Headline
CVE-2023-26267: ~fkooman/php-saml-sp: main - sourcehut git
php-saml-sp before 1.1.1 and 2.x before 2.1.1 allows reading arbitrary files as the webserver user because resolving XML external entities was silently enabled via \LIBXML_DTDLOAD | \LIBXML_DTDATTR.
switch to JSON serializer for memcache session backend
remove unneeded DOMDocument::loadXML flags
move NullLogger from tests to src/Log
add additional eduPerson attributes from (202208) v4.4.0
no default values for getData, postData
do not overdo it with the $_SERVER, $_GET, $_POST hints
switch DateTime to DateTimeImmutable
- remove ugly “clone” used with mutable DateTime
- add comment regarding PHP 8 no long returning `false` on DateTimeInterface::getTimestamp()
mention “Comments on Other Common Person Attributes”
fix typo in src/attribute_mapping.php
update .php-cs-fixer.dist.php