LemonLDAP::NG 2.18.2 is out!
This is a patch version for 2.18, please read the 2.18 news to know all the changes of this version.
🌟 Fixed bugs
- #3041: LLNG should not refuse logout when one OIDC/SAML SP fail to logout
- #3070: [Security:low] XSS via JavaScript-URI as Redirect URI and form_post Response Mode
- #3081: oidcDropCspHeaders shouldn't drop CORS headers
- #3084: JWT shouldn't have a "kid" when using symetric sign algorithm
- #3093: mails not delivered since 2.18 due to invalid "to:" format
- #3098: [Security:low] PKCE is not enforced when requested by RP but not required by OP
📃 Changelog
The full changelog can be found here.
⬇ Download
Use the official repositories (Debian/RPM), our Docker image or get the archives.