LemonLDAP::NG 2.18.2 is out!


This is a patch version for 2.18, please read the 2.18 news to know all the changes of this version.

🌟 Fixed bugs

  • #3041: LLNG should not refuse logout when one OIDC/SAML SP fail to logout
  • #3070: [Security:low] XSS via JavaScript-URI as Redirect URI and form_post Response Mode
  • #3081: oidcDropCspHeaders shouldn't drop CORS headers
  • #3084: JWT shouldn't have a "kid" when using symetric sign algorithm
  • #3093: mails not delivered since 2.18 due to invalid "to:" format
  • #3098: [Security:low] PKCE is not enforced when requested by RP but not required by OP

📃 Changelog

The full changelog can be found here.

⬇ Download

Use the official repositories (Debian/RPM), our Docker image or get the archives.