on incorrect multi-byte sequences (possibly refers to bug SSPCPP-195)
Roberto Benedetti
r.benedetti at cineca.it
Mon Aug 29 16:11:33 BST 2011
On 08/29/2011 04:53 PM, Cantor, Scott wrote:
> On 8/29/11 10:44 AM, "Roberto Benedetti"<r.benedetti at cineca.it> wrote:
>>
>> does it mean that version 2.3.1 is affected while 2.2.x (with x>1) and
>> 2.4.x versions are not?
>
> The original bug fix in 2.2 was extended to deal with cookies and other
> headers with version 2.4. Unless the bad data is in a cookie, there's
> nothing different between 2.3 and the code now.
>
thanks a lot for the quick answer, Scott.
the problem is not about a cookie: it's a SAML response consumed -but
not parsed- by the /Shibboleth.sso/SAML2/POST ACS.
I saw the bug is about headers and cookies but could not understand why
it did not come up with earlier SP versions. I hoped an update could fix
the problem, that's why I asked.
thanks again,
roberto
More information about the users
mailing list