This is going to announce because it's public information, and your security teams probably are already aware, but curl (and libcurl) are dropping an early update next week to address what the maintainer characterizes as "the worst curl security flaw in a long time".

The SP right now obviously depends on curl and we package it for older Red Hat and Windows, so we are monitoring the situation and will respond when more facts are available.

The SP's usage is somewhat specialized so lots of issues tend to glide by it, but assuming an update is necessary I'm prepping the files for that to minimize the time it will take to get an update out.

-- Scott


--
To unsubscribe from this list send an email to announce-unsubscribe@shibboleth.net