[ol9_appstream] mod_auth_openidc-2.4.10-1.el9.x86_64

Name:	mod_auth_openidc
Version:	2.4.10
Release:	1.el9
Architecture:	x86_64
Group:	Unspecified
Size:	608156
License:	ASL 2.0
RPM:	mod_auth_openidc-2.4.10-1.el9.x86_64.rpm
Source RPM:	mod_auth_openidc-2.4.10-1.el9.src.rpm
Build Date:	Fri Oct 25 2024
Build Host:	build-ol9-x86_64.oracle.com
Vendor:	Oracle America
URL:	https://github.com/OpenIDC/mod_auth_openidc
Summary:	OpenID Connect auth module for Apache HTTP Server
Description:	This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Changelog (Show File list) (Show related packages)

Fri Apr 12 2024 Tomas Halman <thalman@redhat.com> - 2.4.10-1

Rebase to 2.4.10 version improves `state cookies piling up` problem
  Resolves: RHEL-32450 Race condition in mod_auth_openidc filecache
  Resolves: RHEL-25422 mod_auth_openidc: DoS when using
            `OIDCSessionType client-cookie` and manipulating cookies
            (CVE-2024-24814)

Mon Apr 24 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-4

Resolves: rhbz#2189268 - auth_openidc.conf mode 0640 by default

Tue Apr 11 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-3

- Resolves: rhbz#2184145 - CVE-2023-28625 NULL pointer dereference
  when OIDCStripCookies is set and a crafted Cookie header is supplied

Tue Feb 21 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-2

- Resolves: rhbz#2153656 - CVE-2022-23527 - Open Redirect in
  oidc_validate_redirect_url() using tab character