LemonLDAP::NG 2.0.5 is out!

Here are some of bugfixes and improvements of this release:

• Security:
  • XXE vulnerability in SOAP notification server (CVE-2019-13031)
  • CAS logout redirections URL control
  • Cryptographic functions improvements
• Bugs:
  • Several fixes for impersonation plugin
  • [CAS] Logout with CASv2
  • [SAML] SLO on expired sessions
  • [OIDC] Provider without configured RP
  • [OIDC] Error when no code provided on token endpoint
  • Session upgrade with 2FA
  • REST sessions backend
• Improvements:
  • Set choosen language in user session
  • Add save/restore commands in cli
  • Configuration of 2FA lifetime
  • Better CORS handling

The full changelog can be seen here: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/milestones/66

They made this release:

• Core team: Maxime Besson, Xavier Guimard, Christophe Maudoux and Clément Oudot
• Organizations : Gendarmerie Nationale, Worteks, CNAMTS, Orange, CSTB, Urgences Santé Québec, FER Genève
• Community (issues opening, tests, patches, pull requests) : Raphael Geissert, Guillaume, Mathieu Lecompte-Melançon, Antoine Rosier, David Coutadeur, Daniel Berteaud, Frédéric Massot, Dave Conroy.

If you use LemonLDAP::NG and enjoy it, please let us know:

• https://lemonldap-ng.org/references
• https://www.openhub.net/p/lemonldap-ng
• http://alternativeto.net/software/lemonldap-ng/
• https://comptoir-du-libre.org/softwares/view/101
• https://framalibre.org/content/lemonldapng
• http://twitter.com/lemonldapng
• https://www.facebook.com/lemonldapng/