A patch release of the Service Provider, V3.4.1, is now available. This
release fixes a couple of small bugs and adds a warning requested by one
of our member organizations in the absence of the redirectLimit setting,
which leads to SPs being abused as open redirectors.
Notably, this release includes an update to the xmltooling library that
hardens the code base against the sorts of attacks reported against the
IdP in the recent advisory. The SP is, as far as can be determined, not
impacted directly by that vulnerability, but this is a precautionary
change.
Release notes: https://shibboleth.atlassian.net/wiki/spaces/SP3/pages/2065335693/ReleaseNotes
a9e71595d9