Revisions of apache2-mod_auth_openidc
buildservice-autocommit
accepted
request 1166662
from
Danilo Spinella (dspinella)
(revision 69)
baserev update by copy to link target
Danilo Spinella (dspinella)
accepted
request 1161426
from
Petr Gajdos (pgajdos)
(revision 68)
- version update to 2.4.15.6 03/14/2024 - fix userinfo refresh interval parsing; closes #1200; thanks @HolgerHees avoid refreshing userinfo on each request until access token expiry - store interval as JSON integer in session - use SameSite=Lax when OIDCCookieSameSite is On (also by default) instead of Strict as overriding from Lax to Strict does not work reliably anymore (Chrome) - release 2.4.15.6 03/13/2024 - fix compilation without libhiredis; closes #1195 ; thanks @HolgerHees conditionally define oidc_set_redis_connect_timeout - fix `OIDCPassClaimsAs environment` bug introduced in 2.4.15.4; see #1196; thanks @HolgerHees - release 2.4.15.5 03/12/2024 - release 2.4.15.4 - fix setting the default PCKE method to "none" in a multi-provider setup
buildservice-autocommit
accepted
request 1147523
from
Petr Gajdos (pgajdos)
(revision 67)
baserev update by copy to link target
Petr Gajdos (pgajdos)
accepted
request 1147162
from
Danilo Spinella (dspinella)
(revision 66)
- Update to 2.4.15.3: * for the complete list of changes, please have a look at ChangeLog - Fix CVE-2024-24814, DoS when `OIDCSessionType client-cookie` is set and a crafted Cookie header is supplied, bsc#1219911
buildservice-autocommit
accepted
request 1130032
from
Danilo Spinella (dspinella)
(revision 65)
baserev update by copy to link target
Danilo Spinella (dspinella)
accepted
request 1130030
from
Danilo Spinella (dspinella)
(revision 64)
- update to 2.4.14.4: * for the complete list of changes, please have a look at ChangeLog
buildservice-autocommit
accepted
request 1044612
from
Danilo Spinella (dspinella)
(revision 63)
baserev update by copy to link target
Danilo Spinella (dspinella)
accepted
request 1043933
from
Michael Ströder (stroeder)
(revision 62)
- update to 2.4.12.2 * Security - CVE-2022-23527: prevent open redirect in default setup when OIDCRedirectURLsAllowed is not configured see: GHSA-q6f2-285m-gr53 * Features - allow overriding the type of lock used at compile time with OIDC_LOCK
buildservice-autocommit
accepted
request 1036637
from
Danilo Spinella (dspinella)
(revision 61)
baserev update by copy to link target
Danilo Spinella (dspinella)
accepted
request 1035899
from
Michael Ströder (stroeder)
(revision 60)
update to 2.4.12.1
buildservice-autocommit
accepted
request 1029694
from
Kristyna Streitova (kstreitova)
(revision 59)
baserev update by copy to link target
Kristyna Streitova (kstreitova)
accepted
request 1021390
from
Michael Ströder (stroeder)
(revision 58)
update to 2.4.12
buildservice-autocommit
accepted
request 998851
from
Danilo Spinella (dspinella)
(revision 57)
baserev update by copy to link target
Danilo Spinella (dspinella)
accepted
request 998850
from
Michael Ströder (stroeder)
(revision 56)
update to 2.4.11.3
buildservice-autocommit
accepted
request 991565
from
Danilo Spinella (dspinella)
(revision 55)
baserev update by copy to link target
Danilo Spinella (dspinella)
accepted
request 990989
from
Michael Ströder (stroeder)
(revision 54)
- removed obsolete BuildRequires autoconf and automake - update to 2.4.11.2
Danilo Spinella (dspinella)
accepted
request 916770
from
Michael Ströder (stroeder)
(revision 52)
- update to 2.4.9.4 * Security - prevent open redirect by applying OIDCRedirectURLsAllowed setting to target_link_uri; closes #672 * Bugfixes - don't apply authz in discovery process; fixes step up authentication when combined with Discovery
Danilo Spinella (dspinella)
accepted
request 914596
from
Michael Ströder (stroeder)
(revision 50)
- update to 2.4.9.3 * Bugfixes - don't apply authz to the redirect URI; fixes ac56864
Displaying revisions 1 - 20 of 69