Content Comparison

Tip
This is the advisory page for Service Provider V3 releases. For older V2 SP advisories, refer to the V2 SecurityAdvisories page

...

Date	Title	Affects	Severity	CVE
2025-03-13	Parameter manipulation allows the forging of signed SAML messages	opensaml < 3.3.1 SP w/ opensaml < 3.3.1	critical
2023-06-12	Parsing of KeyInfo elements can cause remote resource access	xmltooling < 3.2.4	low
2023-03-13	https://nvd.nist.gov/vuln/detail/CVE-2022-37434	zlib < 1.2.13	moderate	CVE-2022-37434
2023-02-07	OpenSSL Vulnerabilities (various)	OpenSSL 3.0 < 3.0.8	Various	Various
2021-06-22	Header smuggling allows for impersonation under IIS 7+	SP for Windows IIS7+ module < 3.2.2.2	critical
2021-04-26	Session recovery feature contains a null pointer deference	SP < 3.2.2	moderate
2020-03-17	Template generation allows external parameters to override placeholders	SP < 3.2.1	moderate
2020-08-31	IIS module fails to trap exceptions raised by network socket failures	SP for Windows IIS7+ module < 3.1.0.2	moderate
2019-03-11	XML parser class fails to trap exceptions on malformed XML declaration	SP w/ libxmltooling < 3.0.4	moderate	CVE-2019-9628
2018-12-19	Shibboleth SP software crashes on malformed date/time content	SP < 3.0.3	moderate
2018-08-03	Shibboleth SP software crashes on malformed KeyInfo content	SP w/ libxml-security-c < 2.0.2	high
2018-01-23	Implications of ROBOT TLS vulnerability	All	high
2014-04-09	OpenSSL "Heartbleed" vulnerability	SP or IDP w/ OpenSSL 1.0.1 - 1.0.1f	very high	CVE-2014-0160
2011-10-24	Use of XML Encryption Vulnerable to Chosen Ciphertext Attacks	SP and IdP, all versions	moderate

...

Versions Compared