SimpleSAMLphp Security Upgrade

Created on 18 March 2025, 19 days ago

Problem/Motivation

A high-severity vulnerability in OpenSAML and SimpleSAMLphp has been identified that could allow signature confusion and lead to an SSO forgery/impersonation attack. It can impact all implementations that include them. As a result, OpenSAML and SimpleSAMLphp should be updated to their latest versions as soon as possible.

More information here: https://safecomputing.umich.edu/security-alerts/update-opensaml-and-simplesamlphp-vulnerability

Steps to reproduce

Proposed resolution

Update the module and its composer json to use at least SimpleSAMLphp 2.3.7

Remaining tasks

User interface changes

API changes

Data model changes

📌 Task

Status

Active

Version

4.0

Component

Code

Created by

🇪🇸Spain alvarodemendoza

Live updates comments and jobs are added and updated live.

Security
It is used for security vulnerabilities which do not need a security advisory. For example, security issues in projects which do not have security advisory coverage, or forward-porting a change already disclosed in a security advisory. See Drupal’s security advisory policy for details. Be careful publicly disclosing security vulnerabilities! Use the “Report a security vulnerability” link in the project page’s sidebar. See how to report a security issue for details.

Comments & Activities

Issue created by @alvarodemendoza
Comment 19 days ago →
🇺🇸United States DamienMcKenna NH, USA
There's an existing issue for this.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024