The Shibboleth project has recently advised of a critical security issue involving the Shibboleth Service Provider. An updated version of the Service Provider software is available which corrects this issue.

Recommendations

• Update to the latest version of the Shibboleth Service Provider Software for your operating system
• Linux installations relying on official RPM packages can upgrade to the latest package versions to obtain the fix 
•  Windows systems can upgrade to the latest Service Provider release (V2.6.1.3) which contains the appropriately updated libraries.
  

To view the full Security Advisory, go to: https://shibboleth.net/community/advisories/secadv_20180112.txt