deploy: 66b5d5d

Author: tvdijen

2.2/simplesamlphp-changelog.html

@@ -216,6 +216,17 @@ <h2 id="version-226">
 <p>
  Released TBD
 </p>
+<p>
+ <code>
+  cron
+ </code>
+</p>
+<ul>
+ <li>
+  Fixed a security-issue where cron-jobs could be executed using the default key,
+  even if a different one was set (#2453)
+ </li>
+</ul>
 <p>
  <code>
   metarefresh

2.2/simplesamlphp-nostate.html

@@ -201,7 +201,11 @@ <h3 id="the-domain-name-changed-during-authentication">
   <code>
    https://www.example.org/
   </code>
-  . A session is created for the user, and the session cookie is set for the current domain (www.example.org).
+  . A session is created for the user, and the session cookie is set for the current domain (
+  <code>
+   www.example.org
+  </code>
+  ).
  </li>
  <li>
   The user needs to be authenticated. We therefore save some information about the current status in the state array, create a SAML 2.0 authentication request, and send it to the IdP.

2.2/simplesamlphp-reference-idp-hosted.html

@@ -564,7 +564,11 @@ <h2 id="saml-20-options">
   The RSA encryption algorithm with PKCS#1 v1.5 padding is blacklisted by default for security reasons. Any assertions
   encrypted with this algorithm will therefore fail to decrypt. You can override this limitation by defining an empty
   array in this option (or blacklisting any other algorithms not including that one). However, it is strongly
-  discouraged to do so. For your own safety, please include the string 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' if
+  discouraged to do so. For your own safety, please include the string
+  <code>
+   http://www.w3.org/2001/04/xmlenc#rsa-1_5
+  </code>
+  if
   you make use of this option.
  </dd>
  <dt>

2.2/simplesamlphp-reference-idp-remote.html

@@ -296,7 +296,11 @@ <h2 id="options">
   The RSA encryption algorithm with PKCS#1 v1.5 padding is blacklisted by default for security reasons. Any assertions
   encrypted with this algorithm will therefore fail to decrypt. You can override this limitation by defining an empty
   array in this option (or blacklisting any other algorithms not including that one). However, it is strongly
-  discouraged to do so. For your own safety, please include the string 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' if
+  discouraged to do so. For your own safety, please include the string
+  <code>
+   http://www.w3.org/2001/04/xmlenc#rsa-1_5
+  </code>
+  if
   you make use of this option.
  </dd>
  <dt>

2.2/simplesamlphp-reference-sp-remote.html

@@ -515,7 +515,11 @@ <h2 id="common-options">
   The RSA encryption algorithm with PKCS#1 v1.5 padding is blacklisted by default for security reasons. Any assertions
   encrypted with this algorithm will therefore fail to decrypt. You can override this limitation by defining an empty
   array in this option (or blacklisting any other algorithms not including that one). However, it is strongly
-  discouraged to do so. For your own safety, please include the string 'http://www.w3.org/2001/04/xmlenc#rsa-1_5' if
+  discouraged to do so. For your own safety, please include the string
+  <code>
+   http://www.w3.org/2001/04/xmlenc#rsa-1_5
+  </code>
+  if
   you make use of this option.
  </dd>
  <dt>
@@ -550,25 +554,27 @@ <h2 id="common-options">
  <dd>
   The three most commonly used values are:
  </dd>
- <dd>
-  <ol>
-   <li>
-    <code>
-     urn:oasis:names:tc:SAML:2.0:nameid-format:transient
-    </code>
-   </li>
-   <li>
-    <code>
-     urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
-    </code>
-   </li>
-   <li>
-    <code>
-     urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
-    </code>
-   </li>
-  </ol>
- </dd>
+ <dt>
+  :
+ </dt>
+ <dt>
+  1.
+  <code>
+   urn:oasis:names:tc:SAML:2.0:nameid-format:transient
+  </code>
+ </dt>
+ <dt>
+  2.
+  <code>
+   urn:oasis:names:tc:SAML:2.0:nameid-format:persistent
+  </code>
+ </dt>
+ <dt>
+  3.
+  <code>
+   urn:oasis:names:tc:SAML:1.1:nameid-format:emailAddress
+  </code>
+ </dt>
  <dd>
   <p>
    The