Versions Compared

Old Version 2

changes.mady.by.user Niels van Dijk

Saved on

compared with

New Version Current

changes.mady.by.user Niels van Dijk

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

New release SVS 2.2.0_1
docker pull inacademia/svs:2.2.0_1
docker hub digest: sha256:c3cde31dcb62460abc484ba24a091411b4a22189c1c76d6be763f7d7ec1c75f7Changes:
* Resolves XSS issue: https://trello.com/c/oo3IFo9x/5-resolve-xss-vulnerability issue
* Resolves CVE-2020-5390 : https://trello.com/c/I03lFfM7/4-fix-cve-2020-5390vulnerability in pySAML
* Applied fix to persist persistentid over SaToSa restartid persistence when restarting InAcademia
* Various minor changes to fix dependency breakage

Updated dependencies:
* Updated pyOP to 2.0.8
* Updated pySAML2 to 5.0.0

Required configuration changes:
* Add sub_hash_salt parameter to inacademia_frontend.yaml
https://github.com/inacademia-development/svs/blob/master/config/plugins/inacademia_frontend.yaml#L9

Addendum

For proper handing of the display of attributes on the consent screen, the consent module needs the following configuration (adopt to local situation)

https://github.com/inacademia-development/svs/blob/master/config/plugins/user_consent.yamlDeployement
* This release was deployed to the production platform on 28-01-2020 without service disruption