OpenIDC/mod_auth_openidc v2.3.6

release 2.3.6

on GitHub

Bugfixes

• avoid using pipelining for Redis since it produces unreliable results with some Redis implementations (i.e. AWS ElastiCache Redis in clustered mode)
• fix buffer overflow in shm cache key set strcpy; thanks @kyprizel
• avoid memory leak in redis cache backend when an error occurs authenticating to a Redis server

Other

• add check to detect session cache corruption for server-based caches
• add check to detect (static) metadata cache corruption
• explicitly set kid in encrypted request object; ensures compatibility with cjose >= 0.6.0
• turn missing session_state from warning into a debug statement; do not clutter logs
• send Basic header in OAuth 2.0 www-authenticate response if Basic auth is the only accepted method (instead of Bearer); thanks @puiterwijk

Packaging

• the libcjose 0.5.1 binaries that this module depends on are available from the release 2.3.0 "Assets" section
• Ubuntu Xenial packages can also be used on Ubuntu Yakkety, Zesty and Artful; the Debian Wheezy package can be used on Ubuntu Precise