v4.19.1

Fixed CVE-2025-66475

v6.0.0

Following up on v5 this is another intermediate step that changes the interface.
A major change here is that instead of passing a 'string' to a method and validate that the string is a valid URI, we now pass an AnyURIValue object, drastically reducing the overhead of validating strings multiple times.

Appropriate to use for people who need to generate/parse SAML 2.0 messages/metadata, or use bindings. Still no full replacement for the old v4. We plan to release a full replacement for v4 in v6.1 where we add ServiceProvider/IdentityProvider where you pass all your configuration and metadata and then those classes will do all the heavy lifting to process requests/responses according to the SAML2 specifications.

Until we release a full replacement, we will keep supporting and patching v4

v5.0.0

Version 5.0 of this library completely rewrites the library to modern standards.
It is a necessary intermediate step for us to migrate away from the old v4, but it is in no way a replacement.
You can still use it if your concern is just generating/parsing SAML 2.0 messages/metadata

v4.17.0

Fixes CVE-2025-27773

v4.6.10

Fix regression (missing use statement) introduced in 4.6.9.

v4.6.3

v4.6.3

v4.1.9

Bugfix

• Make processor aware of assertion types #240

v3.4.5

Fix an invalid assertion, leading to an InvalidArgumentException when trying to set the AssertionConsumerServiceIndex on an AuthnRequest

v4.1.7

Fix incorrect use of Issuer-class

v4.1.6

Fix a mistake in the bugfix for #229