Bugfixes
- don't set
SameSite=None
on cookies when on plain http - fix semaphore cleanup on graceful restarts; see #522
- fix inconsistent public/private keys loading order; closes #515
- return
HTTP 400 Bad Request
instead of500 Internal Server Error
when state cookie matching fails - optimize Redis
AUTH
execution once per connection - avoid segmentation fault when hitting an endpoint configured with
AuthType openid-connect
in an OAuth 2.0 only setup; see #529 - make sure the module compiles with Apache 2.2 for passphrase exec:
Features
- add Redis database selection option with
OIDCRedisCacheDatabase
; closes #423 - add
base64url
option toOIDCPassClaimsAs
primitive; closes #417 - add environment variable to control libcURL
CURLOPT_SSL_OPTIONS
behaviors e.g.:
SetEnvIfExpr true CURLOPT_SSL_OPTIONS=CURLSSLOPT_NO_REVOKE
- removed support for https://tools.ietf.org/html/draft-bradley-oauth-jwt-encoded-state
Security
- avoid displaying the
client_secret
in debug logs
Dependencies
libcjose >= 0.5.1
if your distribution does not providelibcjose
in its package repository, recent packages for a number of platforms are available from the "Assets" section in release 2.4.0
Other
- binary packages for various other platforms such as Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7 Power PC (ppc64, ppc64le), Oracle Linux 6/7, older Ubuntu and Debian distro's, Oracle HTTP Server 11.1/12.2, IBM HTTP Server 8/9, Mac OS X and Microsoft Windows 64bit/32bit are available under a commercial agreement via sales@zmartzone.eu
- support for Redis (TLS) Cluster and Redis over TLS is available under a commercial license via sales@zmartzone.eu