| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
| |
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| |
|
|
|
|
|
|
| |
importlib.resources was added to python standard library since python 3.7
[1]. This patch is implementing conditional to use it instead of the
importlib_resources backport when using python 3.7 or newer.
[1] https://docs.python.org/3/whatsnew/3.7.html
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
All users of pysaml2 that use the default `CryptoBackendXmlSec1` backend and need to
verify signed SAML documents are impacted. `pysaml2 <= 6.4.1` does not validate the SAML
document against an XML schema. This allows invalid XML documents to trick the
verification process, by presenting elements with a valid signature inside elements
whose content has been malformed. The verification is offloaded to `xmlsec1` and
`xmlsec1` will not validate every signature in the given document, but only the first it
finds in the given scope.
Credits for the report:
- Victor Schönfelder Garcia (isits AG International School of IT Security)
- Juraj Somorovsky (Paderborn University)
- Vladislav Mladenov (Ruhr University Bochum)
Signed-off-by: Ivan Kanakarakis <ivan.kanak@gmail.com>
|
| | |
|
| |
|