Release 3.2.0

README.md

@@ -11,6 +11,11 @@ This kind of WP hosting used to cache plugins and protect the wp-login.php view.
 You will need to contact them in order to disable the cache for this SAML plugin and also allow external HTTP POST to
 wp-login.php
 
+
+### Security Improvements on 3.2.0 ###
+
+Version 3.2.0 includes a security patch that prevent RelayState redirection attacks
+
 ### Security Improvements on 3.0.0 ###
 
 Version 3.0.0 includes a security patch that will prevent DDOS by expansion of internally defined entities (XEE)

onelogin-saml-sso/readme.txt

@@ -22,6 +22,15 @@ To mitigate that bug, place the script at the root of wordpress and execute it (
 
 == Changelog ==
 
+= 3.2.0 =
+* Avoid untrusted redirections
+* Disable SAML on CLI/Cron on ACS and SLS endpoints. Allow custom filter to disable SAML
+* Support multi-role
+* Fix variable assignment during conditional check
+* Swap to `manage_options` for the cap check on the validate page.
+* Fix unintentional variable assignment
+* Set 1000 as the limit of sites to be managed by SAML network settings
+
 = 3.1.2 =
 * Minor fix to extract all sites for the multi-site features
 

onelogin-saml-sso/version.json

@@ -6,7 +6,7 @@
     "plugin": {
         "app":      "wordpress",
         "name":     "onelogin-saml-sso",
-        "version":  "3.1.2",
-        "released": "17/01/2020"
+        "version":  "3.2.0",
+        "released": "31/03/2020"
     }
 }