Pulling upstream master by otb · Pull Request #1 · slides/ruby-saml

otb · 2016-10-06T18:42:34Z

No description provided.

Update Getting Started example

Fetch attribute value

…on. See #519

…e method

…end, only a valid_until value will be stored on the settings with the validUntil or cacheDuration related value that expires first

Add support for AES-GCM decryption

Backport JRuby test fix to master

docs: readme improvements

…d messages.

…ion bypass via Signature Wrapping attack allowed due parser differential

Security fixes: CVE-2025-25291, CVE-2025-25292 and CVE-2025-25293

Update ruby-saml version in README

…sues

Adapt tests and CI/CD improvements

Check message bytesize before Base64 validation

…w to force SP-Initiate flow and Prevent Reply Attacks

…Zlib::Inflate (#779) Improve the inflate method. Prevent potential DoS vulnerability in Zlib::Inflate by limiting the maximum decompressed size. The data is now inflated in chunks.

CVE-2025-66567 and CVE-2025-66568 affects ruby-saml <= 1.12.4. Use ruby-saml 1.18.1 instead.

Updated vulnerability notice to reflect affected versions.

pitbulk force-pushed the master branch 2 times, most recently from 571e9ee to 63e4b7a Compare October 19, 2016 11:19

pitbulk force-pushed the master branch 2 times, most recently from f814c0a to 0651e65 Compare December 12, 2016 12:26

pitbulk force-pushed the master branch from 2553c71 to debcf23 Compare May 18, 2017 18:57

pitbulk force-pushed the master branch from f8337f0 to f366365 Compare September 7, 2018 09:21

pitbulk force-pushed the master branch 7 times, most recently from 2eed006 to c72c2fc Compare December 26, 2018 13:44

pitbulk force-pushed the master branch from e5c7337 to bda2864 Compare November 5, 2019 12:15

pitbulk added 16 commits January 23, 2021 13:26

Adding idp_sso_service_url and idp_slo_service_url settings

6f8046e

Merge pull request #543 from bjacquet/patch-1

b3f2191

Update Getting Started example

Merge pull request #536 from JDrizzy/master

d3b5913

Fetch attribute value

Merge Parse & use SLO Response Location

03d6b41

Merge branch 'mentimeter-parse-responselocation' into 1.12.0-dev

206e6b8

Reduce size of built gem by excluding the test folder. See #538

2e2e9b2

Minimize Zlib deflate decompression bomb. See #383

533c84e

Update single logout code sample to encourage early session terminati…

4fe698c

…on. See #519

See #563 Add ValidUntil and cacheDuration support on Metadata generat…

92d6caf

…e method

Add support for cacheDuration at the IdpMetadataParser class, at the …

25cbddd

…end, only a valid_until value will be stored on the settings with the validUntil or cacheDuration related value that expires first

Support customizable statusCode on generated LogoutResponse

3f89d19

Merge pull request #557 from silppuri/support-aes-gcm

3783e22

Add support for AES-GCM decryption

Fix test when GCM is not supported

5e8ad48

Add duration format as a constant

b4cf36d

Make it compatible with old versions of Ruby

46edfba

Use Time.now.utc instead Time.now on parse_duration

60b0204

johnnyshields and others added 30 commits January 19, 2025 18:04

Update test_helper.rb

a5063fd

Update test_helper.rb

4c42807

Update test_helper.rb

011ff4f

Merge pull request #740 from johnnyshields/backport-jruby-fix

bbe39e9

Backport JRuby test fix to master

docs: readme improvements

927d6f0

Merge pull request #741 from andimrob/readme-improvements

0d16835

docs: readme improvements

Fix Test

60627ba

Fix vulnerability: CVE-2025-25293: Potential DOS abusing of compresse…

acac9e9

…d messages.

Fix vulnerabilities: CVE-2025-25291, CVE-2025-25292: SAML authenticat…

e9c1cdb

…ion bypass via Signature Wrapping attack allowed due parser differential

Merge pull request #750 from SAML-Toolkits/security_fix_1.18.0

fb2eac1

Security fixes: CVE-2025-25291, CVE-2025-25292 and CVE-2025-25293

Release 1.18.0

51ef41d

Reorder Changelog and include reference to 1.12.4

6a7c040

Missed reference

fa78136

Update ruby-saml version in README

a38fc2c

Merge pull request #751 from blombard/patch-1

fbbedc9

Update ruby-saml version in README

Check message bytesize before Base64 validation

f0d7941

Adapt tests to be able to execute signature validation sooner

12b956e

CI/CD: Update ubuntu version

d14ec56

Add Ruby 3.4 to the CI

25c4b22

Exclude Ubuntu-22.04 Ruby 2.2 from CI as it raises RubyGem/Bundler is…

9d5d55c

…sues

Merge pull request #768 from SAML-Toolkits/test_and_ci

6410b28

Adapt tests and CI/CD improvements

Merge commit from fork

bd265fc

Check message bytesize before Base64 validation

Release 1.18.1

8c395b5

Update Changelog

f9263a6

Fix several typos on the documentation and code. Add to the README ho…

0d787e8

…w to force SP-Initiate flow and Prevent Reply Attacks

Improve the inflate method to prevent potential DoS vulnerability in …

07bc2bc

…Zlib::Inflate (#779) Improve the inflate method. Prevent potential DoS vulnerability in Zlib::Inflate by limiting the maximum decompressed size. The data is now inflated in chunks.

Add sponsors: Github, SerpApi

75546f4

Add warning about CVE-2025-66567 and CVE-2025-66568

bbe7c00

CVE-2025-66567 and CVE-2025-66568 affects ruby-saml <= 1.12.4. Use ruby-saml 1.18.1 instead.

Revise vulnerability notice for ruby-saml

5c9fcfa

Updated vulnerability notice to reflect affected versions.

Fix wrong link

2970ad9

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Pulling upstream master#1

Pulling upstream master#1
otb wants to merge 734 commits intoslides:masterfrom
SAML-Toolkits:master

otb commented Oct 6, 2016

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

20 participants

Conversation

otb commented Oct 6, 2016

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

20 participants