is available that corrects the issue on all platforms.
The Shibboleth Project has released a security advisory https://shibboleth.net/community/advisories/secadv_20180112.txt that involves the XML processing performed by the Service Provider on a subset of platforms limited to an older version of the Xerces library. An xmltooling patch update, V1.6.3, is available that corrects the issue on platforms not already protected by an updated XML parser.
The Shibboleth Project has released a security advisory https://shibboleth.net/community/advisories/secadv_20171115.txt that involves the Dynamic MetadataProvider feature in the Service Provider. A patch update, V2.6.1, is available http://shibboleth.net/pipermail/announce/2017-November/000168.html that corrects the issue.
 The Shibboleth Project has released V2.6.1 of the Service Provider software, to correct a security issue https://shibboleth.net/community/advisories/secadv_20171115.txt. Release notes for this release and previous versions are here https://wiki.shibboleth.net/confluence/display/SHIB2/NativeSPReleaseNotes.
The Shibboleth Project has announced http://shibboleth.net/pipermail/announce/2017-October/000166.html the release of V3.3.2 https://shibboleth.net/downloads/identity-provider/3.3.2/ of the Identity Provider software, a patch upgrade. This release is in conjunction with a security advisory https://shibboleth.net/community/advisories/secadv_20171004.txt.
The Shibboleth Project has released a security advisory https://shibboleth.net/community/advisories/secadv_20171004.txt that involves a potential MITM attack against LDAP data connections using "ldaps". A patch release is now available https://shibboleth.net/downloads/identity-provider/3.3.2/ that corrects the issue and takes steps to prevent its recurrence.
The Consortium announced http://shibboleth.net/pipermail/announce/2017-August/000163.html a change coming in the near future to the subsidization of technical support via our development team. The change, in brief, is that the Consortium will be funding the development team to provide technical support only to actual members https://www.shibboleth.net/consortium/ of the Consortium and not to the community at large. An open support list for the community will continue to exist,…
The Shibboleth Consortium board held a pair of webinars on March 29th to outline the state of the consortium's finances and begin to gather input from members and non-members on next steps to address sustainability. The slides from this introductory session are available from http://shibboleth.net/documents/ShibCommunityWebinar-2017-03-29.pdf http://shibboleth.net/documents/ShibCommunityWebinar-2017-03-29.pdf
The Shibboleth Project has announced http://shibboleth.net/pipermail/announce/2017-March/000157.html the release of V3.3.1 http://shibboleth.net/downloads/identity-provider/3.3.1/ of the Identity Provider software, a patch upgrade. This release is in conjunction with a security advisory https://shibboleth.net/community/advisories/secadv_20170315.txt.
The Shibboleth Project has released a security advisory https://shibboleth.net/community/advisories/secadv_20170315.txt that involves possibly bypass of second factor authentication requirements in certain less common scenarios described in the advisory. A patch release is now available https://shibboleth.net/downloads/identity-provider/3.3.1/ that corrects the issue.
The Shibboleth Project has announced http://shibboleth.net/pipermail/announce/2016-November/000154.html the release of V3.3.0 https://shibboleth.net/downloads/identity-provider/3.3.0/ of the Identity Provider software, a major feature upgrade. This release is in conjunction with an OpenSAML-J feature release, V3.3.0.  
A service update to the Windows Service Provider installers is now available to deliver updated versions of OpenSSL and libcurl to address minor security issues in those libraries. Details are in the announcement http://shibboleth.net/pipermail/announce/2016-November/000153.html.
The Shibboleth Project has released a security advisory https://shibboleth.net/community/advisories/secadv_20161027.txt that involves the LDAPConnector feature in the Identity Provider. The advisory describes a temporary workaround, and a forthcoming IdP release due within the next few weeks will permanently correct the issue.
 The Shibboleth Project has released V2.6.0 of the Service Provider software, the first feature upgrade in several years. This release includes a permanent fix for the security issue described in the advisory https://shibboleth.net/community/advisories/secadv_20160504.txt last month, a number of other new features and bug fixes, and (on Windows) includes a new version of the Xerces XML parser that addresses a vulnerability http://xerces.apache.org/xerces-c/secadv/CVE-2016-4463.…


  • No labels