Skip to content

CentOS 7 - Updates for x86_64: system environment/daemons: mod_auth_mellon

mod_auth_mellon - A SAML 2.0 authentication module for the Apache Httpd Server

License: GPLv2+
Vendor: CentOS
The mod_auth_mellon module is an authentication service that implements the
SAML 2.0 federation protocol. It grants access based on the attributes
received in assertions generated by a IdP server.


mod_auth_mellon-0.14.0-9.el7_9.x86_64 [1.3 MiB] Changelog by Jakub Hrozek (2020-02-09):
- Resolves: rhbz#1791264 - Backport SameSite=None cookie from upstream to
                           support latest browsers
mod_auth_mellon-0.14.0-8.el7.x86_64 [1.3 MiB] Changelog by Jakub Hrozek (2019-10-09):
- Resolves: rhbz#1731052 - CVE-2019-13038 mod_auth_mellon: an Open Redirect via
                           the login?ReturnTo= substring which could facilitate
                           information theft [rhel-7]
mod_auth_mellon-0.14.0-2.el7_6.4.x86_64 [1.3 MiB] Changelog by Jakub Hrozek (2019-04-08):
- Actually apply the patch in the previous build
- Resolves: rhbz#1697488 - CVE-2019-3877 mod_auth_mellon: open redirect
                           in logout url when using URLs with backslashes
mod_auth_mellon-0.14.0-2.el7.x86_64 [1.3 MiB] Changelog by (2018-06-01):
- Resolves: rhbz#1553885
- fix file permissions on doc files
mod_auth_mellon-0.13.1-3.el7_5.x86_64 [922 KiB] Changelog by John Dennis (2018-04-19):
- Resolves: rhbz#1553854 Add diagnostic logging
- Add README.redhat.rst doc, explains how to enable diagnostic logging
mod_auth_mellon-0.13.1-1.el7.x86_64 [504 KiB] Changelog by John Dennis (2017-10-20):
- Resolves: rhbz#1481332 Upgrade to current upstream 0.13.1
- Adds the following upstream bug fixes on top of 0.13.1:
  * ee97812 Add Mellon User Guide
  * daa5d1e If no IdP's are defined explicitly log that fact
  * c291232 Make MellonUser case-insensitive.
  * 2c2e19d Fix incorrect error check for many `lasso_*`-functions.
  * 5c5ed1d Fix segmentation fault with POST field without a value.
  * 4c924d9 Fix some log message typos
  * 93faba4 Update log msg for Invalid Destination and Invalid Audience to
    show both the expected and received values.
- Add new mellon user guide to installed docdir
mod_auth_mellon-0.11.0-4.el7.x86_64 [75 KiB] Changelog by John Dennis (2017-01-30):
- Resolves: rhbz#1414021 - Incorrect Content-Type header in ECP PAOS
  Rebuilding due to missing comment in Changelog
mod_auth_mellon-0.11.0-2.el7.x86_64 [75 KiB] Changelog by John Dennis (2016-04-08):
- Resolves: bug #1296286
  mod_auth_mellon emits CRITICAL warning message in Apache log when doing ECP
- Resolves: bug #1324536
  Installing mod_auth_mellon causes working Kerberos authentication
  to start failing
- Add ECP.rst documentation file that was erroneously omitted
mod_auth_mellon-0.11.0-1.el7.x86_64 [70 KiB] Changelog by John Dennis (2015-09-18):
- Upgrade to upstream 0.11.0 release.
- Includes ECP support, see NEWS for all changes.
- Update to match internally generated metadata,
  includes AssertionConsumerService for postResponse, artifactResponse &
- Add lasso 2.5.0 version dependency
- Resolves: #1205345

Listing created by repoview