Workflow

Python3-saml

Latest version: v1.16.0

Safety actively analyzes 706267 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 3 of 5

1.5.0

Not secure
* Security improvements. Use of tagid to prevent XPath injection. Disable DTD on fromstring defusedxml method
* [97](https://github.com/onelogin/python3-saml/pull/97) Check that the response has all of the AuthnContexts that we provided
* Adapt renders from Django demo for Django 1.11 version
* Update pylint dependency to 1.9.1
* If debug enable, print reason for the SAMLResponse invalidation
* Fix DSA constant
* [106](https://github.com/onelogin/python3-saml/pull/106) Support NameID children inside of AttributeValue elements
* Start using flake8 for code quality

1.4.1

Not secure
* Add ID to EntityDescriptor before sign it on add_sign method.
* Update defusedxml, coveralls and coverage dependencies
* Update copyright and license reference

1.4.0

Not secure
* Fix vulnerability [CVE-2017-11427](https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2017-11427). Process text of nodes properly, ignoring comments
* Improve how fingerprint is calcultated
* Fix issue with LogoutRequest rejected by ADFS due NameID with unspecified format instead no format attribute
* Fix signature position in the SP metadata
* [80](https://github.com/onelogin/python3-saml/pull/80) Preserve xmlns:xs namespace when signing and serializing responses
* Redefine NSMAP constant
* Updated Django demo (Django 1.11).

1.3.0

Not secure
* Improve decrypt method, Add an option to decrypt an element in place or copy it before decryption.
* [63](https://github.com/onelogin/python3-saml/pull/63) Be able to get at the auth object the last processed ID (response/assertion) and the last generated ID, as well as the NotOnOrAfter value of the valid SubjectConfirmationData in the processed SAMLResponse
* On a LogoutRequest if the NameIdFormat is entity, NameQualifier and SPNameQualifier will be omitted. If the NameIdFormat is not entity and a NameQualifier is provided, then the SPNameQualifier will be also added.
* Reset errorReason attribute of the auth object before each Process method
* [65](https://github.com/onelogin/python3-saml/pull/65) Fix issue on getting multiple certs when only sign or encryption certs

1.2.6

Not secure
* Use defusedxml that will prevent XEE and other attacks based on the abuse on XMLs. (CVE-2017-9672)

1.2.5

Not secure
* Fix issue related with multicers (multicerts were not used on response validation)

Page 3 of 5

Links

Releases

Has known vulnerabilities

Previous Next

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.