Changelog for apache2-mod_auth_mellon-debugsource-0.17.0-150600.14.3.x86_64.rpm :

* Mon Aug 02 2021 danilo.spinellaAATTsuse.com- Fix CVE-2021-3639 Open Redirect vulnerability in logout URLs (CVE-2021-3639, bsc#1188926)
* fix-CVE-2021-3639.patch
* Mon Aug 02 2021 danilo.spinellaAATTsuse.com- Fix CVE-2021-3639 Open Redirect vulnerability in logout URLs (CVE-2021-3639, bsc#1188926)
* fix-CVE-2021-3639.patch
* Thu Sep 10 2020 kstreitovaAATTsuse.com- Update to 0.17.0
* New option MellonSendExpectHeader (default On) which allows to disable sending the Expect header in the HTTP-Artifact binding to improve performance when the remote party does not support this header.
* Set SameSite attribute to None on on the cookietest cookie.
* Bump default generated keysize to 3072 bits in mellon_create_metadata
* Validate if the assertion ID has not been used earlier before creating a new session.
* Release session cache after calling invalidate endpoint.
* In MellonCond directives, fix a bug that setting the NC option would also activate substring match and that REG would activate REF.
* Fix MellonCond substring match to actually match the substring on the attribute value
* Thu Jun 04 2020 kstreitovaAATTsuse.com- update mod_auth_mellon-0.16.0-env-script-interpreter.patch use /bin/bash instead of /usr/bin/bash
* Mon May 11 2020 kstreitovaAATTsuse.com- replace version_path with the fixed value
* Tue Apr 28 2020 kstreitovaAATTsuse.com- initial packaging