-
Thu Oct 08 2020 Jakub Hrozek <jhrozek@redhat.com> - 1.8.8-9
- Rebuild to pick up the proper build tag
- Related: rhbz#1823762 - Backport SameSite=None cookie from
mod_auth_openidc upstream to support
latest browsers [rhel-7.9.z]
-
Wed Aug 26 2020 Jakub Hrozek <jhrozek@redhat.com> - 1.8.8-8
- Resolves: rhbz#1823762 - Backport SameSite=None cookie from
mod_auth_openidc upstream to support
latest browsers [rhel-7.9.z]
-
Mon Mar 16 2020 Jakub Hrozek <jhrozek@redhat.com> - 1.8.8-7
- Fix a regression in the previous patches
- Related: rhbz#1805748 - CVE-2019-20479 mod_auth_openidc: open redirect
issue exists in URLs with slash and backslash [rhel-7]
-
Mon Mar 16 2020 Jakub Hrozek <jhrozek@redhat.com> - 1.8.8-6
- Resolves: rhbz#1805748 - CVE-2019-20479 mod_auth_openidc: open redirect
issue exists in URLs with slash and backslash [rhel-7]
- Resolves: rhbz#1805067 - CVE-2019-14857 mod_auth_openidc: Open redirect
in logout url when using URLs with leading slashes
[rhel-7]
-
Tue Jan 29 2019 Jakub Hrozek <jhrozek@redhat.com> - 1.8.8-5
- Resolves: rhbz#1626297 - CVE-2017-6413 mod_auth_openidc: OIDC_CLAIM and
OIDCAuthNHeader not skipped in an "AuthType oauth20"
configuration [rhel-7]
-
Tue Jan 29 2019 Jakub Hrozek <jhrozek@redhat.com> - 1.8.8-4
- Resolves: rhbz#1626299 - CVE-2017-6059 mod_auth_openidc: Shows
user-supplied content on error pages [rhel-7]
-
Thu Mar 31 2016 John Dennis <jdennis@redhat.com> - 1.8.8-3
- fix unit test failure caused by apr_jwe_decrypt_content_aesgcm()
failing to null terminate decrypted string
Resolves: bug#1292561 New package: mod_auth_openidc
-
Tue Mar 29 2016 John Dennis <jdennis@redhat.com> - 1.8.8-2
- Add %check to run test
Resolves: bug#1292561 New package: mod_auth_openidc
-
Tue Mar 29 2016 John Dennis <jdennis@redhat.com> - 1.8.8-1
- Initial import
Resolves: bug#1292561 New package: mod_auth_openidc