[ All 3 A B C D E F G H I J K L M N O P Q R S T U V W X Y Z ]
×

Project mod_auth_openidc-2.4.9.4-8.module+el8.10.0+636+ce72ae58

Name mod_auth_openidc
Epoch 0
Version 2.4.9.4
Release 8.module+el8.10.0+636+ce72ae58
Website/URL https://github.com/zmartzone/mod_auth_openidc
License ASL 2.0
Build Time 2025-05-09 22:00:50
Build Host builder-x86-06.inferitos.ru
Summary OpenID Connect auth module for Apache HTTP Server
Repositories AppStream
Description This module enables an Apache 2.x web server to operate as an OpenID Connect Relying Party and/or OAuth 2.0 Resource Server.
Errata INFSA-2025:4597
× Full screenshot
Found 3 old versions
Packages link
Package Summary SHA-256 checksum
x86_64
mod_auth_openidc-2.4.9.4-8.module+el8.10.0+636+ce72ae58.x86_64 OpenID Connect auth module for Apache HTTP Server e2baf6df977ed2b2b435991e1ab3ca3adf729534cbae2b10559c9d09bc7ae83c download
src
mod_auth_openidc-2.4.9.4-8.module+el8.10.0+636+ce72ae58.src OpenID Connect auth module for Apache HTTP Server 6776aaf46d36f7a7a3eb457d99ee5a42df2c78224fbd8c056a01e9fbd2bb15c2 download
Changelog link 
* Fri Apr 25 2025 Tomas Halman <thalman@redhat.com> - 2.4.9.4-8
- Resolves: RHEL-87759 - Empty POST causes crash with OIDCPreservePost

* Fri Apr 11 2025 Tomas Halman <thalman@redhat.com> - 2.4.9.4-7
- Resolves: RHEL-86218 - mod_auth_openidc allows OIDCProviderAuthRequestMethod
            POSTs to leak protected data (CVE-2025-31492)

* Fri Apr 12 2024 Tomas Halman <thalman@redhat.com> - 2.4.9.4-6
- Resolves: RHEL-36492 Race condition in mod_auth_openidc filecache
- Resolves: RHEL-25421 mod_auth_openidc: DoS when using
    `OIDCSessionType client-cookie` and manipulating cookies
    (CVE-2024-24814)

* Sun Dec 10 2023 MSVSphere Packaging Team <packager@msvsphere-os.ru> - 2.4.9.4-5
- Rebuilt for MSVSphere 8.8

* Tue Apr 25 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-5
Related: rhbz#2141850 - fix cjose version dependency

* Mon Apr 24 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-4
Resolves: rhbz#2141850 - auth_openidc.conf mode 0640 by default

* Tue Apr 11 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-3
- Resolves: rhbz#2184144 - CVE-2023-28625 NULL pointer dereference
      when OIDCStripCookies is set and a crafted Cookie header is supplied

* Tue Feb 21 2023 Tomas Halman <thalman@redhat.com> - 2.4.9.4-2
- Resolves: rhbz#2153659 - CVE-2022-23527 - Open Redirect in
      oidc_validate_redirect_url() using tab character

* Fri Apr 08 2022 Tomas Halman <thalman@redhat.com> - 2.4.9.4-1
- Resolves: rhbz#2025368 - Rebase to new version

* Fri Jan 28 2022 Tomas Halman <thalman@redhat.com> - 2.3.7-11
- Resolves: rhbz#1987222 - CVE-2021-32792 XSS when using OIDCPreservePost On