Skip to content

release 2.4.14.2
Compare
Choose a tag to compare
@zandbelt zandbelt released this 06 Jun 04:20
· 347 commits to master since this release
v2.4.14.2
44ede94

Note that as of release 2.4.14 the use of OIDCHTMLErrorTemplate is deprecated and one should instead rely on standard Apache error handling capabilities, optionally customized through ErrorDocument. The environment variable strings REDIRECT_OIDC_ERROR and REDIRECT_OIDC_ERROR_DESC are available for display purposes.

Bugfixes

  • fix OIDCUnAutzAction auth step up authentication - which in 2.4.14.1 would only work with an SSI enabled ErrorDocument - by reverting all 401/403/302/step up behaviour to <= 2.4.13.2; this re-introduces the limitation for step up authentication being restricted to a single Require or a RequireAll statement
  • avoid using encryption keys as signing keys for request objects and private_key_jwt token endpoint auth

Features

  • add support for extend_session=false query parameter to the info hook to avoid extending the session on calls to the info hook

Other

  • log the first Redis error as a warning before retrying

Commercial

  • binary packages for various other platforms such as Microsoft Windows 64bit/32bit, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7/8 on Power PC (ppc64, ppc64le), Oracle Linux 6/7, older Ubuntu and Debian distro's, Oracle HTTP Server 11.1/12.1/12.2, IBM HTTP Server 8/9, Solaris 11.4, IBM AIX 7.2 and Mac OS X are available under a commercial agreement via [email protected]
  • support for Redis over TLS, Redis (TLS) Sentinel, and Redis (TLS) Cluster is available under a commercial license via [email protected]
Assets 11
Loading