libapache2-mod-auth-openidc (2.4.15.1-1) unstable; urgency=medium

  The 2.4.15.x releases change a number of default settings to their more
  secure and standards-compliant values. In rare cases this may break existing
  configurations which can be restored as described below. Nevertheless it is
  recommended to update the environment to accommodate to the new defaults.

  New Defaults:

  *  use Proof Key for Code Exchange (PKCE S256) by default; disable by
     configuring OIDCPKCEMethod none
  *  use SameSite cookies Strict by default; disable by configuring
     OIDCCookieSameSite Off
  *  apply ISO-8859-1 (latin1) as default encoding mechanism for claim values
     passed in headers and environment variables to comply with rfc5987;
     use OIDCPassClaimsAs <any> none for backwards compatibility

 -- Moritz Schlarb <schlarbm@uni-mainz.de>  Thu, 01 Feb 2024 21:24:55 +0100

libapache2-mod-auth-openidc (2.4.14.2-1) unstable; urgency=medium

  Note that as of release 2.4.14 the use of OIDCHTMLErrorTemplate is
  deprecated and one should instead rely on standard Apache error handling
  capabilities, optionally customized through [ErrorDocument]. The environment
  variable strings REDIRECT_OIDC_ERROR and REDIRECT_OIDC_ERROR_DESC are
  available for display purposes.

  [ErrorDocument]: https://httpd.apache.org/docs/2.4/custom-error.html

 -- Moritz Schlarb <schlarbm@uni-mainz.de>  Thu, 01 Feb 2024 21:09:11 +0100

libapache2-mod-auth-openidc (2.4.11-1) unstable; urgency=medium

  Note that as of release 2.4.11 running mod_auth_openidc behind a reverse
  proxy that sets X-Forwarded-* headers needs explicit configuration of
  OIDCXForwardedHeaders for mod_auth_openidc to interpret those headers, thus
  this may break existing configurations if unmodified for the former.

 -- Moritz Schlarb <schlarbm@uni-mainz.de>  Thu, 01 Feb 2024 21:04:03 +0100