Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[READY] V2.x - Nokogiri Upgrade Part 3 - Shim XMLSecurity so it raises deprecation warnings and errors #748

Merged
merged 42 commits into from
Mar 13, 2025
Merged

[READY] V2.x - Nokogiri Upgrade Part 3 - Shim XMLSecurity so it raises deprecation warnings and errors #748

merged 42 commits into from
Mar 13, 2025

Conversation

johnnyshields
Copy link
Collaborator

@johnnyshields johnnyshields commented Mar 11, 2025
edited
Loading

Previously for 2.x I was trying to make XMLSecurity backwards compatible. With the upcoming Nokogiri refactor, this is more difficult to do than I realized.

A better approach will be to simply shim the old XMLSecurity classes so they raise clear deprecations and NoMethodErrors if any one tries to use them--assuming they have any basic tests in their app, the tests will fail. Since XMLSecurity functionality is not the main focus of RubySaml anyway, this should be safe to do.

It may be possible to restore functionality to some of these methods after the Nokogiri migration is complete. We'll have to see.

pitbulk and others added 22 commits October 2, 2024 21:56
@pitbulk
Add sponsor: 84codes
21b676b
@e-ikuta
remove Dir.chdir
a1f2f7d
@frederikspang
Support frozen strings
fe69a45
@frederikspang
Adjust from review
6c51d87
@frederikspang
Remove freeze from class var
a0c13e8
@pitbulk
Merge pull request SAML-Toolkits#727 from e-ikuta/remove_chdir
130b829 
Introduce thread safety to SAML schema read
@frederikspang
Use dup for string unfreeze
8ad335c
@pitbulk
Fix fingerprint method
c70e911 
#fingerprint method memoizes its result, and it should not b/c it takes arguments.
@frederikspang
Add mutex_m in gemspec
5004676
@pitbulk
Skip sporadic Zlib::BufError failures in JRuby tests
ef8827a
@pitbulk
Update ruby-saml.gemspec
b009d6d
@pitbulk
Add implicit dependencies required for Ruby >= 3.4.0
eb14644
@pitbulk
Merge pull request SAML-Toolkits#738 from SAML-Toolkits/skip-jruby-zl…
0da0b55 
…ib-errors

Skip sporadic Zlib::BufError failures in JRuby tests
@pitbulk
Merge pull request SAML-Toolkits#728 from frederikspang/feature/froze…
66893b5 
…n-strings

Support frozen strings with REXML
@johnnyshields
Backport JRuby test fix to master
99ca101
@johnnyshields
Update test_helper.rb
a5063fd
@johnnyshields
Update test_helper.rb
4c42807
@johnnyshields
Update test_helper.rb
011ff4f
@pitbulk
Merge pull request SAML-Toolkits#740 from johnnyshields/backport-jrub…
bbe39e9 
…y-fix

Backport JRuby test fix to master
@andimrob
docs: readme improvements
927d6f0
@pitbulk
Merge pull request SAML-Toolkits#741 from andimrob/readme-improvements
0d16835 
docs: readme improvements
@johnnyshields
Shim XMLSecurity so it raises deprecation warnings and errors
4b54a77
@johnnyshields johnnyshields mentioned this pull request Mar 11, 2025
Open
5 tasks
@johnnyshields johnnyshields changed the title [READY] V2.x - Shim XMLSecurity so it raises deprecation warnings and errors [READY] V2.x - Nokogiri Upgrade Part 3 - Shim XMLSecurity so it raises deprecation warnings and errors Mar 11, 2025
pitbulk and others added 14 commits March 12, 2025 18:42
@pitbulk
Fix vulnerability: CVE-2025-25293: Potential DOS abusing of compresse…
acac9e9 
…d messages.
@pitbulk
Fix vulnerabilities: CVE-2025-25291, CVE-2025-25292: SAML authenticat…
e9c1cdb 
…ion bypass via Signature Wrapping attack allowed due parser differential
@pitbulk
Merge pull request SAML-Toolkits#750 from SAML-Toolkits/security_fix_…
fb2eac1 
…1.18.0

Security fixes: CVE-2025-25291, CVE-2025-25292 and CVE-2025-25293
@pitbulk
Release 1.18.0
51ef41d
@pitbulk
Reorder Changelog and include reference to 1.12.4
6a7c040
@pitbulk
Missed reference
fa78136
@johnnyshields
Fix for CVE
24c3934
@blombard
Update ruby-saml version in README
a38fc2c
@johnnyshields
Port malformed doc commit
4a80d41
@pitbulk
Merge pull request SAML-Toolkits#752 from johnnyshields/v2.x-cve-fix
8feeb8c 
v2.x CVE fix
@pitbulk
Merge pull request SAML-Toolkits#751 from blombard/patch-1
fbbedc9 
Update ruby-saml version in README
@johnnyshields
Merge remote-tracking branch 'remotes/origin/master' into v2.x
40250eb
@johnnyshields
Remove Dir.chdir
3313955
@johnnyshields
Merge remote-tracking branch 'remotes/johnnyshields/v2.x-better-xml-s…
f9e21da 
…ecurity-shim' into v2.x
@johnnyshields
Copy link
Collaborator Author

@pitbulk this is ready. Please merge in #754 first, then this one.

@johnnyshields johnnyshields mentioned this pull request Jan 19, 2025
Open
12 tasks
@pitbulk pitbulk merged commit 3b0a71b into SAML-Toolkits:v2.x Mar 13, 2025
29 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
6 participants
@johnnyshields @pitbulk @e-ikuta @frederikspang @andimrob @blombard