The following vulnerabilities have been disclosed, which impact users leveraging the SAML connector:
Signature Validation Bypass (CVE-2020-15216): https://github.com/russellhaering/goxmldsig/security/advisories/GHSA-q547-gmf8-8jr7
encoding/xml
instabilities:
- Element namespace prefix instability (CVE-2020-29511)
- Attribute namespace prefix instability (CVE-2020-29509)
- Directive comment instability (CVE-2020-29510)
Immediately update to Dex v2.27.0.
There are no known workarounds.