Discussion:
security advisory
Vignesh, Vanna G.
2014-08-15 14:56:21 UTC
Permalink
Please help me to find out if I need to upgrade the version.
In service.xml, all the resources types are FilesystemResource.
In relying-party.xml, to fetch Incommon, the xsi type is FileBackedHTTPMetadataProvider with the metadataURL =http://md.incommon.org/InCommon/InCommon-metadata.xml
Do I need to upgrade the version or is there any other option?
Vignesh, Vanna G.
2014-08-15 15:08:43 UTC
Permalink
FYI. I dont have disregardSslCertificate set in the relying-party.

<metadata:MetadataProvider id="InCommon"
xsi:type="FileBackedHTTPMetadataProvider" xmlns="urn:mace:shibboleth:2.0:metadata"
metadataURL="http://md.incommon.org/InCommon/InCommon-metadata.xml"
backingFile="InCommon-metadata.xml" />

From: Vignesh, Vanna G.
Sent: Friday, August 15, 2014 10:56 AM
To: users-***@public.gmane.org
Subject: security advisory

Please help me to find out if I need to upgrade the version.
In service.xml, all the resources types are FilesystemResource.
In relying-party.xml, to fetch Incommon, the xsi type is FileBackedHTTPMetadataProvider with the metadataURL =http://md.incommon.org/InCommon/InCommon-metadata.xml
Do I need to upgrade the version or is there any other option?
Cantor, Scott
2014-08-15 17:05:39 UTC
Permalink
Post by Vignesh, Vanna G.
Please help me to find out if I need to upgrade the version.
In service.xml, all the resources types are FilesystemResource.
In relying-party.xml, to fetch Incommon, the xsi type is
FileBackedHTTPMetadataProvider with the metadataURL
=http://md.incommon.org/InCommon/InCommon-metadata.xml
Do I need to upgrade the version or is there any other option?
Nothing you posted matches any of the options mentioned in the advisory,
but nobody should ever treat patches as anything but inevitable things to
plan for during the next upgrade window.

-- Scott
--
To unsubscribe from this list send an email to users-unsubscribe-***@public.gmane.org
Loading...