Skip to content

Releases: SAML-Toolkits/ruby-saml

1.17.0 (Sep 10, 2024)

10 Sep 17:23
Compare
Choose a tag to compare

1.17.0 (Sep 10, 2024)

  • Fix for critical vulnerability CVE-2024-45409: SAML authentication bypass via Incorrect XPath selector
  • #687 Add CI coverage for Ruby 3.3 and Windows.
  • #673 Add Settings#sp_cert_multi paramter to facilitate SP certificate and key rotation.
  • #673 Support multiple simultaneous SP decryption keys via Settings#sp_cert_multi parameter.
  • #673 Deprecate Settings#certificate_new parameter.
  • #673 :check_sp_cert_expiration will use the first non-expired certificate/key when signing/decrypting. It will raise an error only if there are no valid certificates/keys.
  • #673 :check_sp_cert_expiration now validates the certificate not_before condition; previously it was only validating not_after.
  • #673 :check_sp_cert_expiration now causes the generated SP metadata to exclude any inactive/expired certificates.

1.12.3 (Sep 10, 2024)

10 Sep 17:22
Compare
Choose a tag to compare
  • Fix for critical vulnerability CVE-2024-45409: SAML authentication bypass via Incorrect XPath selector

1.16.0 (Oct 09, 2023)

09 Oct 15:31
Compare
Choose a tag to compare
  • #671 Add support on LogoutRequest with Encrypted NameID

1.15.0 (Jan 04, 2023)

04 Jan 11:42
Compare
Choose a tag to compare
  • #650 Replace strip! by strip on compute_digest method
  • #638 Fix dateTime format for the validUntil attribute of the generated metadata
  • #576 Support idp cert multi with string keys
  • #567 Improve Code quality
  • Add info about new repo, new maintainer, new security contact
  • Fix tests, Adjust dependencies, Add Ruby 3.2 and new JRuby versions tests to the CI. Add coveralls support

1.14.0 (Feb 01, 2022)

01 Feb 17:17
c38d724
Compare
Choose a tag to compare
  • #627 Support escape downcasing for validating SLO Signatures of ADFS/Azure
  • #633 Support ability to change ID prefix
  • Make the uuid editable on the SAML Messages generated by the toolkit
  • #622 Add security setting to more strictly enforce audience validation

1.13.0 (Sept 06, 2021)

06 Sep 17:51
Compare
Choose a tag to compare
  • #611 Replace MAX_BYTE_SIZE constant with setting: message_max_bytesize
  • #605 :allowed_clock_drift is now bidrectional
  • #614 Support :name_id_format option for IdpMetadataParser
  • #611 IdpMetadataParser should always set idp_cert_multi, even when there is only one cert
  • #610 New IDP sso/slo binding params which deprecate :embed_sign
  • #602 Refactor the OneLogin::RubySaml::Metadata class
  • #586 Support milliseconds in cacheDuration parsing
  • #585 Do not append " | " to StatusCode unnecessarily
  • #607 Clean up
  • Add warning about the use of IdpMetadataParser class and SSRF
  • CI: Migrate from Travis to Github Actions

1.12.2 (Apr 08, 2021)

12 Apr 23:22
bbb4fb6
Compare
Choose a tag to compare
  • 575 Fix SloLogoutresponse bug on LogoutRequest

1.12.1 (Apr 05, 2022)

05 Apr 21:25
79fc1d7
Compare
Choose a tag to compare
  • #577 Fix XPath typo incompatible with Rexml 3.2.5
  • Refactor GCM support

1.12.0 (Feb 18, 2021)

19 Feb 00:09
bbd954b
Compare
Choose a tag to compare
  • Support AES-128-GCM, AES-192-GCM, and AES-256-GCM encryptions
  • Parse & return SLO ResponseLocation in IDPMetadataParser & Settings
  • Adding idp_sso_service_url and idp_slo_service_url settings. IDPMetadataParser now parse_to_hash/parse_to_array methods now retrieve those params instead idp_sso_target_url and idp_slo_target_url
  • #536 Adding feth method to be able retrieve attributes based on regex
  • Reduce size of built gem by excluding the test folder
  • Improve protection on Zlib deflate decompression bomb attack.
  • Add ValidUntil and cacheDuration support on Metadata generator
  • Add support for cacheDuration at the IdpMetadataParser
  • Support customizable statusCode on generated LogoutResponse
  • #545 More specific error messages for signature validation
  • Support Process Transform
  • Raise SettingError if invoking an action with no endpoint defined on the settings
  • Made IdpMetadataParser more extensible for subclasses
  • #548 Add :skip_audience option
  • #555 Define 'soft' variable to prevent exception when doc cert is invalid
  • Improve documentation

1.11.0 (Jul 24, 2019)

24 Jul 16:29
Compare
Choose a tag to compare
  • Add support for certification expiration
  • Deprecate the use of settings.issuer. Use instead settings.sp_entity_id
  • Add security warning about the use of nokogiri on Readme