Package: simplesamlphp Severity: important PHP's XML parser has a known issue in XML canonicalization that makes the amount of memory consumed grow with the square of the amount of entries it processes when run on a subtree (https://bugs.php.net/bug.php?id=53655).
This is a problem for simpleSAMLphp specificially as this uses that functionality as part of its core processes. The issue has existed for a long time, but the situation has aggravated recently because of a trend of pushing many entities (1000's) to the eduGAIN feed. This means that many more people are now hitting memory limits. Resolution in PHP itself seems to have stalled for years now, so because simpleSAMLphp is particularly affected, a workaround has been put in place, a workaround that has been used for years on various sites already. This has been done in 1.13.2 released a month ago, used on many locations which report that it solved the problem, and no new issues reported. Upstream documented this issue here https://simplesamlphp.org/metaprocessing -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
