4 Fix for secadv 20091104
9 Fix for secadv 20090826
14 Fix for secadv 20090817
19 Refresh of branch with bug fixes
20 Workarounds for secadv 20090614
25 Refresh of branch with numerous bug and portability fixes
26 Expanded support for more 64-bit platforms (but not Windows)
27 Auto-detection of Apache version during build
28 Enhancements to RequestMap to support Host and Path regex matches
29 Trust engine changes to align behavior with 2.0 release
30 Optional header spoofing detection by modules
31 Apache module cleanup, including use of environment variables
32 Minor logging improvements
38 Fix for secadv 20061002
43 Fix for secadv 20060615
48 Support for Apache 2.2, improved autoconf and RPM support
49 Support for some 64-bit platforms (e.g. x86_64 Linux)
50 Misc. fixes and small enhancements
55 Updated fix for secadv 20051227
56 Fixed seldom-used Apache commands
58 Included optional ADFS support
63 Updated fix for secadv 20050901
64 Fixes for bugs involving embedded slashes in RequestMap Paths,
65 inheritance of handler locations in overridden Applications,
66 inheritance of Access Control plugins in RequestMap,
67 creation of per-site script mapping in IIS install
72 Fix for secadv 20050901
77 See http://shibboleth.internet2.edu for details of this
83 This release is a fully compatible minor update
84 to the Shibboleth 1.2.1 release. It addesses problems
85 and small functional gaps identified since the release
86 of the previous version.
90 Support for the target software on Mac OS X
92 Improved target RequestMap handling of web sites
93 running on both http and https.
97 Target build scripts better detect and handle threading
100 Variety of target race conditions and exceptions in RPC
103 Bugs in assertion condition handling.
105 Target RequestMap should ignore query strings.
107 Fixed the library path in Windows resolvertest batch
110 Fixed a crash in extkeytool program.
112 Fixed a file descriptor leak in the IdP.
114 Fixed a bug that prevented the HS from supporting
115 multiple SAML Name Identifier formats.
117 The attribute resolver now retains the order of attribute
118 values obtained from data connectors.
120 The JDBC Data Connector ignores case when mapping
121 sourceName to the attribute name.
123 Minor udpates to documentation.
125 Rev'd dependant java libraries (Xerces, Commons Pool,
133 This release represents a fully compatible minor update
134 to the Shibboleth 1.0 release, and is considered to be
135 ready for production use.
142 Multi-federation support. Most origin configuration,
143 including signing credentials and identifiers, can be
144 overriden depending on the recipient of the assertions.
146 Simplified application architecture. Both origins
147 and targets now reference each other using a single
148 identifier called a "provider id".
150 The Attribute Authority can be configured to answer
151 requests with multiple SAML Subject formats,
152 increasing interoperability with other SAML-based
155 Signing credentials can now be loaded from a variety
156 of formats, including those commonly used with OpenSSL.
158 The origin now validates all requests from 1.2+ targets
159 against federation metadata.
161 Compatibility with 1.1 targets using a "legacy" or
162 "default" configuration.
164 Separate logs are created for errors and transaction
167 Easier logging configuration.
169 Support is included for pulling attribute data from SQL
170 databases using JDBC. The JDBC Data Connector includes
171 support for conection pooling and prepared statements.
173 Mechanism for throttling requests to the Handle Service.
174 This improves performance by preventing the server from
175 becoming saturated with signing requests. Throttle can
176 be adjusted based for servers with more than two CPUs.
178 Support for signatures on all SAML Assertions and
179 Responses, which allows for more interoperability
180 with other SAML-based software and profiles.
182 Attribute Release Policies can contain match functions
183 on attribute values. This allows the release of specific
184 values based on regular expression.
186 Support has been added to the Attribute Authority for
187 using alternate data connectors in the event of a
190 The resolvertest program can now process and enforce
191 Attribute Release Policies.
193 Updated library dependencies, including OpenSAML and XML
194 Security, with substantial performance improvements when
197 Many important bug fixes
203 New XML-based configuration system supporting runtime
204 adjustment of many settings and better integration with
205 supplemental configuration files
207 Ability to partition deployment into "Applications" at the
208 vhost, path, or document level
210 "Lazy" sessions allow applications to redirect browser
211 to initiate a session, allowing content to decide it
212 needs authentication or attributes at runtime
214 Flexible support for multi-federation deployment, including
215 selection of credentials and authorities based on the request
216 and the origin site or federation
218 Support for more types of key and certificate formats
220 Improved pluggability for many aspects of system, including
221 access control modules
223 Clearer trace logging and support for a transaction/audit log
225 Pooling and caching of HTTP and TLS connections to origins
227 Support for alternative SAML name formats for intra-enterprise
228 deployments and better interoperability with SAML products
230 Support for tailoring attribute query behavior, particularly
231 non-fatal failure modes for intelligent applications prepared
232 to deal with missing information
234 Updated library dependencies, including OpenSAML, Xerces parser,
235 XML Security, and support for all GCC 3.x compiler versions
237 Support for Apache 2.0 as well as Apache 1.3 and IIS
239 Many important bug fixes