ayr-ton / kamu

You favorite book library
MIT License
75 stars 35 forks source link

Update pysaml2 to fix known vulnerability #87

Closed ayr-ton closed 4 years ago

ayr-ton commented 5 years ago

https://github.com/ayr-ton/kamu/network/alerts

Currently, there's no updated version that fixes this issue, I'm one of the maintainers of this plugin.

As this plugin is not an authentication backend for Django we may or update the plugin for supporting this or migrate to a new one that supports this.

Also, there's always the possibility of just fixing the initialization vector across encryptions and release a new plugin version with this.

macecchi commented 4 years ago

pysaml2 was already updated.