release 2.3.10.1

Note: 2.3.10.1 fixes a bug in 2.3.10 wrt. query parameter duplication in the URL, see #420

This release was made possible thanks to sustaining sponsor GLUU.

Bugfixes

• retain the unparsed URL path in current/original URL determination, thereby preserving and support URL-encoded characters in paths when redirecting back to the original URL; thanks Michael Furman
• fix encryption buffer tag length mismatch

Features

• optionally delete the oldest state cookie(s) using OIDCStateMaxNumberOfCookies <number> true see #399
• add state to code exchange token requests only in multi-provider setups; see #402; thanks @ecattez
• add support for refreshing an access token associated with an OIDC session using OIDCRefreshAccessTokenBeforeExpiry; thanks Andreas Hanisch

Packaging

• the libcjose >= 0.5.1 binaries that this module depends on are available from the release 2.3.0 "Assets" section
• Ubuntu Xenial packages can also be used on Ubuntu Yakkety, Zesty and Artful; the Debian Wheezy package can be used on Ubuntu Precise
• Windows 64bit builds (and builds for various other platforms) are available under a commercial agreement via [email protected]