A vulnerability in OpenSAML has been fixed in OpenSAML 2.6.1, and
OIOSAML.Java now builds against this specific version.
Details about the security issue can be found here
This version does not contain any functional changes, only an update
of external library dependencies.
UPDATE 14.02.2017: The libraries.zip file with all the dependencies
in an easy-to-download bundle has been updated to contain OpenSAML
2.6.1 instead of 2.6.4 which was accidently added to the zip file.