Release 1.4.0

SAML-Toolkits · Oct 13, 2016 · 3a9d1fe · 3a9d1fe
1 parent b5c6c4d
commit 3a9d1fe
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 1 deletion.
diff --git a/README.md b/README.md
@@ -1,5 +1,9 @@
 # Ruby SAML [![Build Status](https://secure.travis-ci.org/onelogin/ruby-saml.png)](http://travis-ci.org/onelogin/ruby-saml) [![Coverage Status](https://coveralls.io/repos/onelogin/ruby-saml/badge.svg?branch=master%0A)](https://coveralls.io/r/onelogin/ruby-saml?branch=master%0A) [![Gem Version](https://badge.fury.io/rb/ruby-saml.svg)](http://badge.fury.io/rb/ruby-saml)
 
+## Updating from 1.3.x to 1.4.X
+
+Version `1.4.0` is a recommended update for all Ruby SAML users as it includes security improvements.
+
 ## Updating from 1.2.x to 1.3.X
 
 Version `1.3.0` is a recommended update for all Ruby SAML users as it includes security fixes. It  adds security improvements in order to prevent Signature wrapping attacks. [CVE-2016-5697](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2016-5697)

diff --git a/changelog.md b/changelog.md
@@ -1,5 +1,23 @@
 # RubySaml Changelog
 
+### 1.4.0 (October 13, 2016)
+* Several security improvements:
+  * Conditions element required and unique.
+  * AuthnStatement element required and unique.
+  * SPNameQualifier must math the SP EntityID
+  * Reject saml:Attribute element with same “Name” attribute
+  * Reject empty nameID
+  * Require Issuer element. (Must match IdP EntityID).
+  * Destination value can't be blank (if present must match ACS URL).
+  * Check that the EncryptedAssertion element only contains 1 Assertion element.
+
+* [#335](https://github.com/onelogin/ruby-saml/pull/335) Explicitly parse as XML and fix setting of Nokogiri options.
+* [#345](https://github.com/onelogin/ruby-saml/pull/345)Support multiple settings.auth_context
+* More tests to prevent XML Signature Wrapping
+* [#342](https://github.com/onelogin/ruby-saml/pull/342) Correct the usage of Mutex
+* [352](https://github.com/onelogin/ruby-saml/pull/352) Support multiple AttributeStatement tags
+
+
 ### 1.3.1 (July 10, 2016)
 * Fix response_test.rb of gem 1.3.0
 * Add reference to Security Guidelines

diff --git a/lib/onelogin/ruby-saml/version.rb b/lib/onelogin/ruby-saml/version.rb
@@ -1,5 +1,5 @@
 module OneLogin
   module RubySaml
-    VERSION = '1.3.1'
+    VERSION = '1.4.0'
   end
 end