-
Mon Apr 24 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-4
Resolves: rhbz#2189268 - auth_openidc.conf mode 0640 by default
-
Tue Apr 11 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-3
- Resolves: rhbz#2184145 - CVE-2023-28625 NULL pointer dereference
when OIDCStripCookies is set and a crafted Cookie header is supplied
-
Tue Feb 21 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-2
- Resolves: rhbz#2153656 - CVE-2022-23527 - Open Redirect in
oidc_validate_redirect_url() using tab character
-
Tue Nov 30 2021 Tomas Halman <thalman@redhat.com> - 2.4.9.4-1
- Resolves: rhbz#2001852 - CVE-2021-39191 mod_auth_openidc: open redirect
by supplying a crafted URL in the target_link_uri
parameter
-
Mon Aug 09 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.8.2-3
- Rebuilt for IMA sigs, glibc 2.34, aarch64 flags
Related: rhbz#1991688
-
Fri Jul 30 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.4.9.1-1
- Resolves: rhbz#1987223 - CVE-2021-32792 mod_auth_openidc: XSS when using
OIDCPreservePost On [rhel-9.0]
- Resolves: rhbz#1987217 - CVE-2021-32791 mod_auth_openidc: hardcoded
static IV and AAD with a reused key in AES GCM
encryption [rhel-9.0]
- Resolves: rhbz#1987204 - CVE-2021-32786 mod_auth_openidc: open redirect in
oidc_validate_redirect_url() [rhel-9.0]
-
Wed Jun 16 2021 Mohan Boddu <mboddu@redhat.com> - 2.4.8.2-2
- Rebuilt for RHEL 9 BETA for openssl 3.0
Related: rhbz#1971065
-
Mon May 10 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.4.8.2-1
- New upstream release
- Resolves: rhbz#1958466 - mod_auth_openidc-2.4.8.2 is available
-
Thu May 06 2021 Jakub Hrozek <jhrozek@redhat.com> - 2.4.7.2-1
- New upstream release
- Resolves: rhbz#1900913 - mod_auth_openidc-2.4.7.2 is available
-
Fri Apr 30 2021 Tomas Halman <thalman@redhat.com> - 2.4.4.1-3
- Resolves: rhbz#1951277 - Remove unnecessary LTO patch