Blog from August, 2018

The Shibboleth Project has released a security advisory that highlights a bug corrected in a third-party library that addresses a denial of service vulnerability in the SP. Updated packages are available that correct the issue. Note that this is the first issue that impacts SP V2 that cannot efficiently be addressed by the project, so deployers should plan to upgrade to V3 to correct the issue unless they have a software supplier providing a backported fix.

A second SP patch release has been made available to fix more bugs identified by early adopters and make other library updates available to Windows deployers. Additional patch releases may be warranted as more adoption and testing occurs so please stay tuned to the announce list.