The IdP now sends the NotOnOrAfter attribute in LogoutRequest messages.
We now have full support for selecting the correct AssertionConsumerService endpoint based on parameters in the authentication request.
As a side effect of this, an IdP may start sending responses to a new AssertionConsumerService endpoint after upgrade.
(This should only happen in the case where it sent the response to the wrong endpoint before.)
The SP no longer incorrectly returns PartialLogout as a status code in a LogoutResponse after the local session has expired.