Just a friendly heads up for those that haven't seen it - simplesamlphp released a critical security update yesterday which we applied to the auth_saml2 plugin (update in the moodle.org plugins db too.) - all sites using auth_saml2 should update to the latest version asap.
Some more detail/reading for those interested:
https://simplesamlphp.org/security/201911-01
https://www.hackmanit.de/en/blog/82-xml-signature-validation-bypass-in-simplesamlphp-and-xmlseclibs
the actual patch in XMLSeclibs:
https://github.com/robrichards/xmlseclibs/commit/0a53d3c3aa87564910cae4ed01416441d3ae0db5