Shibboleth Service Provider V3.0.0 now available

Takeshi NISHIMURA takeshi at
Wed Jul 18 05:47:58 EDT 2018

I assume there is no known vulnerability in V2.6.1 because "2.6.1" is green:

Although disabling DTD will finally be in effect in V3 on RHEL/CentOS 7 since the Xerces library reaches 3.2.1.

Best regards,

On 2018/07/18 0:00, Cantor, Scott wrote:
> The Shibboleth Project is pleased to announce that V3.0.0 of the Service Provider software is now available. This release is a largely compatible upgrade for the previous versions and supersedes those releases. There are no current plans to maintain the older SP and library branches based on experiences with the upgrade process so far but this is subject to change if unexpected problems arise.
> The documentation for this release has been migrated from the old wiki space to a new dedicated space [1], which we hope is better organized and will be less cluttered by IdP material.
> Upgraders should carefully review the Release Notes [2] and Upgrade material [3] beforehand.
> The documentation is in a decent state but work remains and will be ongoing throughout this year and possibly beyond, but what's left is migrated material from the older documentation and is in at least as good shape as before.
> The source and Windows installers have been uploaded to the usual places, and the RPMs will be built and moved over to the lone current mirror and any problems dealt with promptly once I test them with some vagrant images. There are more packages to get copied than usual so a glitch or two in the process I'm using to get them from the SUSE servers is not unexpected, but so far it's been looking ok.
> I'll update the final three macports today or this evening.
> -- Scott
> [1]
> [2]
> [3]

More information about the users mailing list