diff --git a/.travis.yml b/.travis.yml index db68dd9f3..4fda12d89 100644 --- a/.travis.yml +++ b/.travis.yml @@ -27,9 +27,12 @@ before_script: script: - ant - branches: only: - master - develop - - feature/fine-grained-authorization + +addons: + apt: + packages: + - ant diff --git a/CHANGELOG.md b/CHANGELOG.md index a952affad..4edcb23d5 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,8 @@ # Changelog - +## 3.0.1 +This is a security release that will harden the application against CVE 2019-346 + * Upgrade Stepup-saml-bundle to version 4.1.8 #176 + ## 3.0.0 FGA (fine grained authorization) The new fine grained authorization logic will allow Ra's from other institutions to accredidate RA's on behalf of another organisation. This is determined based on the institution configuration. https://github.com/OpenConext/Stepup-Deploy/wiki/rfc-fine-grained-authorization/b6852587baee698cccae7ebc922f29552420a296 @@ -8,8 +11,8 @@ The new fine grained authorization logic will allow Ra's from other institutions The changes to SelfService in regards to the FGA changes only where to remain compatible with API changes made for Stepup-RA. No new features have been added. ## 2.10.7 -**Improvement** -* Install security updates +This is a security release that will harden the application against CVE 2019-346 + * Upgrade Stepup-saml-bundle to version 4.1.8 #175 ## 2.10.6 **Bugfix** diff --git a/composer.lock b/composer.lock index 8b7653551..498eff870 100644 --- a/composer.lock +++ b/composer.lock @@ -1,7 +1,7 @@ { "_readme": [ "This file locks the dependencies of your project to a known state", - "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", "This file is @generated automatically" ], "content-hash": "2bb70d27e1f4aa52aa09d6d53fd6ac05", @@ -998,16 +998,16 @@ }, { "name": "monolog/monolog", - "version": "1.24.0", + "version": "1.25.1", "source": { "type": "git", "url": "https://github.com/Seldaek/monolog.git", - "reference": "bfc9ebb28f97e7a24c45bdc3f0ff482e47bb0266" + "reference": "70e65a5470a42cfec1a7da00d30edb6e617e8dcf" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/Seldaek/monolog/zipball/bfc9ebb28f97e7a24c45bdc3f0ff482e47bb0266", - "reference": "bfc9ebb28f97e7a24c45bdc3f0ff482e47bb0266", + "url": "https://api.github.com/repos/Seldaek/monolog/zipball/70e65a5470a42cfec1a7da00d30edb6e617e8dcf", + "reference": "70e65a5470a42cfec1a7da00d30edb6e617e8dcf", "shasum": "" }, "require": { @@ -1072,7 +1072,7 @@ "logging", "psr-3" ], - "time": "2018-11-05T09:00:11+00:00" + "time": "2019-09-06T13:49:17+00:00" }, { "name": "moontoast/math", @@ -1761,16 +1761,16 @@ }, { "name": "psr/log", - "version": "1.1.0", + "version": "1.1.2", "source": { "type": "git", "url": "https://github.com/php-fig/log.git", - "reference": "6c001f1daafa3a3ac1d8ff69ee4db8e799a654dd" + "reference": "446d54b4cb6bf489fc9d75f55843658e6f25d801" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/php-fig/log/zipball/6c001f1daafa3a3ac1d8ff69ee4db8e799a654dd", - "reference": "6c001f1daafa3a3ac1d8ff69ee4db8e799a654dd", + "url": "https://api.github.com/repos/php-fig/log/zipball/446d54b4cb6bf489fc9d75f55843658e6f25d801", + "reference": "446d54b4cb6bf489fc9d75f55843658e6f25d801", "shasum": "" }, "require": { @@ -1779,7 +1779,7 @@ "type": "library", "extra": { "branch-alias": { - "dev-master": "1.0.x-dev" + "dev-master": "1.1.x-dev" } }, "autoload": { @@ -1804,7 +1804,7 @@ "psr", "psr-3" ], - "time": "2018-11-20T15:27:04+00:00" + "time": "2019-11-01T11:05:21+00:00" }, { "name": "psr/simple-cache", @@ -1978,16 +1978,16 @@ }, { "name": "robrichards/xmlseclibs", - "version": "3.0.3", + "version": "3.0.4", "source": { "type": "git", "url": "https://github.com/robrichards/xmlseclibs.git", - "reference": "406c68ac9124db033d079284b719958b829cb830" + "reference": "0a53d3c3aa87564910cae4ed01416441d3ae0db5" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/robrichards/xmlseclibs/zipball/406c68ac9124db033d079284b719958b829cb830", - "reference": "406c68ac9124db033d079284b719958b829cb830", + "url": "https://api.github.com/repos/robrichards/xmlseclibs/zipball/0a53d3c3aa87564910cae4ed01416441d3ae0db5", + "reference": "0a53d3c3aa87564910cae4ed01416441d3ae0db5", "shasum": "" }, "require": { @@ -2012,7 +2012,7 @@ "xml", "xmldsig" ], - "time": "2018-11-15T11:59:02+00:00" + "time": "2019-11-05T11:44:22+00:00" }, { "name": "sensio/distribution-bundle", @@ -2233,16 +2233,16 @@ }, { "name": "simplesamlphp/saml2", - "version": "v3.3.6", + "version": "v3.2.6", "source": { "type": "git", "url": "https://github.com/simplesamlphp/saml2.git", - "reference": "513970e78c527d87a3358829d7c0f417267a582b" + "reference": "a56e46ef8e0c5245a4ca7facc3d308b493215751" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/simplesamlphp/saml2/zipball/513970e78c527d87a3358829d7c0f417267a582b", - "reference": "513970e78c527d87a3358829d7c0f417267a582b", + "url": "https://api.github.com/repos/simplesamlphp/saml2/zipball/a56e46ef8e0c5245a4ca7facc3d308b493215751", + "reference": "a56e46ef8e0c5245a4ca7facc3d308b493215751", "shasum": "" }, "require": { @@ -2255,11 +2255,11 @@ }, "require-dev": { "mockery/mockery": "~0.9", - "phpmd/phpmd": "~2.6", + "phpmd/phpmd": "~1.5", "phpunit/phpunit": "~4", - "sebastian/phpcpd": "~2.0", - "sensiolabs/security-checker": "~4.1", - "squizlabs/php_codesniffer": "~3.2" + "sebastian/phpcpd": "~1.4", + "sensiolabs/security-checker": "~1.1", + "squizlabs/php_codesniffer": "~1.4" }, "type": "library", "extra": { @@ -2286,7 +2286,7 @@ } ], "description": "SAML2 PHP library from SimpleSAMLphp", - "time": "2019-01-04T13:42:36+00:00" + "time": "2018-11-20T11:11:28+00:00" }, { "name": "surfnet/stepup-bundle", @@ -2400,30 +2400,35 @@ }, { "name": "surfnet/stepup-saml-bundle", - "version": "4.1.2", + "version": "4.1.8", "source": { "type": "git", "url": "https://github.com/OpenConext/Stepup-saml-bundle.git", - "reference": "1ce8e74a7e35963e60378da8c8647656e382cef9" + "reference": "cf88eb328a31d30a3b94deea7931a759bd362aab" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/OpenConext/Stepup-saml-bundle/zipball/1ce8e74a7e35963e60378da8c8647656e382cef9", - "reference": "1ce8e74a7e35963e60378da8c8647656e382cef9", + "url": "https://api.github.com/repos/OpenConext/Stepup-saml-bundle/zipball/cf88eb328a31d30a3b94deea7931a759bd362aab", + "reference": "cf88eb328a31d30a3b94deea7931a759bd362aab", "shasum": "" }, "require": { "ext-openssl": "*", "php": ">=5.6,<8.0-dev", - "robrichards/xmlseclibs": "^3.0", - "simplesamlphp/saml2": "^3.0", + "robrichards/xmlseclibs": "^3.0.4", + "simplesamlphp/saml2": "3.2.*", "symfony/dependency-injection": ">=2.7,<4", "symfony/framework-bundle": ">=2.7,<4" }, "require-dev": { - "ibuildings/qa-tools": "~1.1", "mockery/mockery": "~0.9", - "psr/log": "~1.0" + "phpmd/phpmd": "^2.6", + "phpunit/phpunit": "^5.7", + "psr/log": "~1.0", + "sebastian/exporter": "~2.0", + "sebastian/phpcpd": "^2.0", + "sensiolabs/security-checker": "^5.0", + "squizlabs/php_codesniffer": "^3.0" }, "type": "symfony-bundle", "autoload": { @@ -2443,7 +2448,7 @@ "stepup", "surfnet" ], - "time": "2018-09-04T10:06:38+00:00" + "time": "2019-11-06T13:09:53+00:00" }, { "name": "surfnet/stepup-u2f-bundle",