Release 3.1.0

pitbulk · pitbulk · commit 300833d5dcd8 · 2019-01-28T13:58:15.000+01:00
diff --git a/README.md b/README.md
@@ -10,6 +10,8 @@ and supported by OneLogin Inc.
 Warning
 -------
 
+Update php-saml to 3.1.0, this version includes a security patch related to XEE attacks.
+
 This version is compatible with PHP 7.X and does not include xmlseclibs (you will need to install it via composer, dependency described in composer.json)
 
 Security Guidelines
diff --git a/src/Saml2/version.json b/src/Saml2/version.json
@@ -1,6 +1,7 @@
 {
     "php-saml": {
-        "version": "3.0.0",
-        "released": "02/11/2018"
+        "version": "3.1.0",
+        "released": "28/01/2019"
     }
 }
+
diff --git a/tests/src/OneLogin/Saml2/UtilsTest.php b/tests/src/OneLogin/Saml2/UtilsTest.php
@@ -90,11 +90,14 @@ public function testXMLAttacks()
             $this->assertEquals('Detected use of DOCTYPE/ENTITY in XML, disabled to prevent XXE/XEE attacks', $e->getMessage());
         }
 
-        $attackXEEutf16 = mb_convert_encoding('<?xml version="1.0" encoding="UTF-16"?>
+        $attackXEEutf16 = mb_convert_encoding(
+            '<?xml version="1.0" encoding="UTF-16"?>
                       <!DOCTYPE results [<!ENTITY harmless "completely harmless">]>
                       <results>
                         <result>This result is &harmless;</result>
-                      </results>', 'UTF-16');
+                      </results>',
+            'UTF-16'
+        );
         try {
             $res4 = Utils::loadXML($dom, $attackXEEutf16);
             $this->assertFalse($res4);

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,7 @@`
`1`	`1`	`{`
`2`	`2`	`"php-saml": {`
`3`		`- "version": "3.0.0",`
`4`		`- "released": "02/11/2018"`
	`3`	`+ "version": "3.1.0",`
	`4`	`+ "released": "28/01/2019"`
`5`	`5`	`}`
`6`	`6`	`}`
	`7`	`+`