simplesamlphp v1.17.8 reported as insecure

Question

rjgwiz opened this issue 5 years ago · 2 comments

simplesamlphp/simplesamlphp/2019-11-19.yaml appears to report anything less than simplesamlphp/simplesamlphp 1.18.0 as insecure. simplesamlphp/simplesamlphp v1.17.7 had a security issue which was addressed in https://github.com/simplesamlphp/simplesamlphp/releases/tag/v1.17.8.

Am I missing another security issue with v17.7.x, or should v1.17.8 be acceptable?

Answer 1 · 2019-11-29T17:15:38.000Z

the upper bound in this advisory seems to be wrong indeed, as the link says that both 1.17.8 and 1.18 contain the fix.

Answer 2 · 2019-11-29T18:19:12.000Z

Thanks @stof! My builds with v1.17.8 are passing security advisories now, after clearing Tracis CI cache (composer dependencies are cached)