V2.x - Nokogiri Upgrade Part 3 - Shim XMLSecurity so it raises deprecation warnings and errors#748
Merged
pitbulk merged 42 commits intoSAML-Toolkits:v2.xfrom Mar 13, 2025
Conversation
Introduce thread safety to SAML schema read
#fingerprint method memoizes its result, and it should not b/c it takes arguments.
…ib-errors Skip sporadic Zlib::BufError failures in JRuby tests
…n-strings Support frozen strings with REXML
…y-fix Backport JRuby test fix to master
docs: readme improvements
3 tasks
johnnyshields
changed the title
…ion bypass via Signature Wrapping attack allowed due parser differential
…1.18.0 Security fixes: CVE-2025-25291, CVE-2025-25292 and CVE-2025-25293
Update ruby-saml version in README
…ecurity-shim' into v2.x
Collaborator
Author
14 tasks
pitbulk
changed the title
bcgraham
pushed a commit
to vericred/ruby-saml
that referenced
this pull request
Nov 5, 2025
…s deprecation warnings and errors (SAML-Toolkits#748)
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
6 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Previously for 2.x I was trying to make XMLSecurity backwards compatible. With the upcoming Nokogiri refactor, this is more difficult to do than I realized.
A better approach will be to simply shim the old XMLSecurity classes so they raise clear deprecations and NoMethodErrors if any one tries to use them--assuming they have any basic tests in their app, the tests will fail. Since XMLSecurity functionality is not the main focus of RubySaml anyway, this should be safe to do.
It may be possible to restore functionality to some of these methods after the Nokogiri migration is complete. We'll have to see.