Shibboleth Identity Provider V3.4.7 is now available

Cantor, Scott cantor.2 at
Wed Jul 1 13:09:42 UTC 2020

The Shibboleth Project has issued a patch release of the legacy branch of the IdP. [1]

The primary reason for the patch is to update the Jackson JSON parser to match the version shipped with IdPv4, to address some security issues in the library.

While the IdP is not believed to be vulnerable to the issues, and thus no security advisory is currently being issued, the update was made out of an abundance of caution in the event this conclusion turns out to be inaccurate.

Anyone planning to stay on the V3 release for any length of time is advised to apply this update. This update does not alter the planned (and essentially inevitable, due to Spring Framework 4) EOL date of December 31, 2020.

-- Scott


More information about the announce mailing list