Release 2.4.0

SAML-Toolkits · Feb 27, 2018 · 27bce00 · 27bce00
1 parent 826f4f5
commit 27bce00
Show file tree

Hide file tree

Showing 3 changed files with 13 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -14,6 +14,10 @@ Python3: [python3-saml](https://github.com/onelogin/python3-saml).
 
 #### Warning ####
 
+Update python-saml to 2.4.0, this version includes a fix for the [CVE-2017-11427](https://www.cvedetails.com/cve/CVE-2017-11427/) vulnerability.
+
+That version also change how calculate fingerprint method works, and will expect as input a formatted x509 certificate
+
 Update python-saml to 2.2.3, this version replaces some etree.tostring calls, that were introduced recently,  by the sanitized call provided by defusedxml
 
 Update python-saml to 2.2.0, this version includes a security patch that contains extra validations that will prevent signature wrapping attacks. [CVE-2016-1000252](https://github.com/distributedweaknessfiling/DWF-Database-Artifacts/blob/master/DWF/2016/1000252/CVE-2016-1000252.json)

diff --git a/changelog.md b/changelog.md
@@ -1,4 +1,12 @@
 # python-saml changelog
+### 2.4.0 (Feb 27, 2018)
+* Fix vulnerability [CVE-2017-11427](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11427). Process text of nodes properly, ignoring comments
+* Improve how fingerprint is calcultated
+* Fix issue with LogoutRequest rejected by ADFS due NameID with unspecified format instead no format attribute
+* Be able to invalidate a SAMLResponse if it contains InResponseTo value but no RequestId parameter provided at the is_valid method. See rejectUnsolicitedResponsesWithInResponseTo security parameter (By default deactivated)
+* Fix signature position in the SP metadata
+* Redefine NSMAP constant
+
 ### 2.3.0 (Sep 15, 2017)
 * [#205](https://github.com/onelogin/python-saml/pull/205) Improve decrypt method, Add an option to decrypt an element in place or copy it before decryption.
 * [#204](https://github.com/onelogin/python-saml/pull/204) On a LogoutRequest if the NameIdFormat is entity, NameQualifier and SPNameQualifier will be ommited. If the NameIdFormat is not entity and a NameQualifier is provided, then the SPNameQualifier will be also added.

diff --git a/setup.py b/setup.py
@@ -9,7 +9,7 @@
 
 setup(
     name='python-saml',
-    version='2.3.0',
+    version='2.4.0',
     description='Onelogin Python Toolkit. Add SAML support to your Python software using this library',
     classifiers=[
         'Development Status :: 5 - Production/Stable',