We are planning to do an IdP update at 15:00 next Thursday. There should be no user-visible changes due to this update, nor will it affect the SAML 2.0 messages sent and received by the IdP.
This update will add a fix for a user-assisted cross site scripting vulnerability in simpleSAMLphp.
In addition there is a minor change in the timeout when connecting to the consent database. (In some rare cases the timeout was not long enough, which would result in the user unnecessarily being asked for consent.
We also have a change in the generation of the "feideSchoolList" attribute, which should make it more lenient towards a common error in the user directories.
The update will bring us from revision 3000 of simpleSAMLphp to revision 3009. The full changelog can be viewed here:
http://code.google.com/p/simplesamlphp/source/list?path=/trunk/&start=30...
Only the change for the cross-site scripting problem should have any effect on the Feide IdP. There are also some changes for properly handling the "pt-BR" language code, but that language is not enabled.
The update has been deployed on idp-test.feide.no, and can be tested using any test SPs connected to Feide, e.g. https://sp-test.feide.no/ .
If you have any questions or concerns wrt. this update, please contact us at moria-support@uninett.no.
Best regards, Olav Morken UNINETT / Feide
On Tue, Jan 10, 2012 at 15:40:29 +0100, Olav Morken wrote:
We are planning to do an IdP update at 15:00 next Thursday. There should be no user-visible changes due to this update, nor will it affect the SAML 2.0 messages sent and received by the IdP.
This update will add a fix for a user-assisted cross site scripting vulnerability in simpleSAMLphp.
In addition there is a minor change in the timeout when connecting to the consent database. (In some rare cases the timeout was not long enough, which would result in the user unnecessarily being asked for consent.
We also have a change in the generation of the "feideSchoolList" attribute, which should make it more lenient towards a common error in the user directories.
The update will bring us from revision 3000 of simpleSAMLphp to revision 3009. The full changelog can be viewed here:
http://code.google.com/p/simplesamlphp/source/list?path=/trunk/&start=3009
Only the change for the cross-site scripting problem should have any effect on the Feide IdP. There are also some changes for properly handling the "pt-BR" language code, but that language is not enabled.
The update has been deployed on idp-test.feide.no, and can be tested using any test SPs connected to Feide, e.g. https://sp-test.feide.no/ .
If you have any questions or concerns wrt. this update, please contact us at moria-support@uninett.no.
This update has been running in production for about 10 minutes now, and so far we have not detected any problems with it. As usual, please let us know if you see any problems related to the latest update.
Best regards, Olav Morken UNINETT / Feide