Blog from December, 2018

The Shibboleth Project has released a security advisory https://shibboleth.net/community/advisories/secadv_20181219.txt that involves a vulnerability to information disclosure via the CAS protocol.

The Shibboleth Project has released version 3.4.2 of the Identity Provider software, a patch upgrade. See the announcement for further details. This release is in conjunction with a security advisory.

The Shibboleth Project has released a security advisory regarding a denial of service vulnerability. Updated packages are available that correct the issue.

A third SP patch release has been made available to address a security issue and make other library updates available to Windows deployers. Additional patch releases may be warranted as more adoption and testing occurs so please stay tuned to the announce list.