LemonLDAP::NG 2.0.5 is out!
Here are some of bugfixes and improvements of this release:
- Security:
- XXE vulnerability in SOAP notification server (CVE-2019-13031)
- CAS logout redirections URL control
- Cryptographic functions improvements
- Bugs:
- Several fixes for impersonation plugin
- [CAS] Logout with CASv2
- [SAML] SLO on expired sessions
- [OIDC] Provider without configured RP
- [OIDC] Error when no code provided on token endpoint
- Session upgrade with 2FA
- REST sessions backend
- Improvements:
- Set choosen language in user session
- Add save/restore commands in cli
- Configuration of 2FA lifetime
- Better CORS handling
The full changelog can be seen here: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/milestones/66
They made this release:
- Core team: Maxime Besson, Xavier Guimard, Christophe Maudoux and Clément Oudot
- Organizations : Gendarmerie Nationale, Worteks, CNAMTS, Orange, CSTB, Urgences Santé Québec, FER Genève
- Community (issues opening, tests, patches, pull requests) : Raphael Geissert, Guillaume, Mathieu Lecompte-Melançon, Antoine Rosier, David Coutadeur, Daniel Berteaud, Frédéric Massot, Dave Conroy.
If you use LemonLDAP::NG and enjoy it, please let us know: