v1.18.0

📅 Mar 12, 2025📦 saml-toolkitView on GitHub →

✨ 1 features🐛 4 fixes🔧 1 symbols

Summary

This release focuses heavily on security, patching three critical vulnerabilities related to authentication bypass and DoS. It also introduces a new feature to extract AuthnInstant and AuthnContextClassRef from SAMLResponse.

✨ New Features

Added support to retrieve AuthnInstant and AuthnContextClassRef values from SAMLResponse.

🐛 Bug Fixes

Fixed critical vulnerabilities related to SAML authentication bypass via Signature Wrapping attack (CVE-2025-25291, CVE-2025-25292) due to parser differential.
Fixed potential Denial of Service (DoS) vulnerability abusing compressed messages (CVE-2025-25293).
Fixed ambiguous regex warnings.
Fixed typo in SPNameQualifier error text.

🔧 Affected Symbols

SAMLResponse