Skip to content

release 2.4.11
Compare
Choose a tag to compare
@zandbelt zandbelt released this 26 Jan 17:00
· 562 commits to master since this release
v2.4.11
5131a46

Note that as of this release running mod_auth_openidc behind a reverse proxy that sets X-Forwarded-* headers needs explicit configuration of OIDCXForwardedHeaders for mod_auth_openidc to interpret those headers, thus this may break existing configurations if unmodified for the former.

Bugfixes

  • fix use of regular expressions in Require statements
  • no longer defer multi-OP Discovery to the content handler to allow RequireAll and Require not directives in multi-OP setups; closes #775; thanks @rajeevn1
  • improve handling session duration expiry when combined with OIDCUnAuthAction pass or Discovery; see #778
  • terminate on startup when the crypto passphrase generated by exec: is empty; see #767
  • allow authorization on info requests, see #746
  • avoid debug printout of payload as header when the latter is stripped
  • fix race condition in file cache backend reading truncated files under load; see #777; thanks @dbakker

Features

  • make interpretation of X-Forwarded-* headers configurable, defaulting to none so mod_auth_openidc running behind a reverse proxy that sets X-Forwarded-* headers needs explicit configuration of OIDCXForwardedHeaders
  • make X-Frame-Options header returned on OIDC front-channel logout requests configurable through OIDCLogoutXFrameOptions; closes #464
  • add x5t to JWT header in private_key_jwt client assertions; for interop with Azure AD; see #762; thanks @juur
  • improve detection of suspicious redirect URLs; add test list
  • add administrative session revocation capability via <redirect_uri>?revoke_session=<sessionid>

Packaging

  • add support for libpcre2; see #740
  • add AM_PROG_CC_C_O to configure.ac (at least for RHEL 7.7); see #765; thanks @bitmagewb
  • include <openssl/bn.h> in jose.c to compile with OpenSSL 1.0.x
  • install taking into account DESTDIR; see #674; thanks @alerque

Commercial

  • binary packages for various other platforms such as Microsoft Windows 64bit/32bit, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7/8 on Power PC (ppc64, ppc64le), Oracle Linux 6/7, older Ubuntu and Debian distro's, Oracle HTTP Server 11.1/12.1/12.2, IBM HTTP Server 8/9, Solaris 11.4 and Mac OS X are available under a commercial agreement via [email protected]
  • support for Redis over TLS, Redis (TLS) Sentinel, and Redis (TLS) Cluster is available under a commercial license via [email protected]

Contributors

alerque, dbakker, and 3 other contributors
Assets 8
Loading