github OpenIDC/mod_auth_openidc v2.4.3
release 2.4.3

latest releases: v2.4.16.5, v2.4.16.4, v2.4.16.3...
4 years ago

This release addresses an open redirect in the refresh token handler.

Bugfixes

  • prevent open redirect on refresh token requests
    add new OIDCRedirectURLsAllowed primitive to handle post logout and refresh-return-to validation
    addresses #453; closes #466
  • when stripping cookies, add a space between cookies in the resulting header (required by RFC 6265)
  • fix compilation against Apache 2.0

Features

  • add OIDCStateInputHeaders that allows configuring the header values used to calculate the fingerprint of the state during authentication
  • added OIDCValidateIssuer primitive to allow for disabling of issuer matching, helps to support multi-tenant applications i.e. Microsoft AAD

Packaging

  • the libcjose >= 0.5.1 binaries that this module depends on are available from the "Assets" section in release 2.4.0
  • Ubuntu Xenial packages can also be used on Ubuntu Yakkety, Zesty and Artful
  • packages for various other platforms such as Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7 Power PC (ppc64, ppc64le), Red Hat 8, Oracle Linux 6, older Debian distro's, SUSE LInux Enterprise Server, IBM HTTP Server 8.5.5, Mac OS X and Microsoft Windows 64bit are available under a commercial agreement via support@zmartzone.eu

This release was made possible thanks to sustaining sponsor GLUU.

Don't miss a new mod_auth_openidc release

NewReleases is sending notifications on new releases.