mod_auth_mellon/sources at b1f3f2443c198fab50138bf7cb2e484734f17a95 - mod_auth_mellon - AlmaLinux OS Foundation Git Server

rpms/mod_auth_mellon

John Dennis d61f453f45 Update to new upstream 0.12.0

- [CVE-2016-2145] Fix DOS attack (Apache worker process crash) due to
  incorrect error handling when reading POST data from client.

- [CVE-2016-2146] Fix DOS attack (Apache worker process crash /
  resource exhaustion) due to missing size checks when reading
  POST data.

In addition this release contains the following new features and fixes:

- Add MellonRedirectDomains option to limit the sites that
  mod_auth_mellon can redirect to. This option is enabled by default.

- Add support for ECP service options in PAOS requests.

- Fix AssertionConsumerService lookup for PAOS requests.

2016-03-09 09:40:05 -05:00

2 lines

64 B

Plaintext

Raw Blame History

6c1057847c06d433d4d4a4f55cca1740 mod_auth_mellon-0.12.0.tar.gz