Release 2.15.0

Author: pitbulk

README.md

@@ -10,6 +10,8 @@ and supported by OneLogin Inc.
 Warning
 -------
 
+Update php-saml to 2.15.0, this version includes a security patch related to XEE attacks
+
 php-saml is not affected by [201803-01](https://simplesamlphp.org/security/201803-01) 
 
 Update php-saml to 2.10.4, this version includes a security patch related to

lib/Saml2/version.json

@@ -1,6 +1,6 @@
 {
     "php-saml": {
-        "version": "2.14.0",
-        "released": "07/06/2018"
+        "version": "2.15.0",
+        "released": "28/01/2019"
     }
 }

tests/src/OneLogin/Saml2/UtilsTest.php

@@ -102,11 +102,14 @@ public function testXMLAttacks()
             $this->assertEquals('Detected use of DOCTYPE/ENTITY in XML, disabled to prevent XXE/XEE attacks', $e->getMessage());
         }
 
-        $attackXEEutf16 = mb_convert_encoding('<?xml version="1.0" encoding="UTF-16"?>
+        $attackXEEutf16 = mb_convert_encoding(
+            '<?xml version="1.0" encoding="UTF-16"?>
                       <!DOCTYPE results [<!ENTITY harmless "completely harmless">]>
                       <results>
                         <result>This result is &harmless;</result>
-                      </results>', 'UTF-16');
+                      </results>',
+            'UTF-16'
+        );
         try {
             $res4 = OneLogin_Saml2_Utils::loadXML($dom, $attackXEEutf16);
             $this->assertFalse($res4);