@ilektrojohn identified that GitHub.com’s SAML implementation did not fully revoke the ResponseID set on SAML Response messages to prevent replay attacks. While this attribute was not checked, other mitigations were in place to prevent these attacks. However, to futher protect against replay issues, we made changes to revoke ResponseIDs found in previously received SAML Response messages.