SAML vulnerability update (CVE-2017-11428)
Incident Report for Contentful
A security vulnerability was found in the way Single Sign-On works when using SAML (Security Assertion Markup Language) [1] and was responsibly disclosed on Tuesday February 27th 2018. This affected a Ruby gem used by our application where it was assigned the CVE entry CVE-2017-11428. This dependency has been patched and made available by the maintainer on the same day [2].

Our Engineers quickly identified the threat and applied the fix to our platform. Therefore, our customers are not affected by this vulnerability as of 08:00 UTC February 28th 2018.

Feel free to reach out to our Security Team and Support Team with any questions that might arise through

Posted 24 days ago. Feb 28, 2018 - 10:36 UTC