github OpenIDC/mod_auth_openidc v2.4.16.7
release 2.4.16.7

one day ago

Bugfixes

  • config: fix OIDCProviderRevocationEndpoint (override) for values other than ""; closes #1301; thanks @tarteens
  • config: add a configuration check for public/private keys when using DPoP; closes #1293; thanks @ahus1
  • config: avoid NULL pointer dereferencing when no private keys have been configured
  • http: avoid potentional memory leak on cURL handle if curl_easy_escape/curl_easy_unescape fails
  • proto: correct the check for the optional token_type parameter returned from a token endpoint request
  • util: avoid potential crash on non-conformant literal IPv6 addresses
  • jose: prevent potential memory leaks when zlib compression (deflate) fails

Features

  • add OIDCProfile to configure OpenID Connect profile behaviours e.g. FAPI20, see auth_openidc.conf
  • http: report errors when curl_easy_setopt fails in outgoing HTTP requests

Other

  • mod_auth_openidc certified for the FAPI 2.0 Relying Party profiles, see: https://openid.net/certification/#FAPI2-RP .
  • minor code changes all over the place to address issues reported by static code analysis software

Don't miss a new mod_auth_openidc release

NewReleases is sending notifications on new releases.