magicdiven
diff --git a/‎CHANGELOG‎
Lines changed: 10 additions & 0 deletions b/‎CHANGELOG‎
Lines changed: 10 additions & 0 deletions
diff --git a/‎README.md‎
Lines changed: 3 additions & 0 deletions b/‎README.md‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎composer.json‎
Lines changed: 1 addition & 1 deletion b/‎composer.json‎
Lines changed: 1 addition & 1 deletion
diff --git a/‎lib/Saml2/version.json‎
Lines changed: 2 additions & 2 deletions b/‎lib/Saml2/version.json‎
Lines changed: 2 additions & 2 deletions
@@ -1,5 +1,15 @@
 CHANGELOG
 =========
+v.2.10.4
+* [+](https://github.com/onelogin/php-saml/commit/949359f5cad5e1d085c4e5447d9aa8f49a6e82a1) Security update for signature validation on LogoutRequest/LogoutResponse
+* [#192](https://github.com/onelogin/php-saml/pull/192) Added ability to configure DigestAlgorithm in settings
+* [#183](https://github.com/onelogin/php-saml/pull/183) Fix strpos bug when decrypting assertions
+* [#186](https://github.com/onelogin/php-saml/pull/186) Improve info on entityId validation Exception
+* [#188](https://github.com/onelogin/php-saml/pull/188) Fixed issue with undefined constant of UNEXPECTED_SIGNED_ELEMENT
+* Read ACS binding on AuthNRequest builder from settings
+* Be able to relax Destination validation on SAMLResponses and let this
+  attribute to be empty with the 'relaxDestinationValidation' setting
+
 v.2.10.3
 * Implement a more specific exception class for handling some validation errors
 * Minor changes on time validation/exceptions
 
@@ -10,6 +10,9 @@ and supported by OneLogin Inc.
 Warning
 -------
 
+Update php-saml to 2.10.4, this version includes a security patch related to
+[signature validations on LogoutRequests/LogoutResponses](https://github.com/onelogin/php-saml/commit/949359f5cad5e1d085c4e5447d9aa8f49a6e82a1)
+
 Update php-saml to 2.10.0, this version includes a security patch that contains extra validations that will prevent signature wrapping attacks. [CVE-2016-1000253](https://github.com/distributedweaknessfiling/DWF-Database-Artifacts/blob/ab8ae6e845eb506fbeb10a7e4ccb379f0b4222ca/DWF/2016/1000253/CVE-2016-1000253.json)
 
 php-saml < v2.10.0 is vulnerable and allows signature wrapping!
 
@@ -2,7 +2,7 @@
     "name": "onelogin/php-saml",
     "description": "OneLogin PHP SAML Toolkit",
     "license": "MIT",
-    "version": "2.10.3",
+    "version": "2.10.4",
     "homepage": "https://onelogin.zendesk.com/hc/en-us/sections/200245634-SAML-Toolkits",
     "keywords": ["saml", "saml2", "onelogin"],
     "autoload": {
 
@@ -1,6 +1,6 @@
 {
     "php-saml": {
-        "version": "2.10.3",
-        "released": "11/01/2017"
+        "version": "2.10.4",
+        "released": "28/02/2017"
     }
 }
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"php-saml": {`
`3`		`- "version": "2.10.3",`
`4`		`- "released": "11/01/2017"`
	`3`	`+ "version": "2.10.4",`
	`4`	`+ "released": "28/02/2017"`
`5`	`5`	`}`
`6`	`6`	`}`