Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Bump java-saml from 2.5.0 to 2.9.0 #643

Merged
merged 4 commits into from
Nov 29, 2022
Merged

Bump java-saml from 2.5.0 to 2.9.0 #643

merged 4 commits into from
Nov 29, 2022

Conversation

dependabot[bot]
Copy link
Contributor

@dependabot dependabot bot commented on behalf of github May 16, 2022
edited
Loading

Bumps java-saml from 2.5.0 to 2.9.0.

Release notes

Sourced from java-saml's releases.

OneLogin's SAML Java Toolkit v2.8.0

  • Updated xmlsec to 2.2.3 which fixes CVE-2021-40690
  • #359 Allow to control NameIDPolicy.AllowCreate attribute on AuthnReques
  • #356 Validate assertion version as well in SAML response validation
  • #351 Support more complex response statuses in LogoutResponse generation
  • #350 Improve authentication and logout request input params API
  • #321 Allow for extension classes to post-process generated XML
  • #340 Trim values obtained with getTextContent() on any XML node
  • #327 Ensure local resolution of schemas (and DTDs)
  • #315 Properly escape text to produce valid XML

OneLogin's SAML Java Toolkit v2.7.0

  • Support sending extra GET parameters on login and logout
  • #331 Made the SamlResponse returned attribute map preserve attribute order
  • #333 Fix extraction of the response issuer
  • #320 Add Auth.getLastMessageIssueInstant and Auth.getLastRequestIssueInstant
  • #341 Made LogoutRequest and LogoutResponse more extensible
  • #318 Made SamlResponse more extensible
  • #308 Made constants real constants
  • #300 Support for SingleLogoutService ResponseLocation in IdPMetadataParse
  • #295 Support Alg Deprecated rejection
  • 296 Improve SettingsBuilder build method in order to fix an issue at injectIntoSettings method
  • #290 Support for unwrapping key via an HSM when decrypting the SAML assertion
  • #293 Support digest algorithm at settings
  • #337 Remove useless XMLEntityException declaration in logout throws clause
  • #339 Remove the useless Exception throws declaration in LogoutRequest.isValid
  • Improved documentation
  • Update dependencies due to security warnings.
  • Migrate from Travis to Github Actions

OneLogin's SAML Java Toolkit v2.6.0

  • Check that the certificate of the XML matches the value registered (cert/fingerprint) before validating signature to be able identify such issue.
  • 218 Exposing statuscode and substatuscode through toolkit.
  • 233 When checking IdP Settings, verify with multiple possible IdP certs.
  • 240 Support KeyStore file for SP. Also 243
  • 244 Add StatusCode support for logout response
  • 232 Make Fingerprint check case insensitive
  • Allow duplicated names in AttributeStatement by configuration. -253 Expose validation exception in Saml classes
  • Support NameID Encryptation with MultiCert
  • 276 Fix signature validation issue when using fingerprint and sha256 alg
  • 272 Fix format time issues
  • 284 fix nameidNameQualifier typo on logout example
  • 283 Expose a constructor for SamlResponse class which doesn't require HttpRequest
  • 250 Add a stay parameter to Auth processSlo
  • Make ProtocolBinding in the AuthnRequest configurable
  • Metadata constructor now will not set a validUntilTime/cacheDuration if a null parameter is added, if no param provided, it will take constant values.
  • Update dependencies
  • Update the .java-version file to 1.8
Commits
  • 988de2d [maven-release-plugin] prepare release v2.9.0
  • a8957cc Update README
  • 1c2ad3a Merge pull request #376 from chenrui333/update-docs
  • 4f4340c Update dependencies
  • bf7671a docs: add toc
  • f588237 docs: update to use 2.8.0
  • 836c4df Merge pull request #370 from kemalturksonmez/master
  • 1198878 Merge pull request #367 from mauromol/improve-sp-contacts
  • c02eb9f Update parseXML to use XMLErrorAccumulatorHandler
  • 6900702 Revise SP contacts settings validation
  • Additional commits viewable in compare view

Dependabot compatibility score

Dependabot will resolve any conflicts with this PR as long as you don't alter it yourself. You can also trigger a rebase manually by commenting @dependabot rebase.

Dependabot commands and options

You can trigger Dependabot actions by commenting on this PR:

  • @dependabot rebase will rebase this PR
  • @dependabot recreate will recreate this PR, overwriting any edits that have been made to it
  • @dependabot merge will merge this PR after your CI passes on it
  • @dependabot squash and merge will squash and merge this PR after your CI passes on it
  • @dependabot cancel merge will cancel a previously requested merge and block automerging
  • @dependabot reopen will reopen this PR if it is closed
  • @dependabot close will close this PR and stop Dependabot recreating it. You can achieve the same result by closing it manually
  • @dependabot ignore this major version will close this PR and stop Dependabot creating any more for this major version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this minor version will close this PR and stop Dependabot creating any more for this minor version (unless you reopen the PR or upgrade to it yourself)
  • @dependabot ignore this dependency will close this PR and stop Dependabot creating any more for this dependency (unless you reopen the PR or upgrade to it yourself)

@dependabot dependabot bot added the dependencies Pull requests that update a dependency file label May 16, 2022
@dependabot
Bump java-saml from 2.5.0 to 2.9.0
9c70eaa 
Bumps [java-saml](https://github.com/onelogin/java-saml) from 2.5.0 to 2.9.0.
- [Release notes](https://github.com/onelogin/java-saml/releases)
- [Commits](SAML-Toolkits/java-saml@v2.5.0...v2.9.0)

---
updated-dependencies:
- dependency-name: com.onelogin:java-saml
  dependency-type: direct:production
  update-type: version-update:semver-minor
...

Signed-off-by: dependabot[bot] <support@github.com>
@dependabot dependabot bot force-pushed the dependabot/maven/com.onelogin-java-saml-2.9.0 branch from 690ded5 to 9c70eaa Compare July 18, 2022 09:54
@ismisepaul ismisepaul merged commit be02b90 into dev Nov 29, 2022
@ismisepaul ismisepaul deleted the dependabot/maven/com.onelogin-java-saml-2.9.0 branch November 29, 2022 22:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
dependencies Pull requests that update a dependency file
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
1 participant
@ismisepaul