Skip to content

Commit

Permalink
Upgrade Stepup-saml-bundle to version 4.1.8
Browse files Browse the repository at this point in the history
This change will apply the countermeasures to harden against
CVE 2019-3465 and will effectively bump `robrichards/xmlseclibs` to
version 3.0.4
  • Loading branch information
MKodde committed Nov 7, 2019
1 parent 70f6d29 commit 4606ca2
Show file tree
Hide file tree
Showing 2 changed files with 30 additions and 39 deletions.
23 changes: 7 additions & 16 deletions CHANGELOG.md
Original file line number Diff line number Diff line change
@@ -1,15 +1,19 @@
# Changelog

## 3.0.1
This is a security release that will harden the application against CVE 2019-346
* Upgrade Stepup-saml-bundle to version 4.1.8

## 3.0.0 FGA (fine grained authorization)

The new fine grained authorization logic will allow Ra's from other institutions to accredidate RA's on behalf of another organisation. This is determined based on the institution configuration. https://github.com/OpenConext/Stepup-Deploy/wiki/rfc-fine-grained-authorization/b6852587baee698cccae7ebc922f29552420a296

**Features & Bugfixes**
The changes to SelfService in regards to the FGA changes only where to remain compatible with API changes made for Stepup-RA. No new features have been added.
The changes to RA in regards to the FGA changes only where to remain compatible with API changes made for Stepup-RA. No new features have been added.

## 2.10.8
**Improvement**
* Install security updates
This is a security release that will harden the application against CVE 2019-346
* Upgrade Stepup-saml-bundle to version 4.1.8

# 2.10.7
**Features**
Expand All @@ -32,19 +36,6 @@ The changes to SelfService in regards to the FGA changes only where to remain co
**Improvements**
* Open help in new tab #187
* Introduce multi-lingual logout redirect #186

## FGA (fine grained authorization)
**New features**

The new fine grained authorization logic will allow Ra's from other institutions to accredidate RA's on behalf of another organisation.
This is determined based on the institution configuration.
https://github.com/OpenConext/Stepup-Deploy/wiki/rfc-fine-grained-authorization/b6852587baee698cccae7ebc922f29552420a296

* Implement the new FGA feature #169 > # 182

## Develop
**Bugfixes**
* Fix the token sorting #185

## 2.10.3
**Bugfixes**
Expand Down
46 changes: 23 additions & 23 deletions composer.lock

Some generated files are not rendered by default. Learn more about how customized files appear on GitHub.

0 comments on commit 4606ca2

Please sign in to comment.