[ol8_appstream] mod_auth_openidc-2.4.9.4-5.module+el8.9.0+90009+6a7196cf.aarch64

Name:	mod_auth_openidc
Version:	2.4.9.4
Release:	5.module+el8.9.0+90009+6a7196cf
Architecture:	aarch64
Module:	mod_auth_openidc:2.3:8090020231024090157:b46abd14
Group:	Unspecified
Size:	609324
License:	ASL 2.0
RPM:	mod_auth_openidc-2.4.9.4-5.module+el8.9.0+90009+6a7196cf.aarch64.rpm
Source RPM:	mod_auth_openidc-2.4.9.4-5.module+el8.9.0+90009+6a7196cf.src.rpm
Build Date:	Tue Oct 24 2023
Build Host:	build-ol8-aarch64.oracle.com
Vendor:	Oracle America
URL:	https://github.com/zmartzone/mod_auth_openidc
Summary:	OpenID Connect auth module for Apache HTTP Server
Description:	This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Changelog (Show File list) (Show related packages)

Tue Apr 25 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-5
```
Related: rhbz#2141850 - fix cjose version dependency
```

Mon Apr 24 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-4

Resolves: rhbz#2141850 - auth_openidc.conf mode 0640 by default

Tue Apr 11 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-3

- Resolves: rhbz#2184144 - CVE-2023-28625 NULL pointer dereference
      when OIDCStripCookies is set and a crafted Cookie header is supplied

Tue Feb 21 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-2

- Resolves: rhbz#2153659 - CVE-2022-23527 - Open Redirect in
      oidc_validate_redirect_url() using tab character

Fri Apr 08 2022 Tomas Halman <thalman@redhat.com> - 2.4.9.4-1
```
- Resolves: rhbz#2025368 - Rebase to new version
```

Fri Jan 28 2022 Tomas Halman <thalman@redhat.com> - 2.3.7-11

- Resolves: rhbz#1987222 - CVE-2021-32792 XSS when using OIDCPreservePost On

Fri Jan 28 2022 Tomas Halman <thalman@redhat.com> - 2.3.7-10

- Resolves: rhbz#1987216 - CVE-2021-32791 hardcoded static IV and AAD with a
                           reused key in AES GCM encryption [rhel-8] (edit)

Fri Oct 29 2021 Tomas Halman <thalman@redhat.com> - 2.3.7-9

- Resolves: rhbz#2001853 - CVE-2021-39191 open redirect by supplying a crafted URL
                           in the target_link_uri parameter

Tue Nov 17 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-8

- Resolves: rhbz#1823756 - Backport SameSite=None cookie from
                           mod_auth_openidc upstream to support latest browsers

Tue Nov 17 2020 Jakub Hrozek <jhrozek@redhat.com> - 2.3.7-7

- Resolves: rhbz#1897992 - OIDCStateInputHeaders &
                           OIDCStateMaxNumberOfCookies in existing
                           mod_auth_openidc version
- Backport the OIDCStateMaxNumberOfCookies option
- Configure which header value is used to calculate the fingerprint of
  the auth state