1.17.0 (Sep 10, 2024)

1.17.0 (Sep 10, 2024)

• Fix for critical vulnerability CVE-2024-45409: SAML authentication bypass via Incorrect XPath selector
• #687 Add CI coverage for Ruby 3.3 and Windows.
• #673 Add Settings#sp_cert_multi paramter to facilitate SP certificate and key rotation.
• #673 Support multiple simultaneous SP decryption keys via Settings#sp_cert_multi parameter.
• #673 Deprecate Settings#certificate_new parameter.
• #673 :check_sp_cert_expiration will use the first non-expired certificate/key when signing/decrypting. It will raise an error only if there are no valid certificates/keys.
• #673 :check_sp_cert_expiration now validates the certificate not_before condition; previously it was only validating not_after.
• #673 :check_sp_cert_expiration now causes the generated SP metadata to exclude any inactive/expired certificates.

1.12.3 (Sep 10, 2024)

• Fix for critical vulnerability CVE-2024-45409: SAML authentication bypass via Incorrect XPath selector

1.16.0 (Oct 09, 2023)

• #671 Add support on LogoutRequest with Encrypted NameID

1.15.0 (Jan 04, 2023)

• #650 Replace strip! by strip on compute_digest method
• #638 Fix dateTime format for the validUntil attribute of the generated metadata
• #576 Support idp cert multi with string keys
• #567 Improve Code quality
• Add info about new repo, new maintainer, new security contact
• Fix tests, Adjust dependencies, Add Ruby 3.2 and new JRuby versions tests to the CI. Add coveralls support

1.14.0 (Feb 01, 2022)

• #627 Support escape downcasing for validating SLO Signatures of ADFS/Azure
• #633 Support ability to change ID prefix
• Make the uuid editable on the SAML Messages generated by the toolkit
• #622 Add security setting to more strictly enforce audience validation

1.13.0 (Sept 06, 2021)

• #611 Replace MAX_BYTE_SIZE constant with setting: message_max_bytesize
• #605 :allowed_clock_drift is now bidrectional
• #614 Support :name_id_format option for IdpMetadataParser
• #611 IdpMetadataParser should always set idp_cert_multi, even when there is only one cert
• #610 New IDP sso/slo binding params which deprecate :embed_sign
• #602 Refactor the OneLogin::RubySaml::Metadata class
• #586 Support milliseconds in cacheDuration parsing
• #585 Do not append " | " to StatusCode unnecessarily
• #607 Clean up
• Add warning about the use of IdpMetadataParser class and SSRF
• CI: Migrate from Travis to Github Actions

1.12.2 (Apr 08, 2021)

• 575 Fix SloLogoutresponse bug on LogoutRequest

1.12.1 (Apr 05, 2022)

• #577 Fix XPath typo incompatible with Rexml 3.2.5
• Refactor GCM support

1.12.0 (Feb 18, 2021)

• Support AES-128-GCM, AES-192-GCM, and AES-256-GCM encryptions
• Parse & return SLO ResponseLocation in IDPMetadataParser & Settings
• Adding idp_sso_service_url and idp_slo_service_url settings. IDPMetadataParser now parse_to_hash/parse_to_array methods now retrieve those params instead idp_sso_target_url and idp_slo_target_url
• #536 Adding feth method to be able retrieve attributes based on regex
• Reduce size of built gem by excluding the test folder
• Improve protection on Zlib deflate decompression bomb attack.
• Add ValidUntil and cacheDuration support on Metadata generator
• Add support for cacheDuration at the IdpMetadataParser
• Support customizable statusCode on generated LogoutResponse
• #545 More specific error messages for signature validation
• Support Process Transform
• Raise SettingError if invoking an action with no endpoint defined on the settings
• Made IdpMetadataParser more extensible for subclasses
• #548 Add :skip_audience option
• #555 Define 'soft' variable to prevent exception when doc cert is invalid
• Improve documentation

1.11.0 (Jul 24, 2019)

• Add support for certification expiration
• Deprecate the use of settings.issuer. Use instead settings.sp_entity_id
• Add security warning about the use of nokogiri on Readme