Skip to content

[GHSA-6929-8p9f-26jx] SimpleSAMLphp HTTP-Artifact TLS validator confusion allows cross-IdP authentication bypass#8519

Open
tvdijen wants to merge 1 commit into
tvdijen/advisory-improvement-8519from
tvdijen-GHSA-6929-8p9f-26jx
Open

[GHSA-6929-8p9f-26jx] SimpleSAMLphp HTTP-Artifact TLS validator confusion allows cross-IdP authentication bypass#8519
tvdijen wants to merge 1 commit into
tvdijen/advisory-improvement-8519from
tvdijen-GHSA-6929-8p9f-26jx

Conversation

@tvdijen

@tvdijen tvdijen commented Jul 6, 2026

Copy link
Copy Markdown

Updates

  • Affected products

Comments
The patch was backported to fix the upgrade path

@github

github commented Jul 6, 2026

Copy link
Copy Markdown
Collaborator

Hi there @tvdijen! A community member has suggested an improvement to your security advisory. If approved, this change will affect the global advisory listed at github.com/advisories. It will not affect the version listed in your project repository.

This change will be reviewed by our Security Curation Team. If you have thoughts or feedback, please share them in a comment here! If this PR has already been closed, you can start a new community contribution for this advisory

@tvdijen

tvdijen commented Jul 6, 2026

Copy link
Copy Markdown
Author

I was the community member suggesting this improvement.
We have backported the fix because not everyone was able to upgrade. Please accept.

@github-actions github-actions Bot changed the base branch from main to tvdijen/advisory-improvement-8519 July 6, 2026 21:43
@maheshv546

Copy link
Copy Markdown

Team can you please check and merge this PR ASAP. Our release is blocked due to this security issue.

@tvdijen

tvdijen commented Jul 7, 2026

Copy link
Copy Markdown
Author

Team can you please check and merge this PR ASAP. Our release is blocked due to this security issues.

It's only blocked by your imagination. I told you ten times already that v4.19.3 has fixes for this CVE.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

3 participants