Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Upgrade xmlseclibs to version 3.0.4 #138

Merged
merged 3 commits into from
Nov 7, 2019
Merged

Upgrade xmlseclibs to version 3.0.4 #138

merged 3 commits into from
Nov 7, 2019

Conversation

pablothedude
Copy link
Contributor

This change will apply the countermeasures to harden against
CVE 2019-3465 and will effectively bump robrichards/xmlseclibs to
version 3.0.4.

@MKodde MKodde self-requested a review November 7, 2019 11:07
MKodde
MKodde reviewed Nov 7, 2019
View reviewed changes
CHANGELOG.md Outdated
@@ -1,5 +1,10 @@
# Next release

# 1.2.3
This is a security release that will harden the application against CVE 2019-3465
* Implement countermeasures against CVE 2019-3465 #138
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The PR title does not match the actual title, should be: Upgrade xmlseclibs to version 3.0.4 #138

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

composer.json Show resolved Hide resolved
composer.lock Outdated
@@ -1735,16 +1735,16 @@
},
{
"name": "simplesamlphp/saml2",
"version": "v3.3.8",
"version": "v3.4.2",
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider not updating SAML2 for this release. Or identify this does not harm any current behaviour

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Reverted it and only updated xmlseclibs

@pablothedude
Upgrade xmlseclibs to version 3.0.4
2739ee5 
This change will apply the countermeasures to harden against
CVE 2019-3465 and will effectively bump `robrichards/xmlseclibs` to
version 3.0.4.
@pablothedude
Enable Travis for hotfix branches
b419c21
@pablothedude
Enable ant on Travis builds
3ff0fdf 
Ant is no longer installed by default on the Travis platform. An
explicit installtion instruction was added to achieve installation.
@pablothedude pablothedude force-pushed the hotfix/cve-2019-3465-56 branch from d4edbd1 to 3ff0fdf Compare November 7, 2019 13:40
@pablothedude pablothedude requested a review from MKodde November 7, 2019 13:43
@pablothedude pablothedude merged commit 4797316 into release/1.2 Nov 7, 2019
@pablothedude pablothedude deleted the hotfix/cve-2019-3465-56 branch November 7, 2019 15:10
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@MKodde MKodde MKodde approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@pablothedude @MKodde