Cirrus Identity is aware of the recently reported SimpleSAMLphp security issue designated CVE 2019-3465. See the notice:
https://groups.google.com/forum/#!topic/simplesamlphp/6t-zvk8PBSM
The details are available at:
https://simplesamlphp.org/security/201911-01
Working with the SSP project, Cirrus Identity has implemented corrective actions to mitigate the issue. Effective the morning of November 5, 2019 production services for our customers have been updated.
Mark Rank - Director of Product and Customer Success