Nico Huber | 097e9e2 | 2023-07-21 14:26:07 +0000 | [diff] [blame] | 1 | SimpleID 1.0.6 |
| 2 | -------------- |
| 3 | |
| 4 | - Enhancements: |
| 5 | * Update autocomplete setting for one time password fields |
| 6 | - Bug fixes: |
| 7 | * #86 Further fix to compatibility with PHP 8.2 |
| 8 | |
Nico Huber | ee52fbc | 2023-06-24 11:52:57 +0000 | [diff] [blame] | 9 | SimpleID 1.0.5 |
| 10 | -------------- |
| 11 | |
| 12 | - Bug fixes: |
| 13 | * #85 Fix compatibility with PHP 8.2 |
| 14 | |
| 15 | SimpleID 1.0.4 |
| 16 | -------------- |
| 17 | |
| 18 | - Bug fixes: |
| 19 | * #81 Cache cleanup does not cover subdirectories |
| 20 | |
| 21 | |
| 22 | SimpleID 1.0.3 |
| 23 | -------------- |
| 24 | |
| 25 | - Security enhancements: |
| 26 | * #23 Configuration can now be in a separate conf directory |
| 27 | - Bug fixes: |
| 28 | * #35 Fix undefined index error in discovery.inc.php |
| 29 | |
| 30 | SimpleID 1.0.2 |
| 31 | -------------- |
| 32 | |
| 33 | - Bug fixes: |
| 34 | * #158 Incorrect handling of fsock-based HTTP requests |
| 35 | |
| 36 | SimpleID 1.0.1 |
| 37 | -------------- |
| 38 | |
| 39 | - Bug fixes: |
| 40 | * #154 Duplicate random_bytes() function as it is now also a native |
| 41 | function in PHP7 |
| 42 | * #155 Infinite loop in cache.inc if a particular cache type has not been |
| 43 | created |
| 44 | |
| 45 | |
| 46 | SimpleID 1.0 |
| 47 | ------------ |
| 48 | |
| 49 | - Security enhancements: |
| 50 | * #149 Add PBKDF2 to available password hashing algorithms to improve |
| 51 | hashing security |
| 52 | * #150 Changed hash string comparison function to mitigate against |
| 53 | timing attacks |
| 54 | |
| 55 | |
| 56 | SimpleID 0.9.1 |
| 57 | -------------- |
| 58 | |
| 59 | - Bug fixes: |
| 60 | * #147 Incorrect update_access_check warning when upgrading |
| 61 | * #148 Identity files with certlogin can now be symlinked from the |
| 62 | identities directory |
| 63 | |
| 64 | |
| 65 | SimpleID 0.9 |
| 66 | ------------ |
| 67 | |
| 68 | - Security enhancements: |
| 69 | * #9 Changed file extensions from .inc to .php |
| 70 | * #69 #71 Require HTTPS for login pages |
| 71 | * #100 Restricted path and added http_only flag for session cookies |
| 72 | * #101 Implemented HTTP strict transport security header |
| 73 | * #130 Added support for TOTP one-time passwords |
| 74 | - Improvements to identity files: |
| 75 | * #21 Allow non-MD5 hash algorithms and salted passwords |
| 76 | * #137 Identity files can now be symlinked from the identities |
| 77 | directory |
| 78 | - Improvements to user interface: |
| 79 | * #93 #106 Localization support |
| 80 | * #103 Enhanced simpleweb error pages |
| 81 | * #138 Refactored style sheets for better mobile device support |
| 82 | - New extension: |
| 83 | * #85 certauth extension for authentication using client SSL |
| 84 | certificates |
| 85 | - Improvements to SimpleID internals: |
| 86 | * #58 #72 Dropped support for PHP 4 and fixed up PHP syntax |
| 87 | warnings |
| 88 | * #110 Refactored authentication system to allow for custom authentication |
| 89 | extensions |
| 90 | * #131 Refactored cache system to improve performance |
| 91 | * #132 Refactored "remember me" cookies |
| 92 | |
| 93 | SimpleID 0.8.5 |
| 94 | -------------- |
| 95 | |
| 96 | - Bug fixes: |
| 97 | * #129 Fixed bug introduced in 0.8.4 regarding Warning if |
| 98 | suhosin.get.max_value_length configuration setting is too low |
| 99 | * #134 PHP syntax warnings under PHP 5.3 |
| 100 | |
| 101 | SimpleID 0.8.4 |
| 102 | -------------- |
| 103 | |
| 104 | - Bug fixes: |
| 105 | * #123 Updated user interface to reflect change in SimpleID web site URL |
| 106 | * #125 Fixed line ending (CRLF vs LF) bug introduced when migrating from |
| 107 | SVN to Git |
| 108 | * #122 Fixed PEAR package not loading PEAR_Config |
| 109 | * #133 Fixed bug in bignum.inc where bignum_new() was returning $false |
| 110 | instead of false |
| 111 | - Improvements to SimpleID internals: |
| 112 | * #129 Warning if suhosin.get.max_value_length configuration setting |
