ruby-saml 1.12.4 → 1.13.0

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Potentially problematic release.

This version of ruby-saml might be problematic. Click here for more details.

Files changed (21) hide show
  1. checksums.yaml +5 -5
  2. data/.github/workflows/test.yml +4 -44
  3. data/{changelog.md → CHANGELOG.md} +19 -12
  4. data/README.md +288 -226
  5. data/UPGRADING.md +149 -0
  6. data/lib/onelogin/ruby-saml/authrequest.rb +2 -3
  7. data/lib/onelogin/ruby-saml/idp_metadata_parser.rb +110 -77
  8. data/lib/onelogin/ruby-saml/logoutrequest.rb +3 -3
  9. data/lib/onelogin/ruby-saml/logoutresponse.rb +2 -3
  10. data/lib/onelogin/ruby-saml/metadata.rb +59 -22
  11. data/lib/onelogin/ruby-saml/response.rb +16 -25
  12. data/lib/onelogin/ruby-saml/saml_message.rb +12 -24
  13. data/lib/onelogin/ruby-saml/settings.rb +76 -70
  14. data/lib/onelogin/ruby-saml/slo_logoutrequest.rb +13 -6
  15. data/lib/onelogin/ruby-saml/slo_logoutresponse.rb +2 -2
  16. data/lib/onelogin/ruby-saml/utils.rb +27 -22
  17. data/lib/onelogin/ruby-saml/version.rb +1 -1
  18. data/lib/xml_security.rb +25 -72
  19. data/ruby-saml.gemspec +1 -9
  20. metadata +23 -36
  21. data/.travis.yml +0 -48
checksums.yaml CHANGED
@@ -1,7 +1,7 @@
1
1
  ---
2
- SHA256:
3
- metadata.gz: 6c7575733bfd28deef0060550daede564f894f423c6749d71007b475694e5409
4
- data.tar.gz: 4f925319b91da371cecdcb0946f617b056b9f6fbe1665dd5e5ccf2afff9f24a8
2
+ SHA1:
3
+ metadata.gz: ded4e8f9560644f26e90079ecf0021f81fb8fb90
4
+ data.tar.gz: 034e0d8ee8d11aa443435b20d071015dfbcf5161
5
5
  SHA512:
6
- metadata.gz: b378e2c5e13810c280783154c7fe25a0c287e89a12698aa65a9d33873b44987b5f2cd0f0676b797fdefad86f993975b10d29a9a5665513ff68ed064efd7c41c1
7
- data.tar.gz: 1b370d8753b3104ae3b8bc9e1f1c2ddd067abee96a5ea9b896cf2e0571e6999564a92df78aa5d55266821185a77770cf2f2166a2b944fde5ed6216e2b3c4b7f1
6
+ metadata.gz: 957e2b7598309e9b770019902f28bdec07a28a19a77abfb7e72d503ab3c8b4c57138451d3bb0bced671aca4d454d6637821a3931e91e6f4d79ef4d5d1a91a25e
7
+ data.tar.gz: 74d06dcdc7ba3f3c0dc797ad3e329987f0bd32bfc5b0bdee62f9c081688dd97bb4892ef42de795c09c59b2c48487b673476a6dd12aedca0770b600c770e2c4b7
data/.github/workflows/test.yml CHANGED
@@ -8,51 +8,11 @@ jobs:
8
8
  strategy:
9
9
  fail-fast: false
10
10
  matrix:
11
- os:
12
- - ubuntu-20.04
13
- - macos-latest
14
- - windows-latest
15
- ruby-version:
16
- - 2.1
17
- - 2.2
18
- - 2.3
19
- - 2.4
20
- - 2.5
21
- - 2.6
22
- - 2.7
23
- - 3.0
24
- - jruby-9.1
25
- - jruby-9.2
26
- exclude:
27
- - os: macos-latest
28
- ruby-version: 2.1
29
- - os: macos-latest
30
- ruby-version: 2.2
31
- - os: macos-latest
32
- ruby-version: 2.3
33
- - os: macos-latest
34
- ruby-version: 2.4
35
- - os: macos-latest
36
- ruby-version: 2.5
37
- - os: macos-latest
38
- ruby-version: jruby-9.1
39
- - os: macos-latest
40
- ruby-version: jruby-9.2
41
- - os: windows-latest
42
- ruby-version: 2.1
43
- - os: windows-latest
44
- ruby-version: jruby-9.1
45
- - os: windows-latest
46
- ruby-version: jruby-9.2
47
- - os: windows-latest
48
- ruby-version: jruby-9.3
49
- - os: windows-latest
50
- ruby-version: jruby-9.4
51
- - os: windows-latest
52
- ruby-version: truffleruby
11
+ os: [ubuntu-latest, macos-latest]
12
+ ruby-version: [2.1.9, 2.2.10, 2.3.8, 2.4.6, 2.5.8, 2.6.6, 2.7.2, 3.0.1, jruby-9.1.17.0, jruby-9.2.17.0, truffleruby]
53
13
  runs-on: ${{ matrix.os }}
54
14
  steps:
55
- - uses: actions/checkout@v4
15
+ - uses: actions/checkout@v2
56
16
  - name: Set up Ruby ${{ matrix.ruby-version }}
57
17
  uses: ruby/setup-ruby@v1
58
18
  with:
@@ -62,4 +22,4 @@ jobs:
62
22
  run: bundle install
63
23
 
