release 2.4.14.3

Note that as of release 2.4.14 the use of OIDCHTMLErrorTemplate is deprecated and one should instead rely on standard Apache error handling capabilities, optionally customized through ErrorDocument. The environment variable strings REDIRECT_OIDC_ERROR and REDIRECT_OIDC_ERROR_DESC are available for display purposes.

Bugfixes

• fix session updates on userinfo requests; see #1077; this bug was introduced in v2.4.11 with d9fff15; thanks @adenix

Features

• add OIDCPassAccessToken Off option to disable (the default of) passing the access token and its expiry in the OIDC_access_token/OIDC_access_token_expires header/environment variables; thanks @mattias-asander
• allow relative values in OIDCDefaultURL and OIDCDefaultLoggedOutURL
• support authenticate_on_error 2nd parameter value in OIDCRefreshAccessTokenBeforeExpiry to re-authenticate the user when refreshing the access token fails see: #1084; thanks @xrammit
• add logout_on_error and authenticate_on_error 2nd parameter option to OIDCUserInfoRefreshInterval
• add support for adding extra parameters to the Logout Request to the OP with OIDCLogoutRequestParams see: #1096; thanks @smarsching

Other

• add a sanity alg/enc check on internal self-encrypted AES GCM JWTs
• increase performance of JQ filtering by caching JQ filtering results; default cache ttl is 10 min, configured through environment variable OIDC_JQ_FILTER_CACHE_TTL

Commercial

• binary packages for various other platforms such as Microsoft Windows 64bit/32bit, Red Hat Enterprise Linux 6, Red Hat Enterprise Linux 7/8 on Power PC (ppc64, ppc64le), Oracle Linux 6/7, older Ubuntu and Debian distro's, Oracle HTTP Server 11.1/12.1/12.2, IBM HTTP Server 8/9, Solaris 11.4, IBM AIX 7.2 and Mac OS X are available under a commercial agreement via [email protected]
• support for Redis over TLS, Redis (TLS) Sentinel, and Redis (TLS) Cluster is available under a commercial license via [email protected]