release 1.8.9

Features

• support 410 option on OIDCUnAuthAction; closes #141
• return WWW-Authenticate header on OAuth 2.0 protected paths to conform better to the spec; closes #124; thanks @spinto
• improve support for public clients; closes #130

Bugfixes

• improve X-Forwarded-Host handling over Host
• always make claims from the id_token available for authorization; closes #129
• apr_jwe_decrypt_content_aesgcm() null terminate string, #127, thanks @jdennis
• fix unit test on Apache 2.4 and error description
• fix segfault if OIDCRedirectURI is empty; fixes #138; thanks @brianwcook
• avoid parsing previous refresh timestamp if that failed earlier
• fix get_current_url (proxy) case where r->parsed_uri.path would be null