From cygnus at janrain.com Tue Apr 21 11:47:57 2009 From: cygnus at janrain.com (Jonathan Daugherty) Date: Tue, 21 Apr 2009 11:47:57 -0700 Subject: [Code] [SECURITY] openidenabled.com OpenID library releases Message-ID: <20090421184756.GB20223@janrain.com> Greetings, I'd like to announce a security update of the openidenabled.com OpenID implementations. This release corrects consumer behavior in the presence of a non-compliant server. All users are encouraged to upgrade. PHP: 2.1.3 Ruby: 2.1.6 Python: 2.2.2 For a user-friendly summary of changes in each release, see the CHANGES file included in the release tarballs. For a complete patch list, see the CHANGELOG file. As usual, you can test for interoperability with your favorite OpenID sites using the live demos linked to from each library's project page (see above). -- Jonathan Daugherty From andrewarnott at gmail.com Tue Apr 21 14:09:02 2009 From: andrewarnott at gmail.com (Andrew Arnott) Date: Tue, 21 Apr 2009 14:09:02 -0700 Subject: [Code] [SECURITY] openidenabled.com OpenID library releases In-Reply-To: <20090421184756.GB20223@janrain.com> References: <20090421184756.GB20223@janrain.com> Message-ID: <216e54900904211409i6cc3ffc3lce72d333ceedb5a4@mail.gmail.com> --000e0cd6a942510c770468170f7f Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 7bit Jonathan, Did I miss the security update for Ruby 2.1.5? It seems that is noteworthy, even if it is now out of date by 2.1.6 since there is a much bigger security hole in 2.1.4 than this email suggests is reason to upgrade. -- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire On Tue, Apr 21, 2009 at 11:47 AM, Jonathan Daugherty wrote: > Greetings, > > I'd like to announce a security update of the openidenabled.com OpenID > implementations. This release corrects consumer behavior in the > presence of a non-compliant server. All users are encouraged to > upgrade. > > PHP: 2.1.3 > Ruby: 2.1.6 > Python: 2.2.2 > > For a user-friendly summary of changes in each release, see the > CHANGES file included in the release tarballs. For a complete patch > list, see the CHANGELOG file. > > As usual, you can test for interoperability with your favorite OpenID > sites using the live demos linked to from each library's project page > (see above). > > -- > Jonathan Daugherty > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > --000e0cd6a942510c770468170f7f Content-Type: text/html; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable Jonathan,

Did I miss the security update for Ruby 2.1.5?= =A0It seems that is noteworthy, even if it is now out of date by 2.1.6 sin= ce there is a much bigger security hole in 2.1.4 than this email suggests i= s reason to upgrade.

--
Andrew Arnott
"I [may] not agree with = what you have to say, but I'll defend to the death your right to say it= ." - Voltaire

On Tue, Apr 21, 2009 at 11:47 AM, Jonath= an Daugherty <cy= gnus at janrain.com> wrote:

Greetings,

I'd like to announce a security update of the openidenabled.com OpenID
implementations. =A0This release corrects consumer behavior in the
presence of a non-compliant server. =A0All users are encouraged to
upgrade.

=A0PHP: 2.1.3 <http://openidenabled.com/php-openid/>
=A0Ruby: 2.1.6 <http://openidenabled.com/ruby-openid/>
=A0Python: 2.2.2 <http://openidenabled.com/python-openid/>

For a user-friendly summary of changes in each release, see the
CHANGES file included in the release tarballs. =A0For a complete patch
list, see the CHANGELOG file.

As usual, you can test for interoperability with your favorite OpenID
sites using the live demos linked to from each library's project page (see above).

--
=A0Jonathan Daugherty

_______________________________________________
Dev mailing list
Dev at lists.openidenabled.com<= /a>
http://lists.openidenabled.com/mailman/listinfo/dev

