A new release is available for SimpleSAMLphp, released on Wednesday, 6 November 2019. This release resolves a critical security issue expected to be announced on Thursday, 7 November 2019.
If your application uses SimpleSAMLphp, you should update to the latest version 1.17.7 as soon as possible to ensure the continued security of your application.
As this is a third-party package, Acquia is unable to update this package for you.
For Remote Administration customers, automated security updates may automatically update the SimpleSAMLphp third-party library if it was installed as a dependency of the simplesamlphp_auth module and if it was installed using Composer. This is an expected outcome for Composer managed applications with such a declared dependency.
Details of the release can be found on the SimpleSAMLphp changelog page.
You can subscribe to the announcements mailing list at https://simplesamlphp.org/lists.
Please contact Acquia Support if you have any additional questions and we’ll be happy to assist.