SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for apache2-mod_auth_openidc-2.3.10.2-lp150.10.1.x86_64.rpm :

* Wed Feb 20 2019 Martin Hauke - Update to version 2.3.10.2
* fix XSS vulnerability CSNC-2019-001 wrt. poll parameter in OIDC Session Management RP iframe
* fix bug in current URL detection where query parameters would be duplicated
* fix warning printout in oidc_delete_oldest_state_cookies
* fix encryption buffer tag length mismatch
* retain the unparsed URL path in current/original URL determination, and thereby preserve and support URL-encoded characters in paths when redirecting back to the original URL
* add state to code exchange token requests only in multi-provider setups
* optionally delete the oldest state cookie(s)
* add support for refreshing an access token associated with an OIDC session using OIDCRefreshAccessTokenBeforeExpiry
* fix parsing of cookie name in OIDCOAuthAcceptTokenAs when the cookie option is not listed last
* fix OAuth 2.0 RS config check when OIDCOAuthServerMetadataURL is set
* add support for draft https://www.ietf.org/id/draft-ietf-oauth-mtls-12.txt OAuth 2.0 Mutual TLS Client Certificate Bound Access Tokens when running as an OAuth 2.0 RS, validating cnf[\"x5t#S256\"] claims.
* ignore/trim spaces in X-Forwarded-
* headers
* deal with forwarding proxy setups
* improve OIDC backchannel logout based on config/Discover
* add OIDCProviderBackChannelLogoutSupported config primitive
* parse/interpret `backchannel_logout_supported` in Discovery document
* add `id_token_token_binding_cnf`: `tbh` to dynamic client registration metadata
* support backchannel logout according to: https://openid.net/specs/openid-connect-backchannel-1_0.html
* add test-cmd command to generate hashes base64urlencoded inputs (cnf/tbh claims)
* support Token Binding for Access Tokens according to: https://tools.ietf.org/html/draft-ietf-oauth-token-binding
* support nested arrays in Require claim authorization evaluation
* Fri Nov 09 2018 kstreitovaAATTsuse.com- submission to SLE15SP1 because of fate#324447- build with hiredis only for openSUSE where hiredis is available- add a version for jansson BuildRequires
* Tue Oct 30 2018 kstreitovaAATTsuse.com- update to 2.3.8- changes in 2.3.8
* fix return result FALSE when JWT payload parsing fails
* add LGTM code quality badges
* fix 3 LGTM alerts
* improve auto-detection of XMLHttpRequests via Accept header
* initialize test_proto_authorization_request properly
* add sanity check on provider->auth_request_method
* allow usage with LibreSSL
* don\'t return content with 503 since it will turn the HTTP status code into a 200
* add option to set an upper limit to the number of concurrent state cookies via OIDCStateMaxNumberOfCookies
* make the default maximum number of parallel state cookies 7 instead of unlimited
* fix using access token as endpoint auth method in introspection calls
* fix reading access_token form POST parameters when combined with `AuthType auth-openidc`- changes in 2.3.7
* abort when string length for remote user name substitution is larger than 255 characters
* fix Redis concurrency issue when used with multiple vhosts
* add support for authorization server metadata with OIDCOAuthServerMetadataURL as in RFC 8414
* refactor session object creation
* clear session cookie and contents if cache corruption is detected
* use apr_pstrdup when setting r->user
* reserve 255 characters in remote username substition instead of 50- changes in 2.3.6
* add check to detect session cache corruption for server-based caches and cached static metadata
* avoid using pipelining for Redis
* send Basic header in OAuth www-authenticate response if that\'s the only accepted method; thanks AATTpuiterwijk
* refactor Redis cache backend to solve issues on AUTH errors: a) memory leak and b) redisGetReply lagging behind
* adjust copyright year/org
* fix buffer overflow in shm cache key set strcpy
* turn missing session_state from warning into a debug statement
* fix missing \"return\" on error return from the OP
* explicitly set encryption kid so we\'re compatible with cjose >= 0.6.0- changes in 2.3.5
* fix encoding of preserved POST data
* avoid buffer overflow in shm cache key construction
* compile with with Libressl
* Fri Apr 27 2018 vcizekAATTsuse.com- update to 2.3.4- requested in fate#323817
* Wed Dec 13 2017 christof.hankeAATTmpcdf.mpg.de- initial packaging
  
ICM