You are strongly advised to upgrade to 2.3.7 when using Redis caching across multiple vhosts in the same Apache server.
Bugfixes
- fix Redis concurrency issue when used with multiple vhosts which would lead to cache corruption and random cache entry swaps
- clear session cookie and contents if cache corruption is detected to avoid looping
- abort when string length for remote user name substitution is >=255 characters (e.g. in Distinguished Names) and deal with lengths >50
Features
- add support for authorization server metadata Discovery documents with
OIDCOAuthServerMetadataURLin OAuth 2.0 Resource Server setups as specified in RFC 8414
Packaging
- the libcjose 0.5.1 binaries that this module depends on are available from the release 2.3.0 "Assets" section
- Ubuntu Xenial packages can also be used on Ubuntu Yakkety, Zesty and Artful; the Debian Wheezy package can be used on Ubuntu Precise