ChangeLog 4.33 KB
Newer Older
1 2
06/24/2022
- add cjose, curl and ssl to liboauth2.pc.in
3
- add add curl and cjose flags to liboauth2_cache_la_CFLAGS
4 5
- bump to 1.5.0dev

6
04/16/2022
7
- fix file cache so we do not try to remove a file that was cleaned just before; see #33
8
- fix tests for client_secret_jwt and private_key_jwt so encoded JWT comparison works for cjose >= 0.6.2
9
- release 1.4.4.2
10

11 12 13 14
03/06/2022
- add support for OpenSSL 3.0; closes #31
- bump to 1.5.0dev

15 16 17 18 19
03/03/2022
- fix race condition and potential crash in curl usage in oauth2_url_decode
  see zmartzone/mod_oauth2#27; thanks @rtitle
- release 1.4.4.1

20 21 22 23
12/23/2021
- allow deprecated declarations to build with OpenSSL 3.0; see #31
- release 1.4.4

24 25 26 27 28
12/22/2021
- hash the cache encryption key to a string instead of bytes
- Makefile.am improvements:
  - move OpenSSL libs go generic libraries so cache files compile with the right flags
  - use ${srcdir} to conform to distcheck
29
- add Github Actions CI; remove Travis
30

31 32
10/12/2021
- make outgoing_proxy an endpoint property
33 34
- accommodate for NULL key in oauth2_cache_get and oauth2_cache_set
- release 1.4.3.2
35 36

10/11/2021
37 38 39 40
- add outgoing_proxy option to verify context
- correct remote_user debug printout
- release 1.4.3.1

41 42 43
06/21/2021
- printout remote username claim when not found, for debugging purposes

44 45 46
06/10/2021
- use encrypted JWTs for storing encrypted cache contents and avoid using static AAD/IV
  closes #26; thanks @niebardzo
47
- avoid memory leaks on JWT validation errors
48 49
- release 1.4.3

50 51 52 53 54
06/07/2021
- correct iat slack validation defaults, see https://github.com/zmartzone/mod_oauth2/discussions/20
  thanks @DrakezulsMinimalism
- release 1.4.2.1

55 56 57
05/28/2021
- add Travis and LGTM

58
05/25/2021
59 60
- set memory alignment of shm cache structs to 64 bytes; see #21 and #24
- release 1.4.2
61 62 63 64 65

04/19/2021
- apache: use include directory from APXS; thanks @abbra
- pass missing argument to oauth2_error in _oauth2_dpop_jti_validate; thanks @abbra

66 67 68 69
02/02/2021
- avoid creating files for anonymous shared memory segments; see #18
- release 1.4.1

Hans Zandbelt's avatar
Hans Zandbelt committed
70 71 72
01/30/2021
- fix Apache cleanup routines; see zmartzone/liboauth2#18 and zmartzone/mod_oauth2#7

73
01/26/2021
74 75 76
- add support for RFC 8705 OAuth 2.0 Mutual-TLS Certificate-Bound Access Tokens
  https://tools.ietf.org/html/rfc8705; thanks @vdzhuvinov
 
77 78 79 80 81
12/23/2020
- use per-process semaphore locking to prevent multi-process issue; see #18
- release 1.4.0.1

12/21/2020
Hans Zandbelt's avatar
Hans Zandbelt committed
82 83
- release 1.4.0

84 85 86
12/03/2020
- add oauth2_cfg_openidc_set_options for configurable state cookie handling

87 88 89
12/02/2020
- cleanup OIDC expired/superfluous state cookies; closes zmartzone/ngx_openidc_module#6

Hans Zandbelt's avatar
Hans Zandbelt committed
90 91 92
11/13/2020
- add support for PKCE

93 94 95 96 97
11/12/2020
- separate OpenID client configs and named providers
- fix parsing in oauth2_cfg_set_flag_slot
- add configurable state and session cookie paths

98 99
11/11/2020
- fix session cache handler cloning
100
- support configurable cookie path for session cookie
101

102 103 104
11/09/2020
- refactored caching; use named caches consistently

105 106 107 108
11/08/2020
- use endpoint more consistently
- harmonize naming of endpoint, endpoint auth and ropc

109 110 111
11/07/2020
- don't use automake config.h; closes #10; thanks @babelouest

112 113 114 115
10/07/2020
- add support for DPOP bound access tokens
- bump to 1.4.0-dev

Hans Zandbelt's avatar
Hans Zandbelt committed
116 117
02/27/2020
- lock access to cache globals
118
- log corrections and improvements
Hans Zandbelt's avatar
Hans Zandbelt committed
119

120 121 122 123
02/26/2020
- resolve some TODOs; valgrind
- bump to 1.3.0

124 125 126
02/25/2020
- change to named sessions

127 128 129 130 131
02/21/2020
- add serialized id_token to session
- externalize oauth2_jose_jwt_verify and allow verification context to be NULL
- bump to 1.2.5

132 133 134
02/13/2020
- add userinfo endpoint request and claims
- bump to 1.2.4
135
- change to named cache configurations
136

137 138 139 140
02/10/2020
- implement session expiry checks
- bump to 1.2.3

141 142 143 144
02/05/2020
- add missing ROPC config functions
- bump to 1.2.2

145 146 147 148
02/04/2020
- add generic endpoint config struct and ROPC client capability
- bump to 1.2.1 and bump copyright year

Hans Zandbelt's avatar
Hans Zandbelt committed
149 150 151
01/31/2020
- sane session cfg defaults

152 153 154 155 156
09/12/2019
- change http request header function naming
- more openidc handling
- bump to 1.2.0

157 158 159
09/02/2019
- fix type (auth->client_secret_jwt.aud = NULL); closes #3; thanks @pengjiaoyang

160 161 162
08/19/2019
- add first outline of openidc and sessions

163 164 165 166
07/03/2019
- return status code from HTTP callouts
- bump to version 1.1.1

167 168 169 170
07/01/2019
- encapsulate oauth2_log_sink_t
- bump to version 1.1.0

171 172 173 174
05/20/2019
- add Apache Require claim authorization functions
- bump to version 1.0.1

175 176
03/22/2019
- initial import of version 1.0.0