Name of the Vulnerable Software and Affected Versions Central Dogma versions prior to 0.64.3

Description The issue arises when SAML is used for authentication, as Central Dogma accepts unsigned SAML messages by default, instead of rejecting them. This allows an attacker to forge SAML messages for authentication purposes.

Recommendations For versions prior to 0.64.3, upgrade to Central Dogma 0.64.3 or later, which includes an updated Armeria dependency to 1.27.2. As a temporary workaround, consider manually upgrading the armeria-saml module to the one from Armeria 1.27.2 or later, either by replacing the JAR in the Central Dogma distribution or by updating the dependency tree of the build.