-
Sun Feb 09 2020 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-9
- Resolves: rhbz#1791264 - Backport SameSite=None cookie from upstream to
support latest browsers
-
Wed Oct 09 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-8
- Resolves: rhbz#1731052 - CVE-2019-13038 mod_auth_mellon: an Open Redirect via
the login?ReturnTo= substring which could facilitate
information theft [rhel-7]
-
Tue Aug 06 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-7
- Resolves: rhbz#1727789 - mod_auth_mellon fix for AJAX header name
X-Requested-With
-
Tue Apr 02 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-6
- Apply the patch from the previous commit
- Resolves: rhbz#1692470 - CVE-2019-3877 mod_auth_mellon: open redirect
in logout url when using URLs with backslashes
[rhel-7]
-
Tue Apr 02 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-5
- Resolves: rhbz#1692470 - CVE-2019-3877 mod_auth_mellon: open redirect
in logout url when using URLs with backslashes
[rhel-7]
-
Fri Mar 22 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-4
- Resolves: rhbz#1576719 - ECP flow not triggering, instead client access
secured resources without ECP authentication
-
Tue Mar 05 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-3
- Resolves: rhbz#1652980 - mod_auth_mellon Cert files name wrong when
hostname contains a number
-
Fri Jun 01 2018 <jdennis@redhat.com> - 0.14.0-2
- Resolves: rhbz#1553885
- fix file permissions on doc files
-
Fri Jun 01 2018 <jdennis@redhat.com> - 0.14.0-1
- Resolves: rhbz#1553885
- Rebase to current upstream release
-
Thu Mar 29 2018 John Dennis <jdennis@redhat.com> - 0.13.1-2
- Resolves: rhbz#1481330 Add diagnostic logging
- Resolves: rhbz#1295472 Add MellonSignatureMethod config option to set
signature method used to sign SAML messages sent by Mellon.
Defaults to original sha1.