A SAML 2.0 authentication module for the Apache Httpd Server
Репозитории
AppStream
Полное описание
The mod_auth_mellon module is an authentication service that implements the
SAML 2.0 federation protocol. It grants access based on the attributes
received in assertions generated by a IdP server.
* Wed Jul 26 2023 MSVSphere Packaging Team <packager@msvsphere.ru> - 0.14.0-12.1
- Rebuilt for MSVSphere 8.8
* Wed Dec 15 2021 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-12.1
- Resolves: rhbz#1986805 - CVE-2021-3639 mod_auth_mellon: Open Redirect
vulnerability in logout URLs [rhel-8]
* Mon Jan 25 2021 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-12
- Resolves: rhbz#1791262 - Backport SameSite=None cookie from upstream to
support latest browsers
* Fri Oct 18 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-11
- Resolves: rhbz#1731053 - CVE-2019-13038 mod_auth_mellon: an Open Redirect
via the login?ReturnTo= substring which could
facilitate information theft [rhel-8]
* Fri Oct 18 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-10
- Resolves: rhbz#1761774 - mod_auth_mellon fix for AJAX header name
X-Requested-With
* Thu Jun 13 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-9
- Just bump the release number
- Related: rhbz#1718238 - mod_auth_mellon-diagnostics RPM not in product
listings
* Fri Jun 07 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-8
- Resolves: rhbz#1691894 - [RFE] Config option to change mod_auth_mellon prefix
* Fri Jun 07 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-7
- Apply the patch from the previous commit
- Resolves: rhbz#1692471 - CVE-2019-3877 appstream/mod_auth_mellon: open
redirect in logout url when using URLs with
backslashes [rhel-8]
* Fri Jun 07 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-6
- Resolves: rhbz#1692471 - CVE-2019-3877 appstream/mod_auth_mellon: open
redirect in logout url when using URLs with
backslashes [rhel-8]
* Fri Jun 07 2019 Jakub Hrozek <jhrozek@redhat.com> - 0.14.0-5
- Resolves: rhbz#1692457 - CVE-2019-3878 mod_auth_mellon: authentication
bypass in ECP flow [rhel-8.1.0]
