[CRITICAL] Incorrect signature verification

PKSA-p9s6-dthp-ws2d CVE-2016-9814 GHSA-r8v4-7vwj-983x

Affected package: simplesamlphp/saml2

Affected version: <1.8.1|>=1.9.0,<1.9.1|>=1.10,<1.10.3|>=2.0,<2.3.3

Reported by:
GitHub, FriendsOfPHP/security-advisories