Shibboleth recently announced a Service Provider vulnerability which exposes the software to denial-of-service attacks.
Shibboleth has advised that this vulnerability was of moderate severity.
Affected Versions
• All subscribers who run Shibboleth SP (version 3.2.1 or older) in the Federation Recommended Action
• Upgrade Shibboleth SP to version 3.2.2+
Please note that Rapid Connect (https://rapid.aaf.edu.au/) users are already protected and no further action is required.