--000e0cd6a942510c770468170f7f-- From cygnus at janrain.com Tue Apr 21 15:33:28 2009 From: cygnus at janrain.com (Jonathan Daugherty) Date: Tue, 21 Apr 2009 15:33:28 -0700 Subject: [Code] [SECURITY] openidenabled.com OpenID library releases In-Reply-To: <216e54900904211409i6cc3ffc3lce72d333ceedb5a4@mail.gmail.com> References: <20090421184756.GB20223@janrain.com> <216e54900904211409i6cc3ffc3lce72d333ceedb5a4@mail.gmail.com> Message-ID: <20090421223327.GH20223@janrain.com> # Did I miss the security update for Ruby 2.1.5? Hi Andrew, We held off on the Ruby-openid 2.1.5 security notification chiefly because we've been very busy notifying well-known users of the library of the bugfix, preparing the release I announced earlier today, and analyzing the consequences of the problem. We've been doing some outreach to make sure people know to upgrade to 2.1.6. -- Jonathan Daugherty JanRain, Inc. From cygnus at janrain.com Wed Apr 22 10:24:36 2009 From: cygnus at janrain.com (Jonathan Daugherty) Date: Wed, 22 Apr 2009 10:24:36 -0700 Subject: [Code] [SECURITY] Python security release updated Message-ID: <20090422172435.GB23849@janrain.com> Greetings, The previously-announced python-openid 2.2.2 release was made from an inconsistent source code repository; this issue has been resolved and new packages and checksums have been generated on openidenabled.com and re-packaged as 2.2.3. The 2.2.2 packages are no longer available since they were invalid. Get python-openid 2.2.3 at: http://openidenabled.com/python-openid/ We apologize for the inconvenience. Thanks to the people who noticed this problem and reported it right away! -- Jonathan Daugherty From cygnus at janrain.com Wed Apr 22 16:17:48 2009 From: cygnus at janrain.com (Jonathan Daugherty) Date: Wed, 22 Apr 2009 16:17:48 -0700 Subject: [Code] [ANN] python-openid release 2.2.4 Message-ID: <20090422231747.GA27671@janrain.com> Version 2.2.4 of the openidenabled.com python OpenID library has been released. This release properly includes the openid.extensions package, which fixes PAPE and SREG module imports. http://openidenabled.com/python-openid/ Enjoy, -- Jonathan Daugherty From cygnus at janrain.com Tue Apr 21 18:47:57 2009 From: cygnus at janrain.com (Jonathan Daugherty) Date: Tue, 21 Apr 2009 11:47:57 -0700 Subject: [Code] [SECURITY] openidenabled.com OpenID library releases Message-ID: <20090421184756.GB20223@janrain.com> Greetings, I'd like to announce a security update of the openidenabled.com OpenID implementations. This release corrects consumer behavior in the presence of a non-compliant server. All users are encouraged to upgrade. PHP: 2.1.3 Ruby: 2.1.6 Python: 2.2.2 For a user-friendly summary of changes in each release, see the CHANGES file included in the release tarballs. For a complete patch list, see the CHANGELOG file. As usual, you can test for interoperability with your favorite OpenID sites using the live demos linked to from each library's project page (see above). -- Jonathan Daugherty From andrewarnott at gmail.com Tue Apr 21 21:09:02 2009 From: andrewarnott at gmail.com (Andrew Arnott) Date: Tue, 21 Apr 2009 14:09:02 -0700 Subject: [Code] [SECURITY] openidenabled.com OpenID library releases In-Reply-To: <20090421184756.GB20223@janrain.com> References: <20090421184756.GB20223@janrain.com> Message-ID: <216e54900904211409i6cc3ffc3lce72d333ceedb5a4@mail.gmail.com> Jonathan, Did I miss the security update for Ruby 2.1.5? It seems that is noteworthy, even if it is now out of date by 2.1.6 since there is a much bigger security hole in 2.1.4 than this email suggests is reason to upgrade. -- Andrew Arnott "I [may] not agree with what you have to say, but I'll defend to the death your right to say it." - Voltaire On Tue, Apr 21, 2009 at 11:47 AM, Jonathan Daugherty wrote: > Greetings, > > I'd like to announce a security update of the openidenabled.com OpenID > implementations. This release corrects consumer behavior in the > presence of a non-compliant server. All users are encouraged to > upgrade. > > PHP: 2.1.3 > Ruby: 2.1.6 > Python: 2.2.2 > > For a user-friendly summary of changes in each release, see the > CHANGES file included in the release tarballs. For a complete patch > list, see the CHANGELOG file. > > As usual, you can test for interoperability with your favorite OpenID > sites using the live demos linked to from each library's project page > (see above). > > -- > Jonathan Daugherty > > _______________________________________________ > Dev mailing list > Dev at lists.openidenabled.com > http://lists.openidenabled.com/mailman/listinfo/dev > -------------- next part -------------- An HTML attachment was scrubbed... URL: From cygnus at janrain.com Tue Apr 21 22:33:28 2009 From: cygnus at janrain.com (Jonathan Daugherty) Date: Tue, 21 Apr 2009 15:33:28 -0700 Subject: [Code] [SECURITY] openidenabled.com OpenID library releases In-Reply-To: <216e54900904211409i6cc3ffc3lce72d333ceedb5a4@mail.gmail.com> References: <20090421184756.GB20223@janrain.com> <216e54900904211409i6cc3ffc3lce72d333ceedb5a4@mail.gmail.com> Message-ID: <20090421223327.GH20223@janrain.com> # Did I miss the security update for Ruby 2.1.5? Hi Andrew, We held off on the Ruby-openid 2.1.5 security notification chiefly because we've been very busy notifying well-known users of the library of the bugfix, preparing the release I announced earlier today, and analyzing the consequences of the problem. We've been doing some outreach to make sure people know to upgrade to 2.1.6. -- Jonathan Daugherty JanRain, Inc. From cygnus at janrain.com Wed Apr 22 17:24:36 2009 From: cygnus at janrain.com (Jonathan Daugherty) Date: Wed, 22 Apr 2009 10:24:36 -0700 Subject: [Code] [SECURITY] Python security release updated Message-ID: <20090422172435.GB23849@janrain.com> Greetings, The previously-announced python-openid 2.2.2 release was made from an inconsistent source code repository; this issue has been resolved and new packages and checksums have been generated on openidenabled.com and re-packaged as 2.2.3. The 2.2.2 packages are no longer available since they were invalid. Get python-openid 2.2.3 at: http://openidenabled.com/python-openid/ We apologize for the inconvenience. Thanks to the people who noticed this problem and reported it right away! -- Jonathan Daugherty From cygnus at janrain.com Wed Apr 22 23:17:48 2009 From: cygnus at janrain.com (Jonathan Daugherty) Date: Wed, 22 Apr 2009 16:17:48 -0700 Subject: [Code] [ANN] python-openid release 2.2.4 Message-ID: <20090422231747.GA27671@janrain.com> Version 2.2.4 of the openidenabled.com python OpenID library has been released. This release properly includes the openid.extensions package, which fixes PAPE and SREG module imports. http://openidenabled.com/python-openid/ Enjoy, -- Jonathan Daugherty