Closed srd90 closed 1 year ago
Today (18th October 2022) its been 7 days since this: https://github.com/node-saml/passport-saml/security/advisories/GHSA-m974-647v-whv7 (and first fix 3.2.2 was released 7 days ago).
gluu-passport is still using vulnerable version (3.2.1) of passport-saml: https://github.com/GluuFederation/gluu-passport/blob/83f83c8945ef02ce70173d2fe48abbe848d5ff84/package-lock.json Related dependabot PRs:
GluuFederation/inbound-saml is also using vulnerable 3.2.1 version: https://github.com/GluuFederation/inbound-saml/blob/7ee42f5f84c577f252edc3cfd4f1e45d03d9c172/yarn.lock Related dependabot PRs
Let me touch passport team...
done at gluu-passport. create new one for inbound-saml https://github.com/GluuFederation/inbound-saml/issues/191
Today (18th October 2022) its been 7 days since this: https://github.com/node-saml/passport-saml/security/advisories/GHSA-m974-647v-whv7 (and first fix 3.2.2 was released 7 days ago).
gluu-passport is still using vulnerable version (3.2.1) of passport-saml: https://github.com/GluuFederation/gluu-passport/blob/83f83c8945ef02ce70173d2fe48abbe848d5ff84/package-lock.json Related dependabot PRs:
GluuFederation/inbound-saml is also using vulnerable 3.2.1 version: https://github.com/GluuFederation/inbound-saml/blob/7ee42f5f84c577f252edc3cfd4f1e45d03d9c172/yarn.lock Related dependabot PRs