64
24
  - name: Run tests
65
- run: bundle exec rake
25
+ run: bundle exec rake
data/{changelog.md → CHANGELOG.md} RENAMED
@@ -1,15 +1,22 @@
1
- # RubySaml Changelog
2
- ### 1.12.4 (Mar 12, 2025)
3
- * Fix vulnerabilities: CVE-2025-25291, CVE-2025-25292: SAML authentication bypass via Signature Wrapping attack allowed due parser differential.
4
- * Fix vulnerability: CVE-2025-25293: Potential DOS abusing of compressed messages.
5
-
6
- ### 1.12.3 (Sep 10, 2024)
7
- * Fix for critical vulnerability CVE-2024-45409: SAML authentication bypass via Incorrect XPath selector
8
-
9
- ### 1.12.2 (Apr 08, 2022)
10
- * [575](https://github.com/onelogin/ruby-saml/pull/575) Fix SloLogoutresponse bug on LogoutRequest
11
-
12
- ### 1.12.1 (Apr 05, 2022)
1
+ # Ruby SAML Changelog
2
+
3
+ ### 1.13.0 (Sept 06, 2021)
4
+ * [#611](https://github.com/onelogin/ruby-saml/pull/601) Replace MAX_BYTE_SIZE constant with setting: message_max_bytesize
5
+ * [#605](https://github.com/onelogin/ruby-saml/pull/605) :allowed_clock_drift is now bidrectional
6
+ * [#614](https://github.com/onelogin/ruby-saml/pull/614) Support :name_id_format option for IdpMetadataParser
7
+ * [#611](https://github.com/onelogin/ruby-saml/pull/611) IdpMetadataParser should always set idp_cert_multi, even when there is only one cert
8
+ * [#610](https://github.com/onelogin/ruby-saml/pull/610) New IDP sso/slo binding params which deprecate :embed_sign
9
+ * [#602](https://github.com/onelogin/ruby-saml/pull/602) Refactor the OneLogin::RubySaml::Metadata class
10
+ * [#586](https://github.com/onelogin/ruby-saml/pull/586) Support milliseconds in cacheDuration parsing
11
+ * [#585](https://github.com/onelogin/ruby-saml/pull/585) Do not append " | " to StatusCode unnecessarily
12
+ * [#607](https://github.com/onelogin/ruby-saml/pull/607) Clean up
13
+ * Add warning about the use of IdpMetadataParser class and SSRF
14
+ * CI: Migrate from Travis to Github Actions
15
+
16
+ ### 1.12.2 (Apr 08, 2021)
17
+ * [#575](https://github.com/onelogin/ruby-saml/pull/575) Fix SloLogoutresponse bug on LogoutRequest
18
+
19
+ ### 1.12.1 (Apr 05, 2021)
13
20
  * Fix XPath typo incompatible with Rexml 3.2.5
14
21
  * Refactor GCM support
15
22