LemonLDAP::NG 2.17.1 is out!
This is a patch version for 2.17
π Security
2 security issues have been fixed:
- #2998: [CVE-2023-44469] [Security:low] SSRF vulnerability in OIDC SSO
- #3003: [Security:low] Open redirection when OIDC RP isn't configured with redirection uri
π Other fixed bugs
- #2992: WAYF not triggered when using SAML federation plugin + one other provider
- #2996: Invalid URL for application logo in myapplications web service
- #3001: Conf::LDAP options in lemonldap-ng.ini overrides Auth options in portal
- #3010: oidcServiceAllowOnlyDeclaredScopes option drop offline_access scope
π Changelog
The full changelog can be found here.
β¬ Download
Use the official repositories (Debian/RPM), our Docker image or get the archives.