Updates from OIOSAML #6
Labels
Comments
i8beef
added a commit
that referenced
this issue
Aug 31, 2016
|
I've looked at applying your changes, and while I basically understand where its going, because it affects so many files, I'm not sure how it affects XML serialization when you ARE using namespaces, and because I don't have anywhere to test it, I have it in a separate branch, and it needs testing before i merge it. If we can get someone to test the 6-OIOSAML-1.7.9-XmlResolver-Changes branch, and ensure that this doesn't play havoc with any of the namespace serializations with documents generated herein, then I will merge it. I know this was an upstream change, so it's probably safe as we haven't diverged THAT much, but I'd still rather be safe than sorry on this one. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I've attached a zip file that contains a port of the changes that were in OIOSAML.NET 1.7.9 to set the XMLResolver to NULL to prevent XML injection.
There is also a small change in the test app.config file to allow an additional test to be run when not building in the folder C:\Projects\SAML\Saml2
saml2_e9e23c273571.WithXMLChange.zip
The text was updated successfully, but these errors were encountered: