Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Tip

This is the advisory page for Identity Provider V2 and Service Provider V2 releases. For newer V3 IdP advisories, refer to the V3 SecurityAdvisories page. For newer V3 SP advisories, refer to the V3 SecurityAdvisories page.

This page provides easier access to the complete history of Security Advisories released for the Shibboleth V2 software products and an "at a glance" table showing you which releases are vulnerable to what kinds of issues. If you're running a particular version, you can use this table to identify the issues that could affect your system and determine how urgent an upgrade is. In addition to the announce mailing list, you can "watch" this page for changes to keep abreast. Pages exist describing briefly how to check the IdP or SP version you have.

...

If you would like to report an issue you believe is security related, you can do any of the following:

...

.

...

As always, sites are advised to use the latest stable release of any Shibboleth product. Refer to the ProductVersioning page for information about our support and versioning policies. The Home page identifies the specific versions recommended at a given point in time

...

VersionEOLUser Data ExposureResource ExposureSession HijackingDenial of ServiceRemote ExploitAdvisories
All
XX

X

2018-02-27, 2018-01-23, 2018-01-12, 2016-06-29, 2016-05-04, 2014-06-08, 2014-04-09, 2013-12-02, 2011-10-24

2.6.1
XX

X
2.6.0Nov 2017XX

X2017-11-15
2.5.6Jun 2016XX

X
2.5.5Feb 2016XX

X
2.5.4Jul 2015XX
XX2015-07-21
2.5.3Mar 2015XX
XX2015-03-19

2.5.2

Dec 2013XX
XX
2.5.0 - 2.5.1June 2013XX
X
2013-06-18, 2013-01-10
2.4.3Nov 2012XX
XX2012-04-19
2.4.0 - 2.4.2Jul 2011XX
XX2011-07-25, 2011-07-06
2.3.0 - 2.3.1Dec 2010XX
XX
2.2.1Nov 2009XXXXX2009-11-04, 2009-08-26
2.2.0Aug 2009XXXXX2009-08-17
2.0.0 - 2.1.0Jun 2009XXXXX2009-06-15

...