LemonLDAP::NG 2.17.1 is out!


This is a patch version for 2.17

πŸ” Security

2 security issues have been fixed:

  • #2998: [CVE-2023-44469] [Security:low] SSRF vulnerability in OIDC SSO
  • #3003: [Security:low] Open redirection when OIDC RP isn't configured with redirection uri

🌟 Other fixed bugs

  • #2992: WAYF not triggered when using SAML federation plugin + one other provider
  • #2996: Invalid URL for application logo in myapplications web service
  • #3001: Conf::LDAP options in lemonldap-ng.ini overrides Auth options in portal
  • #3010: oidcServiceAllowOnlyDeclaredScopes option drop offline_access scope

πŸ“ƒ Changelog

The full changelog can be found here.

⬇ Download

Use the official repositories (Debian/RPM), our Docker image or get the archives.