Shibboleth Identity Provider Security Advisory

Posted on Monday, 31 March 2025

The UK federation recommends adhering to best practices by routinely managing patches for your IdP environment. This includes subscribing to future security notifications:Shibboleth Announce.

Following the recent low-level security advisory from the Shibboleth Consortium regarding the IdP, you should update your Identity Provider software to version 5.1.4 (or later) at your earliest convenience. Although the affected code path is likely not in use by the UK federation userbase, updating will help mitigate any potential exploits.

Please ensure your software versions are patched promptly. If you have any questions or queries then please do contact the UK federation service desk

Edited by MattHuckson on 31 March 2025, at 10:53 AM