Shibboleth security advisory for Shibboleth IdP and OpenSAML-J

Posted on Friday, 19 September 2014

The following announcement has recently been sent out to everyone listed as a technical or administrative contact for an entity registered with the UK Access Management Federation for Education and Research. Its purpose is to inform you of an important security problem which will affect some UK federation members.

YOU SHOULD ENSURE that the material below is reviewed by your technical staff as soon as possible, so that you can minimise the impact of this issue on your services.

We recommend that all deployments of the Shibboleth IdP be upgraded to version 2.4.2 as soon as possible to avoid the security issue.

The full Shibboleth security advisory is available at:

Please contact the UK federation helpdesk ( if you have any additional questions about this update.

Edited by AlexStuart on 22 September 2014, at 02:09 PM (Permalink)