OpenIDC/mod_auth_openidc v2.4.9.4

release 2.4.9.4

on GitHub

Security

• prevent open redirect by applying OIDCRedirectURLsAllowed setting to target_link_uri; closes #672; thanks @Meheni

Bugfixes

• don't apply authz in discovery process; fixes step up authentication when combined with Discovery

Dependencies

• libcjose >= 0.5.1
  if your distribution does not provide libcjose in its package repository, recent packages for a number of platforms are available from the "Assets" section in release 2.4.0

Commercial

• binary packages for various other platforms such as Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7/8 on Power PC (ppc64, ppc64le), Oracle Linux 6/7, older Ubuntu and Debian distro's, Oracle HTTP Server 11.1/12.1/12.2, IBM HTTP Server 8/9, Mac OS X and Microsoft Windows 64bit/32bit are available under a commercial agreement via sales@zmartzone.eu
• support for Redis over TLS, Redis (TLS) Sentinel, and Redis (TLS) Cluster is available under a commercial license via sales@zmartzone.eu