Releases: SAML-Toolkits/php-saml
Releases · SAML-Toolkits/php-saml
OneLogin's SAML PHP Toolkit v2.21.2
The version 2.21.1 was released with the wrong version.json file and missed Changelog.
The 2.21.2 version has the same code than 2.21.2 but set right version and update Changelog
OneLogin's SAML PHP Toolkit v4.3.1
- Update xmlseclibs version requirement to 3.1.4 due CVE-2025-66475
OneLogin's SAML PHP Toolkit v3.8.1
Security:
- Update xmlseclibs version requirement to 3.1.4 due CVE-2025-66475
OneLogin's SAML PHP Toolkit v2.21.1
Security:
- Fix xmlseclibs vulnerability CVE-2025-66475
OneLogin's SAML PHP Toolkit v4.3.0
- PHP 8.4 Compatibility via #600 and #607.
- #619 Add Parameter checking on validateBinarySign, inspired on CVE-2025-27773
- #603 Fix typo in ignoreValidUntil that breaks metadata. Add parameter to exclude validUntil on Settings getSPMetadata
- #594 Add support for encrypted name id in encrypted assertion
- Fix buildWithBaseURLPath. See #581
- Doc fix typo
- Remove Travis CI references
OneLogin's SAML PHP Toolkit v3.8.0
- #619 Add Parameter checking on validateBinarySign, inspired on CVE-2025-27773
- #603 Fix typo in ignoreValidUntil that breaks metadata. Add parameter to exclude validUntil on Settings getSPMetadata
- #594 Add support for encrypted name id in encrypted assertion
- Fix buildWithBaseURLPath. See #581
- Doc fix typo
- Remove Travis CI references
OneLogin's SAML PHP Toolkit v2.21.0
- #619 Add Parameter checking on validateBinarySign, inspired on CVE-2025-27773
- #603 Fix typo in ignoreValidUntil that breaks metadata. Add parameter to exclude validUntil on Settings getSPMetadata
- #594 Add support for encrypted name id in encrypted assertion
- Fix buildWithBaseURLPath. See #581
- Doc fix typo
- Remove Travis CI references
OneLogin's SAML PHP Toolkit v4.2.0
- #586 IdPMetadataParser::parseRemoteXML - Add argument for setting whether to validate peer SSL certificate
- #585 Declare conditional return types
- #577 Allow empty NameID value when no strict or wantNameId is false
- #570 Support X509 cert comments
- #569 Add parameter to exclude validUntil on SP Metadata XML
- #551 Fix compatibility with proxies that extends HTTP_X_FORWARDED_HOST
- LogoutRequest and the LogoutResponse object to separate functions
- Make Saml2\Auth can accept a param $spValidationOnly
- Fix typos on readme.
- #480 Fix typo on SPNameQualifier mismatch error message
- Remove unbound version constraints on xmlseclibs
- Update dependencies
- Fix test payloads
- Remove references to OneLogin.
OneLogin's SAML PHP Toolkit v3.7.0
- #586 IdPMetadataParser::parseRemoteXML - Add argument for setting whether to validate peer SSL certificate
- #585 Declare conditional return types
- Make Saml2\Auth can accept a param $spValidationOnly
- #577 Allow empty NameID value when no strict or wantNameId is false
- #570 Support X509 cert comments
- #569 Add parameter to exclude validUntil on SP Metadata XML
- #551 Fix compatibility with proxies that extends HTTP_X_FORWARDED_HOST
- #487 Enable strict check on in_array method
- Make Saml2\Auth can accept a param $spValidationOnly
- Fix typos on readme.
- Add warning about Open Redirect and Reply attacks
- Add warning about the use of IdpMetadataParser class. If Metadata URLs
are provided by 3rd parties, the URL inputs MUST be validated to avoid issues like SSRF - Fix test payloads
- Remove references to OneLogin.
OneLogin's SAML PHP Toolkit v2.20.0
- #586 IdPMetadataParser::parseRemoteXML - Add argument for setting whether to validate peer SSL certificate
- #585 Declare conditional return types
- Make Saml2\Auth can accept a param $spValidationOnly
- #577 Allow empty NameID value when no strict or wantNameId is false
- #570 Support X509 cert comments
- #569 Add parameter to exclude validUntil on SP Metadata XML
- #551 Fix compatibility with proxies that extends HTTP_X_FORWARDED_HOST
- #487 Enable strict check on in_array method
- Fix typos on readme.
- #480 Fix typo on SPNameQualifier mismatch error message
- Add $spValidationOnly param to Auth
- Update xmlseclibs (3.1.2 without AES-GCM and OAEP support)
- Add warning about Open Redirect and Reply attacks
- Add warning about the use of IdpMetadataParser class. If Metadata URLs
are provided by 3rd parties, the URL inputs MUST be validated to avoid issues like SSRF - Update dependencies
- Fix test payloads
- Remove references to OneLogin.