Security Advisory: Critical flaw in OpenSAML affecting Shibboleth Service Provider

Posted on Friday, 14 March 2025

The Shibboleth Project last night released an update and security advisory to the OpenSAML library used by the Shibboleth Service Provider. The Shibboleth developers have assessed this issue and determined its impact to be critical.

Recommended Actions:

• Update to version 3.3.1 (or later) of the OpenSAML library package as soon as possible and also subscribe to future notifications .

Detailed instructions are provided in the advisory.

Please ensure your software versions are patched promptly. If you have any questions or queries then please do contact the UK federation service desk.

Edited by MattHuckson on 19 March 2025, at 08:16 AM