Security Alerts - Shibboleth Service Provider Security Advisory [11 March 2019]
The Shibboleth has advised of a critical security issue involving the Shibboleth Service Provider. It has been determined that a crash can be triggered within the Shibboleth SP when it is provided a malformed XML declaration. A crash prevents your users from accessing protected resources until the daemon is restarted.
This issue impacts all 2.x and 3.x versions of the Shibboleth SP. Following the end of life of Shibboleth V2, only the 3.x Shibboleth SP release is being patched against this issue.
To view the official Security Advisory, go to: https://shibboleth.net/community/advisories/secadv_20190311.txt