Security upgrade simplesamlphp to 1.17.7
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Mahara |
Fix Released
|
High
|
Unassigned | ||
18.10 |
Fix Released
|
High
|
Unassigned | ||
19.04 |
Fix Released
|
High
|
Unassigned | ||
19.10 |
Fix Released
|
High
|
Unassigned | ||
20.04 |
Fix Released
|
High
|
Unassigned |
Bug Description
From the folks at simplesamlphp:
"We have been made aware of a security issue affecting all SimpleSAMLphp
instances deployed as a service provider (basically, using SimpleSAMLphp
to protect access to your application). This issue has been deemed
critical, and will therefore need an urgent update. We will be releasing
SimpleSAMLphp 1.17.7 during next Wednesday the 6th of November, at a
time yet to be determined. We urge all SimpleSAMLphp users to make sure
they are running the current stable version, so that upgrading to the
new release doesn’t have any side effects, and to be prepared to upgrade
their deployments as soon as the new stable release is published.
The details of the issue are embargoed for the time being, but will be
made public after the bugfix release has been published. CVE 2019-3465
has been assigned to this issue."
Our sites are currently on 1.17.6 so the upgrade should be fairly painless
CVE References
information type: | Private Security → Public Security |
Changed in mahara: | |
status: | Fix Committed → Fix Released |
Changed in mahara: | |
milestone: | 20.04.0 → none |