SP patch coming next week
Fuchs, Michael
michael.fuchs at hm.edu
Thu Jun 8 12:48:05 UTC 2023
Thanks for the tip!
I understand the security concerns about your DoS attack. Nevertheless, I think a note in the documentation would be useful. Otherwise, configuring OIDC and accessing the OIDC configuration could be more difficult than the rest of the documentation.
Many greetings,
Michael
—
Michael Fuchs - Central IT
Munich University of Applied Sciences
Lothstr. 34, 80335 Munich, G2.21a
T +49 89 1265-1746
https://hm.edu <https://www.hm.edu/en/index~1.en.html> | https://hm.edu/data_protection_declaration <https://www.hm.edu/en/impressum_1/data_protection/data_protection_declaration.en.html>
> On 7. Jun 2023, at 16:07, Cantor, Scott via users <users at shibboleth.net> wrote:
>
> This is just a courtesy heads up, there will be an library patch released next week, and an SP on Windows update to distribute it.
>
> The security issue is, with some level of uncertainty, low to moderate, I think. It's not good by any means but so far the main attack I've thought up with it is denial of service, the lamest of security issues.
>
> Barring unforeseen, I hope to get it out Monday.
>
> -- Scott
>
>
> --
> For Consortium Member technical support, see https://shibboleth.atlassian.net/wiki/x/ZYEpPw
> To unsubscribe from this list send an email to users-unsubscribe at shibboleth.net
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://shibboleth.net/pipermail/users/attachments/20230608/e5f5bdea/attachment.htm>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4399 bytes
Desc: not available
URL: <http://shibboleth.net/pipermail/users/attachments/20230608/e5f5bdea/attachment.p7s>
More information about the users
mailing list