Merge pull request #227 from OpenConext/feature/cve-2019-3465-r17

Upgrade Stepup-saml-bundle to version 4.1.8
OpenConext · Nov 7, 2019 · 8bc5f7d · 8bc5f7d
2 parents 5da381f + 4606ca2
commit 8bc5f7d
Show file tree

Hide file tree

Showing 3 changed files with 35 additions and 39 deletions.
diff --git a/.travis.yml b/.travis.yml
@@ -36,3 +36,8 @@ branches:
     - master
     - develop
     - feature/fine-grained-authorization
+
+addons:
+  apt:
+    packages:
+      - ant
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,15 +1,19 @@
 # Changelog
 
+## 3.0.1
+This is a security release that will harden the application against CVE 2019-346
+ * Upgrade Stepup-saml-bundle to version 4.1.8 
+
 ## 3.0.0 FGA (fine grained authorization)
 
 The new fine grained authorization logic will allow Ra's from other institutions to accredidate RA's on behalf of another organisation. This is determined based on the institution configuration. https://github.com/OpenConext/Stepup-Deploy/wiki/rfc-fine-grained-authorization/b6852587baee698cccae7ebc922f29552420a296
 
 **Features & Bugfixes**
-The changes to SelfService in regards to the FGA changes only where to remain compatible with API changes made for Stepup-RA. No new features have been added.
+The changes to RA in regards to the FGA changes only where to remain compatible with API changes made for Stepup-RA. No new features have been added.
 
 ## 2.10.8
-**Improvement**
-* Install security updates
+This is a security release that will harden the application against CVE 2019-346
+ * Upgrade Stepup-saml-bundle to version 4.1.8 
 
 # 2.10.7
 **Features**
@@ -32,19 +36,6 @@ The changes to SelfService in regards to the FGA changes only where to remain co
 **Improvements**
 * Open help in new tab #187 
 * Introduce multi-lingual logout redirect #186 
-
-## FGA (fine grained authorization)
-**New features**
-
-The new fine grained authorization logic will allow Ra's from other institutions to accredidate RA's on behalf of another organisation.
-This is determined based on the institution configuration.
-https://github.com/OpenConext/Stepup-Deploy/wiki/rfc-fine-grained-authorization/b6852587baee698cccae7ebc922f29552420a296
-
-* Implement the new FGA feature #169 > # 182
-
-## Develop
-**Bugfixes**
-* Fix the token sorting #185
 
 ## 2.10.3
 **Bugfixes**

diff --git a/composer.lock b/composer.lock
-Original file line number
+Diff line change
@@ Expand Up / @@ -36,3 +36,8 @@ branches: @@
         - master
         - develop
         - feature/fine-grained-authorization
+    addons:
+      apt:
+        packages:
+          - ant