SEARCH
NEW RPMS
DIRECTORIES
ABOUT
FAQ
VARIOUS
BLOG

 
 
Changelog for mod_auth_mellon-0.14.0-12.el8.1.x86_64.rpm :

* Wed Dec 15 2021 Jakub Hrozek - 0.14.0-12.1- Resolves: rhbz#1986805 - CVE-2021-3639 mod_auth_mellon: Open Redirect vulnerability in logout URLs [rhel-8]
* Mon Jan 25 2021 Jakub Hrozek - 0.14.0-12- Resolves: rhbz#1791262 - Backport SameSite=None cookie from upstream to support latest browsers
* Fri Oct 18 2019 Jakub Hrozek - 0.14.0-11- Resolves: rhbz#1731053 - CVE-2019-13038 mod_auth_mellon: an Open Redirect via the login?ReturnTo= substring which could facilitate information theft [rhel-8]
* Fri Oct 18 2019 Jakub Hrozek - 0.14.0-10- Resolves: rhbz#1761774 - mod_auth_mellon fix for AJAX header name X-Requested-With
* Thu Jun 13 2019 Jakub Hrozek - 0.14.0-9- Just bump the release number- Related: rhbz#1718238 - mod_auth_mellon-diagnostics RPM not in product listings
* Fri Jun 07 2019 Jakub Hrozek - 0.14.0-8- Resolves: rhbz#1691894 - [RFE] Config option to change mod_auth_mellon prefix
* Fri Jun 07 2019 Jakub Hrozek - 0.14.0-7- Apply the patch from the previous commit- Resolves: rhbz#1692471 - CVE-2019-3877 appstream/mod_auth_mellon: open redirect in logout url when using URLs with backslashes [rhel-8]
* Fri Jun 07 2019 Jakub Hrozek - 0.14.0-6- Resolves: rhbz#1692471 - CVE-2019-3877 appstream/mod_auth_mellon: open redirect in logout url when using URLs with backslashes [rhel-8]
* Fri Jun 07 2019 Jakub Hrozek - 0.14.0-5- Resolves: rhbz#1692457 - CVE-2019-3878 mod_auth_mellon: authentication bypass in ECP flow [rhel-8.1.0]
* Wed Apr 24 2019 Jakub Hrozek - 0.14.0-4- Resolves: rhbz#1702695 - fresh install of mod_auth_mellon shows rpm verification warnings
* Mon Jul 30 2018 Florian Weimer - 0.14.0-3- Rebuild with fixed binutils
* Fri Jun 01 2018 - 0.14.0-2- Resolves: rhbz#1553885- fix file permissions on doc files
* Fri Jun 01 2018 - 0.14.0-1- Resolves: rhbz#1553885- Rebase to current upstream release
* Thu Mar 29 2018 John Dennis - 0.13.1-2- Resolves: rhbz#1481330 Add diagnostic logging- Resolves: rhbz#1295472 Add MellonSignatureMethod config option to set signature method used to sign SAML messages sent by Mellon. Defaults to original sha1.
* Sun Oct 01 2017 John Dennis - 0.13.1-1- upgrade to new upstream release
* Thu Aug 03 2017 Fedora Release Engineering - 0.12.0-7- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Binutils_Mass_Rebuild
* Wed Jul 26 2017 Fedora Release Engineering - 0.12.0-6- Rebuilt for https://fedoraproject.org/wiki/Fedora_27_Mass_Rebuild
* Fri Feb 10 2017 Fedora Release Engineering - 0.12.0-5- Rebuilt for https://fedoraproject.org/wiki/Fedora_26_Mass_Rebuild
* Tue Jan 17 2017 John Dennis - 0.12.0-4- Resolves: bug #1414019 Incorrect PAOS Content-Type header
* Mon Jan 09 2017 John Dennis - 0.12.0-3- bump release for rebuild
* Tue May 03 2016 John Dennis - 0.12.0-2- Resolves: bug #1332729, mellon conflicts with mod_auth_openidc- am_check_uid() should be no-op if mellon not enabled
* Wed Mar 09 2016 John Dennis - 0.12.0-1- Update to new upstream 0.12.0- [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to incorrect error handling when reading POST data from client.- [CVE-2016-2146] Fix DOS attack (Apache worker process crash / resource exhaustion) due to missing size checks when reading POST data.In addition this release contains the following new features and fixes:- Add MellonRedirectDomains option to limit the sites that mod_auth_mellon can redirect to. This option is enabled by default.- Add support for ECP service options in PAOS requests.- Fix AssertionConsumerService lookup for PAOS requests.
* Thu Feb 04 2016 Fedora Release Engineering - 0.11.0-4- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild
* Wed Dec 23 2015 John Dennis - 0.11.0-3- Fix the following warning that appears in the Apache log lasso-CRITICAL
*
*: lasso_provider_get_metadata_list_for_role: assertion \'_lasso_provider_get_role_index(role)\' failed
* Fri Sep 18 2015 John Dennis - 0.11.0-2- Add lasso 2.5.0 version dependency
* Fri Sep 18 2015 John Dennis - 0.11.0-1- Upgrade to upstream 0.11.0 release.- Includes ECP support, see NEWS for all changes.- Update mellon_create_metadata.sh to match internally generated metadata, includes AssertionConsumerService for postResponse, artifactResponse & paosResponse.
* Wed Jun 17 2015 Fedora Release Engineering - 0.10.0-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_23_Mass_Rebuild
* Wed Jan 07 2015 Simo Sorce 0.10.0-1- New upstream release
* Tue Sep 02 2014 Simo Sorce 0.9.1-1- New upstream release
* Sun Aug 17 2014 Fedora Release Engineering - 0.8.0-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_22_Mass_Rebuild
* Tue Jun 24 2014 Simo Sorce 0.8.0-1- New upstream realease version 0.8.0- Upstream moved to github- Drops patches as they have been all included upstream
* Fri Jun 20 2014 Simo Sorce 0.7.0-3- Backport of useful patches from upstream - Better handling of IDP reported errors - Better handling of session data storage size
* Sat Jun 07 2014 Fedora Release Engineering - 0.7.0-2- Rebuilt for https://fedoraproject.org/wiki/Fedora_21_Mass_Rebuild
* Tue Dec 10 2013 Simo Sorce 0.7.0-1- Fix ownership of /run files
* Wed Nov 27 2013 Simo Sorce 0.7.0-0- Initial Fedora release based on version 0.7.0- Based on an old spec file by Jean-Marc Liger
 
ICM