Release version 2.3.0

pitbulk · pitbulk · commit 42d6c1f7aaa2 · 2015-01-13T13:56:33.000+01:00
diff --git a/CHANGELOG b/CHANGELOG
@@ -1,6 +1,19 @@
 CHANGELOG
 =========
 
+v.2.3.0
+-------
+* Resolve namespace problem. Some IdPs uses saml2p:Response and saml2:Assertion instead of samlp:Response saml:Assertion.
+* Improve test and documentation.
+* Improve ADFS compatibility.
+* Remove unnecessary XSDs files.
+* Make available the reason for the saml message invalidation.
+* Adding ability to set idp cert once the Setting object initialized.
+* Fix status info issue.
+* Reject SAML Response if not signed and strict = false.
+* Support NameId and SessionIndex in LogoutRequest.
+* Add ForceAuh and IsPassive support.
+
 v.2.2.0
 -------
 * Fix bug with Encrypted nameID on LogoutRequest
diff --git a/README.md b/README.md
@@ -134,6 +134,14 @@ namespaces, remember that calls to the class must be done by adding a \ to the
 start, for example to use the static method getSelfURLNoQuery use:
 \OneLogin_Saml2_Utils::getSelfURLNoQuery()
 
+
+Security warning
+----------------
+
+In production, the **strict** parameter MUST be set as **"true"**. Otherwise 
+your environment is not secure and will be exposed to attacks.
+
+
 Getting started
 ---------------
 
