Skip to content

release 1.5.3
Compare
Choose a tag to compare
@zandbelt zandbelt released this 01 Aug 10:49
· 1652 commits to master since this release
v1.5.3
2fef61d

Bugs

  • fix cache initialization/destroy leak

Features

  • prevent JWE timing attacks on CEK
  • check for open redirect on passed target_link_uri
  • change target_uri parameter name to target_link_uri in IDP-init-SSO
  • include client_id and scope values in resolved access_token (OAuth 2.0)

Other

  • convert warning on claim evaluation to debug printout
  • add note on restricting access to specific Google Apps domain(s)

Packaging

  • add separate .deb packages for Debian Jessie/Ubuntu Trusty and Debian Wheezy
Assets 7
Loading