Workflow

Python-saml

Latest version: v2.13.0

Safety actively analyzes 706267 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 4 of 6

2.1.9

Not secure
* Change the decrypt assertion process.
* Add 2 extra validations to prevent Signature wrapping attacks.

2.1.8

Not secure
* Fix Metadata XML (RequestedAttribute)
* Fix Windows specific Unix date formatting bug.
* Docs for OSx instlltion of libsecxml1
* Fix SHA384 Constant URI
* [142](https://github.com/onelogin/python-saml/pull/142) Refactor of settings.py to make it a little more readable.
* Bugfix for ADFS lowercase signatures
* READMEs suggested wrong cert name

2.1.7

Not secure
* [117](https://github.com/onelogin/python-saml/pull/117) AttributeConsumingService support
* [114](https://github.com/onelogin/python-saml/pull/114) Compare Assertion InResponseTo if not None
* Return empty list when there are no audience values
* Passing NameQualifier through to logout request
* Make deflate process when retrieving built SAML messages optional
* Add debug parameter to decrypt method
* Fix Idp Metadata parser
* Add documentation related to the new IdP metadata parser methods
* Extract the already encoded value directly from get_data
* [133](https://github.com/onelogin/python-saml/pull/133) Fix typo and add extra assertions in util decrypt test
* Fix Signature with empty URI support
* Allow AuthnRequest with no NameIDPolicy
* Remove requirement of NameID on SAML responses

2.1.6

Not secure
* Prevent signature wrapping attack!!
* [111](https://github.com/onelogin/python-saml/pull/111) Add support for nested `NameID` children inside `AttributeValue`s
* ALOWED Misspell
* Improve how we obtain the settings path.
* Update docs adding reference to test depencence installation
* Fix Organization element on SP metadata.
* [100](https://github.com/onelogin/python-saml/pull/100) Support Responses that don't have AttributeStatements.

2.1.5

Not secure
* [86](https://github.com/onelogin/python-saml/pull/86) Make idp settings optional (Usefull when validating SP metadata)
* [79](https://github.com/onelogin/python-saml/pull/79) Remove unnecesary dependence. M2crypto is not used.
* [77](https://github.com/onelogin/python-saml/pull/77) Fix server_port can be None
* Fix bug on settings constructor related to sp_validation_only
* Make SPNameQualifier optional on the generateNameId method. Avoid the use of SPNameQualifier when generating the NameID on the LogoutRequest builder.
* Allows the RequestedAuthnContext Comparison attribute to be set via settings
* Be able to retrieve Session Timeout after processResponse
* Update documentation. Clarify the use of the certFingerprint

2.1.4

Not secure
* Now the SP is able to select the algorithm to be used on signatures (DSA_SHA1, RSA_SHA1, RSA_SHA256, RSA_SHA384, RSA_SHA512).
* Support sign validation of different kinds of algorithm
* Add demo example of the Bottle framework.
* [73](https://github.com/onelogin/python-saml/pull/73) Improve decrypt method
* Handle valid but uncommon dsig block with no URI in the reference
* Split the setting check methods. Now 1 method for IdP settings and other for SP settings
* Let the setting object to avoid the IdP setting check. required if we want to publish SP * SAML Metadata when the IdP data is still not provided.

Page 4 of 6

Links

Releases

Has known vulnerabilities

Previous Next

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.