Changelog for mod_auth_openidc-2.4.9.4-4.el9.i686.rpm :

* Mon Apr 24 2023 Tomas Halman - 2.4.9.4-4Resolves: rhbz#2189268 - auth_openidc.conf mode 0640 by default
* Tue Apr 11 2023 Tomas Halman - 2.4.9.4-3- Resolves: rhbz#2184145 - CVE-2023-28625 NULL pointer dereference when OIDCStripCookies is set and a crafted Cookie header is supplied
* Tue Feb 21 2023 Tomas Halman - 2.4.9.4-2- Resolves: rhbz#2153656 - CVE-2022-23527 - Open Redirect in oidc_validate_redirect_url() using tab character
* Tue Nov 30 2021 Tomas Halman - 2.4.9.4-1- Resolves: rhbz#2001852 - CVE-2021-39191 mod_auth_openidc: open redirect by supplying a crafted URL in the target_link_uri parameter
* Mon Aug 09 2021 Mohan Boddu - 2.4.8.2-3- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags Related: rhbz#1991688
* Fri Jul 30 2021 Jakub Hrozek - 2.4.9.1-1- Resolves: rhbz#1987223 - CVE-2021-32792 mod_auth_openidc: XSS when using OIDCPreservePost On [rhel-9.0]- Resolves: rhbz#1987217 - CVE-2021-32791 mod_auth_openidc: hardcoded static IV and AAD with a reused key in AES GCM encryption [rhel-9.0]- Resolves: rhbz#1987204 - CVE-2021-32786 mod_auth_openidc: open redirect in oidc_validate_redirect_url() [rhel-9.0]
* Wed Jun 16 2021 Mohan Boddu - 2.4.8.2-2- Rebuilt for RHEL 9 BETA for openssl 3.0 Related: rhbz#1971065
* Mon May 10 2021 Jakub Hrozek - 2.4.8.2-1- New upstream release- Resolves: rhbz#1958466 - mod_auth_openidc-2.4.8.2 is available
* Thu May 06 2021 Jakub Hrozek - 2.4.7.2-1- New upstream release- Resolves: rhbz#1900913 - mod_auth_openidc-2.4.7.2 is available
* Fri Apr 30 2021 Tomas Halman - 2.4.4.1-3- Resolves: rhbz#1951277 - Remove unnecessary LTO patch