# See http://trac.butterfat.net/public/mod_auth_openid for # instructions on SVN access for a full ChangeLog history. # All references to issues/bugs can be found at: # http://trac.butterfat.net/public/mod_auth_openid/ticket/ Version 0.5 Added support for HTML form submission (POSTs) per the 2.0 spec (issue 52) Created AuthOpenIDCookiePath option (issue 76) Nonce is now more secure (issue 77) Version 0.4 Fixed bug involving custom auth cookie names (issue 27) No longer clearing attribute exchange parameters (issue 34) - see wiki page for attribute exchange Added ability to specify external program for authorization (issues 8, 35, and 17) Fixed bug that left openid params in referrer param after custom login page redirect (issue 28). Fixed bug that resulted in referrer param not having http/s being set correctly (issue 26). Fixed bug that resulted in auth error when too many requests were hitting Session DB (issue 36). Fixed bug that set REMOTE_USER to normalized id rather than claimed id (issue 37). Version 0.3 Added support for OpenID 2.0 spec - using new libopkele Removed support for BDB - now SQLite only Fixed security issue with sessions potentially being valid for too long (issue 16) Changed get param from openid.identity to openid_identifier (per 2.0 spec - issue 14) Version 0.2.1 302 Redirect issue fixed - nasty, reason for 0.2.1 release (issue 6) AuthOpenIDEnabled now allowed in .htaccess files (issue 9) Fixed links on default login page (issue 12) Version 0.2 openid.ax and openid.sreg parameters are no longer cleansed from URL (issue 1) Added AuthOpenIDServerName configuration option (issue 3) Removed dependency on libpcre++ (libpcre still required) Added a modauthopenid.referrer parameter that is passed on to login pages (issue 4) Updated code to work with libopkele version 3 API Version 0.1 Changed license to less restrictive MIT license to avoid legal nasties in the future. Added sqlite support as an alternative to bdb. Added AuthOpenIDCookieLifespan option. Fixed bug where REMOTE_USER CGI environment variable was not being set correctly when ID was delegated. Fixed bug where REMOTE_USER CGI environment variable was not being set if the session cookie wasn't enabled.