ยซ Changelog History


OpenID v2.4.1 Release Notes

Release Date: 2020-01-30 // about 4 years ago

  • ๐Ÿš€ This release primarily addresses upcoming changes in SameSite Set-Cookie behaviour in Chrome and Firefox, see: https://blog.chromium.org/2019/10/developers-get-ready-for-new.html

    ๐Ÿ”‹ Features

    • always add a SameSite value (default None) to the Set-Cookie header value; this can be overridden by using the environment variable OIDC_SET_COOKIE_APPEND, e.g.:
      SetEnvIf User-Agent ".*IOS.*" OIDC_SET_COOKIE_APPEND=;
    • โž• add the possibility to use a public key instead of a certificate for OIDCPublicKeyFiles parameter; thanks @absynth76
    • support login with OIDC session management; address #456; thanks Paolo Battino
    • ๐Ÿ‘Œ support 407 option on OIDCUnAuthAction; thanks @dfsin-sa

    ๐Ÿ›  Bugfixes

    • ๐Ÿ›  fix parsing of values from metadata files when the default is non-NULL (e.g. UNSET)
    • enforce OIDCIDTokenSignedResponseAlg and OIDCUserInfoSignedResponseAlg; see #435
    • changed storing POST params from localStorage to sessionStorage due to some issue of losing data in localStorage in Firefox (private mode); see #447 #441
    • improve validation of the post-logout URL to avoid an open redirect; closes #449
    • unset chunked cookies if setting a non-chunked cookie; thanks @alindeman

    Other

    • โš  make cleaning of expired state cookies log with a warning rather than an error; thanks Pavel Drobov
    • return 200 OK for backchannel logout if session not found
    • โž• added an Alpine Linux Dockerfile =~ 20MB container size; thanks @absynth76
    • try to fix graceful restart crash; see #458; thanks @studersi

    Packaging

    • ๐Ÿš€ the libcjose >= 0.5.1 binaries that this module depends on are available from the "Assets" section in release 2.4.0
    • ๐Ÿ“ฆ Ubuntu Xenial packages can also be used on Ubuntu Yakkety, Zesty and Artful
    • ๐Ÿง packages for various other platforms such as Redhat Enterprise Linux 6, Redhat Enterprise Linux 7 Power PC (ppc64, ppc64le), older Debian distro's, SUSE LInux Enterprise Server, IBM HTTP Server 8.5.5, Mac OS X and Microsoft Windows 64bit are available under a commercial agreement via [email protected]

    ๐Ÿš€ This release was made possible thanks to sustaining sponsor GLUU.

    Please consider sponsoring maintenance and development of mod_auth_openidc via Patreon.