...
Reinforcing the xmltooling library (V3.2.3, included in this Windows release) to block an unnecessary XML Encryption construct, related to the advisory issued for the IdP recently. The SP is not believed to be vulnerable, but this is a defensive measure.
Adjusting the default ACL on Windows when the SP is installed outside of “Program Files” to prevent open write access to the folders. Note that with the huge variety of IIS security configurations, you may need to further adjust ACLs if unexpected user accounts are being used by IIS, so test before use.
A warning has been added to the log when systems do not configure an explicit value for the redirectLimit setting. The default for this setting remains liberal for compatibility, so the warning was requested to highlight that fact.
3.4.0 (November 3, 2022)
| Jira Legacy | ||||||||
|---|---|---|---|---|---|---|---|---|
|
...