[ol7_latest] mod_auth_openidc-1.8.8-7.el7.aarch64

This module enables an Apache 2.x web server to operate as
an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Changelog (Show File list) (Show related packages)

• Mon Mar 16 2020 Jakub Hrozek <jhrozek@redhat.com> - 1.8.8-7

  - Fix a regression in the previous patches
  - Related: rhbz#1805748 - CVE-2019-20479 mod_auth_openidc: open redirect
                            issue exists in URLs with slash and backslash [rhel-7]

• Mon Mar 16 2020 Jakub Hrozek <jhrozek@redhat.com> - 1.8.8-6

  - Resolves: rhbz#1805748 - CVE-2019-20479 mod_auth_openidc: open redirect
                             issue exists in URLs with slash and backslash [rhel-7]
  - Resolves: rhbz#1805067 - CVE-2019-14857 mod_auth_openidc: Open redirect
                             in logout url when using URLs with leading slashes
                             [rhel-7]

• Tue Jan 29 2019 Jakub Hrozek <jhrozek@redhat.com> - 1.8.8-5

  - Resolves: rhbz#1626297 - CVE-2017-6413 mod_auth_openidc: OIDC_CLAIM and
                             OIDCAuthNHeader not skipped in an "AuthType oauth20"
                             configuration [rhel-7]

• Tue Jan 29 2019 Jakub Hrozek <jhrozek@redhat.com> - 1.8.8-4

  - Resolves: rhbz#1626299 - CVE-2017-6059 mod_auth_openidc: Shows
                             user-supplied content on error pages [rhel-7]

• Thu Mar 31 2016 John Dennis <jdennis@redhat.com> - 1.8.8-3

  - fix unit test failure caused by apr_jwe_decrypt_content_aesgcm()
    failing to null terminate decrypted string
    Resolves: bug#1292561 New package: mod_auth_openidc

• Tue Mar 29 2016 John Dennis <jdennis@redhat.com> - 1.8.8-2

  - Add %check to run test
    Resolves: bug#1292561 New package: mod_auth_openidc

• Tue Mar 29 2016 John Dennis <jdennis@redhat.com> - 1.8.8-1

  - Initial import
    Resolves: bug#1292561 New package: mod_auth_openidc