Skip to content

release 2.3.7

Choose a tag to compare

View all tags
@zandbelt zandbelt released this 06 Jul 06:34
· 1462 commits to master since this release
v2.3.7
eb42628

You are strongly advised to upgrade to 2.3.7 when using Redis caching across multiple vhosts in the same Apache server.

Bugfixes

  • fix Redis concurrency issue when used with multiple vhosts which would lead to cache corruption and random cache entry swaps
  • clear session cookie and contents if cache corruption is detected to avoid looping
  • abort when string length for remote user name substitution is >=255 characters (e.g. in Distinguished Names) and deal with lengths >50

Features

  • add support for authorization server metadata Discovery documents with OIDCOAuthServerMetadataURL in OAuth 2.0 Resource Server setups as specified in RFC 8414

Packaging

  • the libcjose 0.5.1 binaries that this module depends on are available from the release 2.3.0 "Assets" section
  • Ubuntu Xenial packages can also be used on Ubuntu Yakkety, Zesty and Artful; the Debian Wheezy package can be used on Ubuntu Precise
Assets 9
Loading