In this blog post, we detail newly discovered authentication bypass vulnerabilities in the ruby-saml library used for single sign-on (SSO) via SAML on the service provider (application) side. Users of ruby-saml should update immediately to version 1.18.0.

https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/

If you're using ruby-saml or omniauth-saml for SAML authentication make sure to update these libraries as fast as possible! Fixes for two critical authentication bypass vulnerabilities were published today (CVE-2025-25291 + CVE-2025-25292).

https://github.blog/security/sign-in-as-anyone-bypassing-saml-sso-authentication-with-parser-differentials/

Nice.

@fennix xD

$NEWJOB is very exciting but holy shit am I exhausted. Learning so much, so quickly!

To quote the great Z. Brannigan - "The spirit is willing but the flesh is spongy and bruised."

@mathiasx it's a nice adventure when it's only occasional.

My dog is farting while dream-running and it is awful.

@fennix is there really a wrong way if you don't bridge/short and it all still works at the end? 😅 Asking for a friend.

@vcsjones and it's still a pretty awesome place to work!

Just a reminder that GitHub has a bunch of open positions and the majority are remote friendly. https://www.github.careers/careers-home/jobs

@jerry not only is it Friday, it's Friday the 13th AND it's my last day with my team. Best possible time to ship!

@dan613 @rysiek Glad to hear, honestly!

@dan613 @rysiek As if they aren't all still on XP or 7 🫠By the time Recall is even on their radar it'll be so obsolete that the AI overlords will have already taken over.

@vcsjones I'm both shocked and amazed that this is the case /s

Nobody will remember:
- your salary
- how busy you were
- how many hours you worked

People will remember:
-that time the waitress said "enjoy your meal" and you said "you too"
-you hoped nobody noticed
-everybody noticed
-they think you're so dumb

@kurtsh this is absolute 🔥🔥🔥

Trump's officially pissed off the United Auto Workers union & UAW President, Shawn Fein.

The UAW's taken out a 2 minute ad to ensure people understand Fat Nixon is not for the working man & omg they are not f'ing around.

#uaw #unionstrong #unions #trump #HarrisWalz2024 #solidarity

Hello! We are a small independent bookshop in Stow, in the Scottish Borders. We are no longer using Twitter, for obvious reasons, but could use some new followers on Mastodon and other social media channels - where our presence is smaller than on Twitter. Please help / share this is you can! Thank you.