Page tree

Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The oldest SP 3 version unaffected by fixable vulnerabilities is 3.0.3 used with xml-security-c xmltooling >= 23.0.24

VersionEOLUser Data ExposureResource ExposureSession HijackingDenial of ServiceRemote ExploitAdvisories
All
XX
XX

2018-08-03, 2018-01-23, 2014-04-09, 2011-10-24

3.0.4






3.0.3Mar 2019


X
2019-03-11
3.0.2Dec 2018


X
2018-12-19a
3.0.1Aug 2018XX
XX
3.0.0Jul 2018


X

...

DateTitleAffectsSeverityCVE
2019-03-11

XML parser class fails to trap exceptions on malformed XML declaration

SP w/ libxmltooling < 3.0.4moderateCVE-2019-9628
2018-12-19

Shibboleth SP software crashes on malformed date/time content

SP < 3.0.3moderate
2018-08-03

Shibboleth SP software crashes on malformed KeyInfo content

SP w/ libxml-security-c < 2.0.2high
2018-01-23Implications of ROBOT TLS vulnerabilityAllhigh
2014-04-09OpenSSL "Heartbleed" vulnerability

SP or IDP w/ OpenSSL 1.0.1 - 1.0.1f

very high

CVE-2014-0160

2011-10-24Use of XML Encryption Vulnerable to Chosen Ciphertext AttacksSP and IdP, all versionsmoderate