This repository has been archived by the owner on Jan 28, 2020. It is now read-only.
Version 0.12.0
·
136 commits
to master
since this release
v0.12.0
olavmo-sikt
Olav Morken
This tag was signed with the committer’s verified signature.
olavmo-sikt
Olav Morken
Security fixes:
- [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to incorrect error handling when reading POST data from client.
- [CVE-2016-2146] Fix DOS attack (Apache worker process crash / resource exhaustion) due to missing size checks when reading POST data.
In addition this release contains the following new features and fixes:
- Add MellonRedirectDomains option to limit the sites that mod_auth_mellon can redirect to. This option is enabled by default.
- Add support for ECP service options in PAOS requests.
- Fix AssertionConsumerService lookup for PAOS requests.