File: ChangeLog

package info (click to toggle)
libapache2-mod-sts 3.4.0-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid, trixie
  • size: 1,660 kB
  • sloc: sh: 4,350; ansic: 1,262; makefile: 38
file content (182 lines) | stat: -rw-r--r-- 4,498 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
 
12/06/2023
- add support for the client credentials grant type
- depend on liboauth >= 1.6.0
- release 3.4.0

03/08/2023
- move repo to OpenIDC github organization

12/06/2022
- change Makefile install procedure
- depend on liboauth 1.4.5.2
- release 3.3.0

07/15/2021
- release 3.2.1

07/02/2021
- add option to not return an error on token missing/exchange failure

07/01/2021
- change configure.ac to find Apache flags correctly

12/22/2020
- depend on liboauth2 1.4.0
- release 3.2.0

11/13/2020
- add STSCryptoPassphrase

11/10/2020
- use refactored liboauth2-sts

11/07/2020
- remove config.h
- depend on liboauth2 >= 1.4.0
- bump to 3.2.0-dev
- liboauth2-sts: fix parsing of cache parameters (hardcoded leftover "max_key_size=8")

02/14/2020
- depend on liboauth 1.2.4 with named cache

02/05/2020
- depend on liboauth2 1.2.2 with new ROPC capability
- bump to 3.1.1

09/12/2019
- depend on liboauth2 1.2.0 with new request header API
- bump to 3.1.0

08/06/2019
- use fixup hook instead of access hook to be backwards compatible and work with mod_auth_openidc
- version 3.0.4

08/01/2019
- fix STSAcceptSourceTokenIn "struct is null"
- version 3.0.3

07/17/2019
- add r->user option to sts_handler by setting STSROPCUsername to "*"
- version 3.0.2

07/03/2019
- return status code from STS call if > 500 (504 = gateway timeout)
- bump liboauth2 dependency to 1.1.1
- version 3.0.1

03/21/2019
- revamp based on liboauth2 1.0.0
- version 3.0.0

10/02/2018
- various corrections related to packaging
- version 0.9.6

10/01/2018
- use non-binary security token as default WS-Trust source token
- support adding the target token in a POST parameter (e.g. an access token) 
- version 0.9.5

9/30/2018
- WS-Trust support for source tokens other than OAuth tokens e.g SAML 2.0 or UserName tokens
- WS-Trust support for non-BinarySecurityToken target tokens
- version 0.9.4

9/30/2018
- update shm cache so it supports graceful restarts, see: https://github.com/zmartzone/mod_auth_openidc/issues/296
- version 0.9.3

9/29/2018
- run at post_read phase instead of fixup phase, except if no source token was (yet) found in an env var
- version 0.9.2

9/29/2018
- set defaults to NULL and do per-mode configuration checks on startup
- version 0.9.1

9/29/2018
- remove STSROPCRequestParameter, STSOTXRequestParameter and STSResource; merge into STSRequestParameter
- version 0.9.0

9/29/2018
- correct resource->aud handling for ROPC flows and add extra params with STSROPCRequestParameter
- version 0.8.1

9/29/2018
- correct caching on a per-directory configuration based context
- version 0.8.0

9/28/2018
- add name value parameters by AP_INIT_TAKE2 syntax and rename STSOTXRequestParameters to STSOTXRequestParameter
- version 0.7.6

9/28/2018
- get subject_token_type request parameter from STSOTXRequestParameters
- version 0.7.5

9/28/2018
- support stripping the source token from the outgoing request
- version 0.7.4

9/28/2018
- support extra parameters to the OAuth 2.0 token exchange request via STSOTXRequestParameters
- version 0.7.3

9/28/2018
- add client_id to OTX request if auth=none; some cleanups
- version 0.7.2

9/28/2018
- support private_key_jwt authentication method for ropc/otx
- version 0.7.1

9/27/2018
- support client_secret_jwt authentication method for ropc/otx
- version 0.7.0

9/27/2018
- split out exchange protocol functions in separate files
- version 0.6.0

9/27/2018
- support client authentication methods: basic, post, client cert
- version 0.5.1

9/27/2018
- support multiple target token representations
- support multiple named options in source and target tokens
- adapt README.md to generic tokens
- version 0.5.0

9/25/2018
- re-factor helper functions into util.c
- parse options on incoming access token presentation method (e.g. cookie:PA.global)
- version 0.4.2

9/25/2018
- add configurable resource parameter support with STSResource
- version 0.4.1

9/25/2018
- add STSSSLValidate server option and configurable STSHTTPTimeOut
- correctly form-encode POST parameters
- add support for draft IETF token exchange protocol
- version 0.4.0

9/24/2018
- pass client_id in username
- update README.md and add sts.conf
- support setting WS-Trust ValueType using STSWSTrustValueType
- version 0.3.1

9/23/2018
- support configurable access token methods
- first iteration of ROPC mode
- version 0.3.0

8/9/2018
- allow configuration of multiple exchange protocols (and support only one yet)
- version 0.2.0

3/27/2017
- initial import of version 0.1.0