SimpleSAMLphp changelog
This document lists the changes between versions of SimpleSAMLphp. See the upgrade notes for specific information about upgrading.
Version 2.0.5
Released TBD
Version 2.0.4
Released 2023-05-12
- The source that was selected by the SourceSelector is now available in the state.
- The zone that was selected by the SourceIPSelector is now available in the state.
-
The defaultSource for the SourceIPSelector can now be set to
null
. If none of the zones are matched, a NotFound exception will be thrown. - It is now possible to set a default AuthnContext in the RequestedAuthnContextSelector.
- Fixed a bug in MDQ metadata expiration
- Resolved a possible object injection vulnerability in MDQ metadata cache
- Restored the possibility to use HTTP-Artifact binding on AuthnRequests
- Removed unused private method MetaDataStorageSource::getDynamicHostedUrl (leftover from entityid generation)
- Bumped simplesamlphp-assets-base
ldap
- Fixed loading the options-array from configuration (v2.1.6)
- Properly escape user-input in ldap filters (v2.1.7)
saml2
- Fixed a static call to a non-static function that caused a broken artifact binding (v4.6.8)
Version 2.0.3
Released 2023-03-29
- Fix exception when translation-file does not exist
- Correct host in generated URLS for IdPs with 'host' config in admin/federation (#1774, #1781)
- Restore dev-autoloader (#1795)
authyubikey
- The module wasn't fully compatible with SSP 2.0 yet (v2.0.1)
cas
- Fixed a broken controller (simplesamlphp/simplesamlphp-module-cas#6) (v1.1.2)
saml2debug
- Fixed a broken controller (simplesamlphp/simplesamlphp-module-saml2debug#4) (v1.0.5)
Version 2.0.2
Released 2023-03-10
- Fixed the broken 2.0.1 release by restoring an accidentally removed file
Version 2.0.1
Released 2023-03-10
- The language-menu on mobile devices was fixed
- Fix some issues with logout (#1776, #1780, #1785)
-
The
loginpage_links
functionality for authsources was restored and documented (#1770, #1773) - Several issues regarding the use of the back-button were fixed (#1720)
- Many fixes in documentation
- Fixed config/authsources.php.dist so you can just rename it for new deployments to get you started (#1771)
- Fixed UTF-8 encoding for metadata output
-
Fixed incompatibility with SSP 2.0 for the following modules;
- consent
- consentadmin
- consentsimpleadmin
- exampleattributeserver
- expirycheck
- memcachemonitor
- memcookie
- metaedit
- negotiate
- negotiateext
- preprodwarning
- saml2debug
- sanitycheck
- sqlauth
authtwitter
- A legacy route was added for backwards compatibility
- Docs have been updated
ldap
- Fixed the possibility to return ALL attributes (simplesamlphp/simplesamlphp-module-ldap#39)
- Restored the possibility to use anonymous bind (simplesamlphp/simplesamlphp-module-ldap#41)
negotiate
- Added support for multi-realm environments
statistics
- Fixed missing script-tag to load jQuery
- Fixed static calls to SSP utilities
- Docs have been updated
Version 2.0.0
Released 2023-02-23
- Many changes, upgrades and improvements since the 1.x series.
- Most notably the new templating system based on Twig, a new localization system based on gettext.
- Most modules have been moved out of the core package but can easily be installed on-demand as required via composer.
- Better conformance by default to the SAML2INT standard.
- Code cleanups, improvements and simplifications.
- Improved test coverage and more use of standard libraries.
- Compatibility with modern versions of PHP.
-
Various new features, including:
- SAML SubjectID and Pairwise ID support
-
Accepting unsolicited responses can be disabled by setting
enable_unsolicited
tofalse
in the SP authsource. - Certificates and private keys can now be retrieved from a database
- Support for Redis sentinel was added.
- Please read the upgrade notes for 2.0 because this release breaks backwards compatibility in a number of places.