Releases: folio-org/mod-login-saml
Releases · folio-org/mod-login-saml
v2.8.4
MODLOGSAML-197 Okapi-URL path missing from cookie path
v2.8.3
- MODLOGSAML-198 limit=1000 for GET /configurations/entries
v2.8.2
- MODLOGSAML-192 Allow
callbackendpoint to return RTR tokens when configured - MODLOGSAML-194 pac4j 5.7.7, cryptacular 1.2.7 fixing vulns
v2.8.1
- MODLOGSAML-191 Vert.x 4.5.7 and RMB 35.2.2 fixing Netty CVE-2024-29025
v2.8.0
- MODLOGSAML-170 Add support of SSO login in consortium mode
- MODLOGSAML-185 Add tenant id to redirect url
- MODLOGSAML-187 Callback is now callback-with-expiry as the default
- MODLOGSAML-190 Upgrade deps for Q: RMB 35.2.0, Vertx 4.5.5, vertx-pac4j 6.0.2, pac4j 5.7.3, …
v2.7.2
- MODLOGSAML-182 xmlsec 2.3.4 fixing private key in debug level log CVE-2023-44483
2.7.1
- MODLOGSAML-180 Make callback-with-expiry not the default
2.7.0
Support for refresh token rotation (RTR)
- MODLOGSAML-173 Upgrade dependencies for Poppy
- MODLOGSAML-172 Support new mod-authtoken /token/sign endpoint
- Explain pac4j authentication and authorization mechanisms
- MODLOGSAML-169 Update to Java 17
- FOLIO-3678 MODLOGSAML-160 Enable API-related GitHub Workflows, replace those Jenkins stages
v2.6.2
- MODLOGSAML-166 xmlsec 2.3.3, woodstox-core 6.5.0 fixing DoS (CVE-2022-40152)
- MODLOGSAML-165 json-smart 2.4.10 fixing DoS (CVE-2023-1370)
v2.6.1
- MODLOGSAML-159 OpenSSL 3.0.8 fixing 8 vulns
- MODLOGSAML-161 Use TLSv1.2, not SSL, in SSLContext.getInstance