[HREF-tech] Fwd: Security issue in SimpleSAMLphp
Frank Tamás
frank.tamas at wigner.mta.hu
2019. Nov. 1., P, 16:11:49 CET
Fontos infó azok számára, akik SP-t üzemeltetnek SimpleSAMLphp alapon.
--
sitya
2019. november 1., péntek 14:33:20 UTC+1 időpontban Jaime Pérez a következőt írta:
> Hi all,
>
> We have been made aware of a security issue affecting all SimpleSAMLphp instances deployed as a service provider (basically, using SimpleSAMLphp to protect access to your application). This issue has been deemed critical, and will therefore need an urgent update. We will be releasing SimpleSAMLphp 1.17.7 during next Wednesday the 6th of November, at a time yet to be determined. We urge all SimpleSAMLphp users to make sure they are running the current stable version, so that upgrading to the new release doesn’t have any side effects, and to be prepared to upgrade their deployments as soon as the new stable release is published.
>
> The details of the issue are embargoed for the time being, but will be made public after the bugfix release has been published. CVE 2019-3465 has been assigned to this issue.
>
> --
> Jaime Pérez
> Uninett / Feide
>
> PGP: 9A08 EA20 E062 70B4 616B 43E3 562A FE3A 6293 62C2
> https://keybase.io/jaimeperez
További információk a(z) HREF-tech levelezőlistáról