LemonLDAP::NG 1.9.21 is out!

This release contains some security fixes, so upgrade must be done as soon as possible!

This is a minor release for LemonLDAP::NG 1.9 with some bugfixes and security fixes:

  • [security:low] oidc authorization codes are not tied to their RP
  • [Security:improvement] Do not accept a "none" signature in JWT if we enforce signature verification
  • Use base64 URL for JWT generation

The full changelog can be seen here: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/milestones/68

Note that 1.9 is the old stable version, you are encouraged to migrate your installation to 2.0 version, following this documentation: https://lemonldap-ng.org/documentation/latest/upgrade

They made this release:

  • Core team: Maxime Besson, Xavier Guimard, Christophe Maudoux and Clément Oudot
  • Organizations: Gendarmerie Nationale, Worteks, CNAMTS
  • Community: Guillaume, Greg B

If you use LemonLDAP::NG and enjoy it, please let us know: