joshbnewton31080 / SecurityShepherd

Web and mobile application security training platform
https://owasp.org/www-project-security-shepherd/
GNU General Public License v3.0
0 stars 0 forks source link

Update dependency com.onelogin:java-saml to v2.6.0 - autoclosed #36

Closed mend-for-github-com[bot] closed 2 years ago

mend-for-github-com[bot] commented 2 years ago

This PR contains the following updates:

Package Change Age Adoption Passing Confidence
com.onelogin:java-saml 2.5.0 -> 2.6.0 age adoption passing confidence

By merging this PR, the below issues will be automatically resolved and closed:

Severity CVSS Score CVE GitHub Issue
High 9.1 WS-2018-0629 #9
High 7.5 CVE-2021-40690 #3

Release Notes

onelogin/java-saml ### [`v2.6.0`](https://togithub.com/onelogin/java-saml/releases/v2.6.0) [Compare Source](https://togithub.com/onelogin/java-saml/compare/v2.5.0...v2.6.0) - Check that the certificate of the XML matches the value registered (cert/fingerprint) before validating signature to be able identify such issue. - [218](https://togithub.com/onelogin/java-saml/issues/218) Exposing statuscode and substatuscode through toolkit. - [233](https://togithub.com/onelogin/java-saml/pull/233) When checking IdP Settings, verify with multiple possible IdP certs. - [240](https://togithub.com/onelogin/java-saml/pull/240) Support KeyStore file for SP. Also [243](https://togithub.com/onelogin/java-saml/pull/243) - [244](https://togithub.com/onelogin/java-saml/pull/244) Add StatusCode support for logout response - [232](https://togithub.com/onelogin/java-saml/commit/fd80067b0d77cf6a8fb8fabe24df2fccf6cb10e3) Make Fingerprint check case insensitive - Allow duplicated names in AttributeStatement by configuration. \-[253](https://togithub.com/onelogin/java-saml/pull/253) Expose validation exception in Saml classes - Support NameID Encryptation with MultiCert - [276](https://togithub.com/onelogin/java-saml/pull/276) Fix signature validation issue when using fingerprint and sha256 alg - [272](https://togithub.com/onelogin/java-saml/pull/272/files) Fix format time issues - [284](https://togithub.com/onelogin/java-saml/pull/284) fix nameidNameQualifier typo on logout example - [283](https://togithub.com/onelogin/java-saml/issues/283) Expose a constructor for SamlResponse class which doesn't require HttpRequest - [250](https://togithub.com/onelogin/java-saml/issues/250) Add a stay parameter to Auth processSlo - Make ProtocolBinding in the AuthnRequest configurable - Metadata constructor now will not set a validUntilTime/cacheDuration if a null parameter is added, if no param provided, it will take constant values. - Update dependencies - Update the .java-version file to 1.8