Permalink
Cannot retrieve contributors at this time
Name already in use
A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?
mod_auth_openid/ChangeLog
Go to fileThis commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
68 lines (57 sloc)
3.55 KB
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # See http://github.com/bmuller/mod_auth_openid for a full ChangeLog history. | |
| # Some issue references are from an old Trac installation. New bugs can be found | |
| # at http://github.com/bmuller/mod_auth_openid/issues and are prefixed with a # | |
| Version 0.8 | |
| Added support for Apache 2.4 | |
| Fixed issue with str_replace causing segfault on empty string | |
| Fixed issue preventing valid authentication when session cookie wasn't being used | |
| Version 0.7 | |
| Fixed issue #13 - issue with handling POST data | |
| Fixed issue #10 - curl_unescape deprecated / libcurl doesn't unescape '+' as a space | |
| Fixed "configure: error: conditional "DEBUG" was never defined." message when running autogen.sh. | |
| Single OP mode | |
| Set HttpOnly on session-scoped cookies too | |
| Can now validate AX attrs by regex | |
| Added AuthOpenIDSecureCookie directive to limit session cookie retrieval to HTTPS connections | |
| Implemented AuthOpenIDAXUsername and AuthOpenIDSecureCookie | |
| Described functionality of AuthOpenIDSingleIdP, AuthOpenIDAXRequire, AuthOpenIDAXUsername, AuthOpenIDSecureCookie | |
| Fixed security vulnerability - sqlite DB should not be world readable | |
| Version 0.6 | |
| Now a true authorization module (using ap_hook_check_user_id) (issue 79) | |
| Because now using propper hook, REMOTE_USER now accessible to mod_rewrite (issue #2) | |
| Now using integrated apache logging rather than logging directly to apache log with printing to stderr | |
| Fixed error that caused openid_identifier to leak into return_to, causes cancel messages to fail (issue 92) | |
| Fixed problem with module not always recognizing when locked URL was using https (issue 83) | |
| Version 0.5 | |
| Added support for HTML form submission (POSTs) per the 2.0 spec (issue 52) | |
| Created AuthOpenIDCookiePath option (issue 76) | |
| Nonce is now more secure (issue 77) | |
| Version 0.4 | |
| Fixed bug involving custom auth cookie names (issue 27) | |
| No longer clearing attribute exchange parameters (issue 34) - see wiki page for attribute exchange | |
| Added ability to specify external program for authorization (issues 8, 35, and 17) | |
| Fixed bug that left openid params in referrer param after custom login page redirect (issue 28). | |
| Fixed bug that resulted in referrer param not having http/s being set correctly (issue 26). | |
| Fixed bug that resulted in auth error when too many requests were hitting Session DB (issue 36). | |
| Fixed bug that set REMOTE_USER to normalized id rather than claimed id (issue 37). | |
| Version 0.3 | |
| Added support for OpenID 2.0 spec - using new libopkele | |
| Removed support for BDB - now SQLite only | |
| Fixed security issue with sessions potentially being valid for too long (issue 16) | |
| Changed get param from openid.identity to openid_identifier (per 2.0 spec - issue 14) | |
| Version 0.2.1 | |
| 302 Redirect issue fixed - nasty, reason for 0.2.1 release (issue 6) | |
| AuthOpenIDEnabled now allowed in .htaccess files (issue 9) | |
| Fixed links on default login page (issue 12) | |
| Version 0.2 | |
| openid.ax and openid.sreg parameters are no longer cleansed from URL (issue 1) | |
| Added AuthOpenIDServerName configuration option (issue 3) | |
| Removed dependency on libpcre++ (libpcre still required) | |
| Added a modauthopenid.referrer parameter that is passed on to login pages (issue 4) | |
| Updated code to work with libopkele version 3 API | |
| Version 0.1 | |
| Changed license to less restrictive MIT license to avoid legal nasties in the future. | |
| Added sqlite support as an alternative to bdb. | |
| Added AuthOpenIDCookieLifespan option. | |
| Fixed bug where REMOTE_USER CGI environment variable was not being set correctly when ID was delegated. | |
| Fixed bug where REMOTE_USER CGI environment variable was not being set if the session cookie wasn't enabled. | |