The SimpleSAMLphp library released a security update today: https://github.com/simplesamlphp/simplesamlphp/releases/tag/v1.14.10. The module's composer.json should be updated to require it.

A note to other users: this issue does not represent a security vulnerability or a defect in the Drupal module, and you can secure your implementation immediately without an update to this module. If you are using Composer to manage dependencies, you can update the library directly like so: composer update simplesamlphp/simplesamlphp

CommentFileSizeAuthor
#3 security_update_to-2832549-3.patch279 bytesgaards
#2 security_update_to-2832549-2.patch279 bytesTravisCarden
Support from Acquia helps fund testing for Drupal Acquia logo

Comments

TravisCarden created an issue. See original summary.

TravisCarden’s picture

TravisCarden CreditAttribution: TravisCarden at Acquia commented
Assigned: TravisCarden » Unassigned
Status: Active » Needs review
FileSize
security_update_to-2832549-2.patch279 bytes
gaards’s picture

gaards CreditAttribution: gaards commented
FileSize
security_update_to-2832549-3.patch279 bytes

SimpleSAMLphp released a new security update on December 12:
https://github.com/simplesamlphp/simplesamlphp/releases/tag/v1.14.11

Patch has been updated.

  • snufkin committed ed37d6f on 8.x-3.x authored by Maesteri 
    Issue #2832549 by TravisCarden, Maesteri: Security update to Composer...
snufkin’s picture

snufkin CreditAttribution: snufkin commented
Status: Needs review » Fixed

Sorry for the delay on this. I've pushed the fix now, please let me know if there are any regressions as a result of the updated dependency.

Status: Fixed » Closed (fixed)

Automatically closed - issue fixed for 2 weeks with no activity.