The Shibboleth Project has released a patch update, V2.4.3, of the
Identity Provider software, along with an update of the OpenSAML library,
This release primarily addresses the security advisory just announced
addressing a denial of service vulnerability in the Xerces XML parser, and
fixes a bug in the code around scripted attributes when Java 8 is used.
We will be patching all affected Shibboleth IdP servers and will be in touch soon.