From f521ffd3d07187287cf7f8153d75533a9e13953e Mon Sep 17 00:00:00 2001
From: David Bogner <davidbogner@gmail.com>
Date: Fri, 13 Dec 2024 08:51:48 +0100
Subject: [PATCH] Fix XXE in parsing SAML messages

Implement recommended fix from https://simplesamlphp.org/security/202412-01
---
 .../vendor/simplesamlphp/saml2/src/SAML2/DOMDocumentFactory.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.extlib/simplesamlphp/vendor/simplesamlphp/saml2/src/SAML2/DOMDocumentFactory.php b/.extlib/simplesamlphp/vendor/simplesamlphp/saml2/src/SAML2/DOMDocumentFactory.php
index 811ae10b6..c9fee7f66 100644
--- a/.extlib/simplesamlphp/vendor/simplesamlphp/saml2/src/SAML2/DOMDocumentFactory.php
+++ b/.extlib/simplesamlphp/vendor/simplesamlphp/saml2/src/SAML2/DOMDocumentFactory.php
@@ -38,7 +38,7 @@ public static function fromString(string $xml) : DOMDocument
         libxml_clear_errors();
 
         $domDocument = self::create();
-        $options = LIBXML_DTDLOAD | LIBXML_DTDATTR | LIBXML_NONET | LIBXML_PARSEHUGE;
+        $options = LIBXML_NONET | LIBXML_PARSEHUGE;
         if (defined('LIBXML_COMPACT')) {
             $options |= LIBXML_COMPACT;
         }