SAML extension - Libxml2 Canonicalization error can bypass Digest/Signature...

An easy, extensible web based IT service management platform

Brought to you by: abdelh, accognet, azana38, bdalsass, and 17 others

Milestone: Unassigned

Status: new

Owner: nobody

Labels: None

Resolution:

Component: Extension

Priority: Critical

Version: 3.2.1

Type: defect

Updated: 2026-02-18

Created: 2026-02-18

Private: No

Hello,
the combodo-saml extension version 1.2.2 (latest published) uses robrichards/xmlseclibs version 3.1.3, which contains severe vulnerability: https://github.com/robrichards/xmlseclibs/security/advisories/GHSA-c4cc-x928-vjw9 .
This was fixed in version 3.1.4 of that library.