LemonLDAP::NG 2.0.5 is out!


This release contains some security fixes, including CVE-2019-13031

Here are some of bugfixes and improvements of this release:

  • Security:
    • XXE vulnerability in SOAP notification server (CVE-2019-13031)
    • CAS logout redirections URL control
    • Cryptographic functions improvements
  • Bugs:
    • Several fixes for impersonation plugin
    • [CAS] Logout with CASv2
    • [SAML] SLO on expired sessions
    • [OIDC] Provider without configured RP
    • [OIDC] Error when no code provided on token endpoint
    • Session upgrade with 2FA
    • REST sessions backend
  • Improvements:
    • Set choosen language in user session
    • Add save/restore commands in cli
    • Configuration of 2FA lifetime
    • Better CORS handling

The full changelog can be seen here: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/milestones/66

They made this release:

  • Core team: Maxime Besson, Xavier Guimard, Christophe Maudoux and Clément Oudot
  • Organizations : Gendarmerie Nationale, Worteks, CNAMTS, Orange, CSTB, Urgences Santé Québec, FER Genève
  • Community (issues opening, tests, patches, pull requests) : Raphael Geissert, Guillaume, Mathieu Lecompte-Melançon, Antoine Rosier, David Coutadeur, Daniel Berteaud, Frédéric Massot, Dave Conroy.

If you use LemonLDAP::NG and enjoy it, please let us know: