General

Depreciated versions of saml sso plugin

546 views October 7, 2022 October 10, 2022 akshaydaundkar 0

Why have we depreciated our older versions and How does this affect you?

  • The older versions of our plugins were using some legacy library files (including SAML library, Bootstrap and other JS libraries) that have been flagged for vulnerabilities.
  • The older versions of our plugins were not compatible with the new versions of WordPress and PHP. That means you will need to be on an older version of WordPress and PHP to use the older plugins. Running your site on old PHP or WordPress versions can cause some serious security issues on the site.
  • The older version of the plugin contains an expired X.509 certificate which is used by the plugin to sign authentication requests and decrypted Encrypted Assertions. Due to security reasons, using an expired certificate for the SAML connection is not recommended.

Due to the presence of all these security gaps, we have now discontinued the older versions of our plugins.

The exact version numbers for different plans can be found below:

  • SAML SP Standard: Plugin version lower than 16.0.0 has been depreciated.
  • SAML SP Premium: Plugin version lower than 12.0.0 has been depreciated.
  • SAML SP Enterprise Multiple IDP: Plugin version lower than 25.0.0 has been depreciated.
  • SAML SP All-Inclusive (Single Site): Plugin version lower than 25.0.0 has been depreciated.
  • SAML SP Multisite (All plans): Plugin version lower than 20.0.0 has been depreciated.

What does it mean to use a depreciated plugin on your site?

  • Using a depreciated plugin on your site means that your site is open to security threats such as XSS, SQL injection, SAML Signature wrapping, etc.
  • We will not be providing any support with any kind of issues you might face while using our depreciated versions. However, we will definitely help you in updating the plugin on your site to the latest version.
  • The depreciated plugins may not function as intended due to the various issues present in the legacy libraries.

What should you do if you are currently on a depreciated version of the plugin?

  • You should update the plugin to the latest version. You can find the latest version of the plugin by logging into your miniOrange dashboard and navigating to License > Manage Licenses > Releases & Downloads.
  • Please note that if your license is expired, you will not be able to access the latest version of the plugin. In such cases, kindly reach out to us at samlsupport@xecurify.com so that we can help you in renewing your license.
  • If you are using any customised version of the plugin, kindly reach out to us at samlsupport@xecurify.com to help you smoothly update the plugin without breaking the custom changes we did for you.

What’s new in the latest versions?

We make sure that all our latest releases are free of any vulnerabilities and introduce new features to make our customer’s and their end-users lives easier with SSO. You can find a list of recent changes we have added to our plugins below:

  WordPress SAML SSO SP PLUGIN
  Compatibility with WordPress 6 and PHP 8.1
  New Certificate for Signing and Encryption
  Added support for WP-CLI
  Added support for migration between multiple environments
  Revamped the complete UI of the plugin
  Vulnerability fixes
  Sanitization and Escaping fixes
  Fixed post-login redirection for wp-admin
  Fixed IdP-initiated SLO
  Bug fixes in Single Logout and Role mapping

NOTE: This only impacts you if you are on an older version of the plugin or if your current license has expired, and you have not renewed your license yet.

If you are actively using the plugin license under a different account, please check the plugin’s version number.

If you have any questions or concerns or need a renewal invoice, get in touch with us by replying on samlsupport@xecurify.com

Was this helpful?