Version 1.6.2 of simpleSAMLphp is available from:
This release contains security fixes since version 1.6.1.
During an inspection of the various templates, several cross-site scripting vulnerabilities were discovered. They are mostly related to displaying of metadata or user-attributes, and thus require the attacker to be able to change the metadata or attributes your installation receives.
Except for the issues with attributes and metadata, you may be vulnerable if:
- You use the InfoCard module.
- You use the openid authentication source.
- You use the oauth module.
All users of simpleSAMLphp are encouraged to upgrade.