Skip to content

1.17.0 (Sep 10, 2024)

Latest
Compare
Choose a tag to compare
@pitbulk pitbulk released this 10 Sep 17:23
· 5 commits to master since this release

1.17.0 (Sep 10, 2024)

  • Fix for critical vulnerability CVE-2024-45409: SAML authentication bypass via Incorrect XPath selector
  • #687 Add CI coverage for Ruby 3.3 and Windows.
  • #673 Add Settings#sp_cert_multi paramter to facilitate SP certificate and key rotation.
  • #673 Support multiple simultaneous SP decryption keys via Settings#sp_cert_multi parameter.
  • #673 Deprecate Settings#certificate_new parameter.
  • #673 :check_sp_cert_expiration will use the first non-expired certificate/key when signing/decrypting. It will raise an error only if there are no valid certificates/keys.
  • #673 :check_sp_cert_expiration now validates the certificate not_before condition; previously it was only validating not_after.
  • #673 :check_sp_cert_expiration now causes the generated SP metadata to exclude any inactive/expired certificates.