[ol8_appstream] mod_auth_openidc-2.4.9.4-8.module+el8.10.0+90568+7a187228.x86_64

This module enables an Apache 2.x web server to operate as
an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.

Changelog (Show File list) (Show related packages)

• Fri Apr 25 2025 Tomas Halman <thalman@redhat.com> - 2.4.9.4-8

  - Resolves: RHEL-87759 - Empty POST causes crash with OIDCPreservePost

• Fri Apr 11 2025 Tomas Halman <thalman@redhat.com> - 2.4.9.4-7

  - Resolves: RHEL-86218 - mod_auth_openidc allows OIDCProviderAuthRequestMethod
              POSTs to leak protected data (CVE-2025-31492)

• Fri Apr 12 2024 Tomas Halman <thalman@redhat.com> - 2.4.9.4-6

  - Resolves: RHEL-36492 Race condition in mod_auth_openidc filecache
  - Resolves: RHEL-25421 mod_auth_openidc: DoS when using
      `OIDCSessionType client-cookie` and manipulating cookies
      (CVE-2024-24814)

• Tue Apr 25 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-5

  Related: rhbz#2141850 - fix cjose version dependency

• Mon Apr 24 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-4

  Resolves: rhbz#2141850 - auth_openidc.conf mode 0640 by default

• Tue Apr 11 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-3

  - Resolves: rhbz#2184144 - CVE-2023-28625 NULL pointer dereference
        when OIDCStripCookies is set and a crafted Cookie header is supplied

• Tue Feb 21 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-2

  - Resolves: rhbz#2153659 - CVE-2022-23527 - Open Redirect in
        oidc_validate_redirect_url() using tab character

• Fri Apr 08 2022 Tomas Halman <thalman@redhat.com> - 2.4.9.4-1

  - Resolves: rhbz#2025368 - Rebase to new version

• Fri Jan 28 2022 Tomas Halman <thalman@redhat.com> - 2.3.7-11

  - Resolves: rhbz#1987222 - CVE-2021-32792 XSS when using OIDCPreservePost On

• Fri Jan 28 2022 Tomas Halman <thalman@redhat.com> - 2.3.7-10

  - Resolves: rhbz#1987216 - CVE-2021-32791 hardcoded static IV and AAD with a
                             reused key in AES GCM encryption [rhel-8] (edit)