Skip to content

Releases: OpenIDC/liboauth2

release 1.4.5.2

06 Dec 13:05
@zandbelt zandbelt
v1.4.5.2
681d018
Compare
Choose a tag to compare
release 1.4.5.2

Bugfixes

  • change Apache module init info log
  • initialize check_oauth2 properly; call OPENSSL_init_crypto for OpenSSL >= 1.1.0
  • add JANSSON_LIBS to Apache/Nginx LIBADD; closes #40; thanks @pskopnik

Packaging

  • add packages for Centos 9, Debian Bookworm and Ubuntu Jammy

Contributors

pskopnik
Assets 30
Loading

release 1.4.5.1

22 Aug 07:36
@zandbelt zandbelt
v1.4.5.1
ebcf76f
Compare
Choose a tag to compare
release 1.4.5.1

Bugfixes

  • fix concurrency issue when using OAuth2Verify metadata; see #37; thanks @rtitle
  • fix memory leak in cURL writeback function
  • fix memory leak when using OAuth2Verify metadata

Contributors

rtitle
Assets 20
Loading

release 1.4.5

27 Jul 17:31
@zandbelt zandbelt
v1.4.5
e21c25b
Compare
Choose a tag to compare
release 1.4.5

Bugfixes

  • avoid using cjose_jwk_retain because it is not thread safe; see OpenIDC/mod_oauth2#23
  • use main request for Apache request contexts
  • set refresh to true when getting jwsk_uri results from cache

Features

  • print warning when cjose_jws_verify fails

Other

  • add cjose, curl and ssl to liboauth2.pc.in
  • add add curl and cjose flags to liboauth2_cache_la_CFLAGS
Assets 20
Loading

release 1.4.4.2

16 Apr 15:05
@zandbelt zandbelt
v1.4.4.2
63dc7ea
Compare
Choose a tag to compare
release 1.4.4.2

Bugfixes

  • fix file cache so we do not try to remove a file that was cleaned just before; see #33
  • fix tests for client_secret_jwt and private_key_jwt so encoded JWT comparison works for cjose >= 0.6.2
Assets 20
Loading

release 1.4.4.1

03 Mar 08:26
@zandbelt zandbelt
v1.4.4.1
5c34a2d
Compare
Choose a tag to compare
release 1.4.4.1

Bugfixes

Packaging

  • add Debian Bullseye

Contributors

rtitle
Assets 20
Loading

release 1.4.4

23 Dec 08:41
@zandbelt zandbelt
v1.4.4
a7f717a
Compare
Choose a tag to compare
release 1.4.4

Bugfixes

  • hash the cache encryption key to a string instead of bytes:
    avoid crash when using generated key bytes as strings in oauth2_jose_jwk_create_symmetric

Features

  • allow deprecated declarations to build with OpenSSL 3.0; see #31

Packaging

  • corrected longstanding bug in RPM (devel) dependencies
Assets 17
Loading

release 1.4.3.2

12 Oct 16:14
@zandbelt zandbelt
v1.4.3.2
af87627
Compare
Choose a tag to compare
release 1.4.3.2

bugfixes

  • make outgoing_proxy an endpoint property and fix 1.4.3.1
  • accommodate for NULL key in oauth2_cache_get and oauth2_cache_set
Assets 17
Loading

release 1.4.3.1

10 Oct 18:49
@zandbelt zandbelt
v1.4.3.1
2da7a4c
Compare
Choose a tag to compare
release 1.4.3.1

Features

  • add outgoing_proxy option to verify context
  • printout remote username claim when not found, for debugging purposes

Bugfixes

  • correct remote_user debug printout
Assets 17
Loading

release 1.4.3

10 Jun 11:03
@zandbelt zandbelt
v1.4.3
3b25745
Compare
Choose a tag to compare
release 1.4.3

Bugfixes

  • use encrypted JWTs for storing encrypted cache contents and avoid using static AAD/IV closes #26; thanks @niebardzo
  • avoid memory leaks on JWT validation errors
Assets 17
Loading

release 1.4.2.1

07 Jun 09:34
@zandbelt zandbelt
v1.4.2.1
33b2fe4
Compare
Choose a tag to compare
release 1.4.2.1

Bugfixes

Assets 17
Loading