ruby-saml

1.18.1 (29 Jul, 2025)

• Fix vulnerability CVE-2025-54572 Prevent DOS due large SAML Message
• Adapt tests to be able to execute signature validation sooner
• CI Improvements. Support Ruby 3.4

1.12.4 (Mar 12, 2025)

• #750 Fix vulnerabilities: CVE-2025-25291, CVE-2025-25292: SAML authentication bypass via Signature Wrapping attack allowed due parser differential. Fix vulnerability: CVE-2025-25293: Potential DOS abusing of compressed messages.

1.18.0 (Mar 12, 2025)

• #750 Fix vulnerabilities: CVE-2025-25291, CVE-2025-25292: SAML authentication bypass via Signature Wrapping attack allowed due parser differential. Fix vulnerability: CVE-2025-25293: Potential DOS abusing of compressed messages.
• #718 Add support to retri...

1.17.0 (Sep 10, 2024)

• Fix for critical vulnerability CVE-2024-45409: SAML authentication bypass via Incorrect XPath selector
• #687 Add CI coverage for Ruby 3.3 and Windows.
• #673 Add Settings#sp_cert_multi paramter to facilitate SP certificate and key rotation.
• [#673](http...

• Fix for critical vulnerability CVE-2024-45409: SAML authentication bypass via Incorrect XPath selector