Release 2.4.3

Author: pitbulk

README.md

@@ -14,6 +14,10 @@ This kind of WP hosting used to cache plugins and protect the wp-login.php view.
 You will need to contact them in order to disable the cache for this SAML plugin and also allow external HTTP POST to
 wp-login.php
 
+### Security Improvements on 2.4.3 ###
+
+Version 2.4.3 includes a security patch that contains extra validations that will prevent some kind of elaborated signature wrapping attacks and other security improvements. Previous versions are vulnerable so we highly recommended to upgrade to >= 2.4.3.
+
 
 ### If you used this plugin before 2.2.0 with just-in-time provision active ###
 Read: https://wpvulndb.com/vulnerabilities/8508

onelogin-saml-sso/onelogin_saml.php

@@ -1,10 +1,10 @@
 <?php
 /*
 Plugin Name: OneLogin SAML SSO
-Plugin URI: http://support.onelogin.com/entries/383540
+Plugin URI: https://github.com/onelogin/wordpress-saml
 Description: Give users secure one-click access to WordPress from OneLogin. This SAML integration eliminates passwords and allows you to authenticate users against your existing Active Directory or LDAP server as well increase security using YubiKeys or VeriSign VIP Access, browser PKI certificates and OneLogin's flexible security policies. OneLogin is pre-integrated with thousands of apps and handles all of your SSO needs in the cloud and behind the firewall.
 Author: OneLogin, Inc.
-Version: 2.4.2
+Version: 2.4.3
 Author URI: http://www.onelogin.com
 */
 

onelogin-saml-sso/readme.txt

@@ -22,6 +22,12 @@ To mitigate that bug, place the script at the root of wordpress and execute it (
 
 == Changelog ==
 
+= 2.4.3 =
+ * Update php-saml library to [2.10.0](https://github.com/onelogin/php-saml/releases/tag/v2.10.0) (it includes SAML Signature Wrapping attack prevention and other security improvements).
+* Fix Idp initiated sign out issue (WP session not closed) [#25](https://github.com/onelogin/wordpress-saml/issues/25)
+* Fix Ordering issue with Auth Check for SAML Validation  [#23](https://github.com/onelogin/wordpress-saml/issues/23) 
+* Be able to enable lowercase URL encoding (Compatibility issue with ADFS when validating Signatures
+
 = 2.4.2 =
  * Update php-saml library to 2.9.0 (it includes SAML Signature Wrapping attack prevention).
 

onelogin-saml-sso/version.json

@@ -1,12 +1,12 @@
 {
     "php-saml": {
-        "version": "2.9.0",
-        "released": "27/06/2016"
+        "version": "2.10.0",
+        "released": "14/10/2016"
     },
     "plugin": {
         "app":      "wordpress",
         "name":     "onelogin-saml-sso",
-        "version":  "2.4.2",
-        "released": "27/06/2016"
+        "version":  "2.4.3",
+        "released": "14/10/2016"
     }
 }