1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
libapache2-mod-auth-openidc (2.4.15.1-1) unstable; urgency=medium
The 2.4.15.x releases change a number of default settings to their more
secure and standards-compliant values. In rare cases this may break existing
configurations which can be restored as described below. Nevertheless it is
recommended to update the environment to accommodate to the new defaults.
New Defaults:
* use Proof Key for Code Exchange (PKCE S256) by default; disable by
configuring OIDCPKCEMethod none
* use SameSite cookies Strict by default; disable by configuring
OIDCCookieSameSite Off
* apply ISO-8859-1 (latin1) as default encoding mechanism for claim values
passed in headers and environment variables to comply with rfc5987;
use OIDCPassClaimsAs <any> none for backwards compatibility
-- Moritz Schlarb <schlarbm@uni-mainz.de> Thu, 01 Feb 2024 21:24:55 +0100
libapache2-mod-auth-openidc (2.4.14.2-1) unstable; urgency=medium
Note that as of release 2.4.14 the use of OIDCHTMLErrorTemplate is
deprecated and one should instead rely on standard Apache error handling
capabilities, optionally customized through [ErrorDocument]. The environment
variable strings REDIRECT_OIDC_ERROR and REDIRECT_OIDC_ERROR_DESC are
available for display purposes.
[ErrorDocument]: https://httpd.apache.org/docs/2.4/custom-error.html
-- Moritz Schlarb <schlarbm@uni-mainz.de> Thu, 01 Feb 2024 21:09:11 +0100
libapache2-mod-auth-openidc (2.4.11-1) unstable; urgency=medium
Note that as of release 2.4.11 running mod_auth_openidc behind a reverse
proxy that sets X-Forwarded-* headers needs explicit configuration of
OIDCXForwardedHeaders for mod_auth_openidc to interpret those headers, thus
this may break existing configurations if unmodified for the former.
-- Moritz Schlarb <schlarbm@uni-mainz.de> Thu, 01 Feb 2024 21:04:03 +0100
|