| 113 | is too low |
| 114 | |
| 115 | SimpleID 0.8.3 |
| 116 | -------------- |
| 117 | |
| 118 | - Bug fixes: |
| 119 | * #119 Remove XRDS-Simple Type element from template.xtpl for Blogger |
| 120 | interoperability |
| 121 | |
| 122 | SimpleID 0.8.2 |
| 123 | -------------- |
| 124 | |
| 125 | - Bug fixes: |
| 126 | * #104 Detect missing PHP extensions |
| 127 | * #105 Incorrect CSS property in simpleid.css |
| 128 | * #108 Incorrect footer links |
| 129 | * #109 Incorrect processing of HTTP requests and responses when used with |
| 130 | SAPI CGI |
| 131 | * #112 Incorrect reference to html/consent.js in page.inc |
| 132 | - Improvements to user interface: |
| 133 | * #111 Replaced packaged version of jQuery with CDN version |
| 134 | |
| 135 | SimpleID 0.8.1 |
| 136 | -------------- |
| 137 | |
| 138 | - Bug fixes: |
| 139 | * #77 Incorrect detection of register_globals PHP configuration variable |
| 140 | * #86 PHP syntax warnings in filesystem.store.inc |
| 141 | * #88 Updated URL to Simple Registration Extension specification in |
| 142 | example.identity.dist |
| 143 | * #91 Missing parameters in simpleid_checkid_error() |
| 144 | * #92 Corrected path handling in simpleweb |
| 145 | * #98 Missing global variable in simpleid_openid_consent() |
| 146 | - Improvements to user interface: |
| 147 | * #94 Switch redirects from form-based to HTTP header-based |
| 148 | - Improvements to the PAPE extension |
| 149 | * #95 Added private personal identifiers |
| 150 | |
| 151 | |
| 152 | SimpleID 0.8 |
| 153 | ------------ |
| 154 | |
| 155 | - Improved OpenID specification compliance: |
| 156 | * Added read-only support for attribute exchange extension |
| 157 | * Addes support for provider authentication policy extension |
| 158 | - Improvements to user interfaces: |
| 159 | * #14 Added support for clean URLs |
| 160 | * #18 Improved comformance to HTML specifications in user interface |
| 161 | * #19 For OpenID immediate requests, assertion will not fail simply because |
| 162 | return_to has not been verified |
| 163 | * #23 Optional support for browsers to save SimpleID passwords |
| 164 | - Improvements to SimpleID internals: |
| 165 | * Refactored function names |
| 166 | * Refactored function layout in discovery.inc and openid.inc |
| 167 | * Opened up identity store code to allow support for non filesystem based |
| 168 | identity files |
| 169 | * Improved source code documentation |
| 170 | |
| 171 | SimpleID 0.7.6 |
| 172 | -------------- |
| 173 | |
| 174 | - Fixed directory traversal vulnerability SA-2011-1 |
| 175 | (http://simpleid.sourceforge.net/advisories/sa-2011-1) |
| 176 | |
| 177 | SimpleID 0.7.5 |
| 178 | -------------- |
| 179 | |
| 180 | - Bug fixes: |
| 181 | * #61 PHP safe mode causing curl configuration issues |
| 182 | * #64 Issue with URL parsing under Simpleweb framework |
| 183 | |
| 184 | |
| 185 | SimpleID 0.7.4 |
| 186 | -------------- |
| 187 | |
| 188 | - Fixed incorrect implementation of fix for PHP's handling of HTTP parameters. |
| 189 | |
| 190 | |
| 191 | SimpleID 0.7.3 |
| 192 | -------------- |
| 193 | |
| 194 | - Bug fixes: |
| 195 | * #47 PHP syntax warnings in discovery.inc. |
| 196 | * #48 PHP syntax warnings in user.inc. |
| 197 | * #50 Fix for PHP's handling of HTTP parameters. |
| 198 | |
| 199 | |
| 200 | SimpleID 0.7.2 |
| 201 | -------------- |
| 202 | |
| 203 | - Bug fixes: |
| 204 | * #40 PHP syntax warnings in simpleweb.inc. |
| 205 | * #42 PHP syntax warnings in index.php. |
| 206 | |
| 207 | |
| 208 | SimpleID 0.7.1 |
| 209 | -------------- |
| 210 | |
| 211 | - Bug fixes: |
| 212 | * Incorrect specification for expiry time for auto login. |
| 213 | * Fixed verification of credentials under legacy authentication. |
| 214 | * Fixed incorrect signing of Simple Registration Extension response. |
| 215 | * Fixed Javascript for digest authentication. |
| 216 | * Used Javascript instead of forms for page redirection for better HTTPS |
| 217 | user experience. |
| 218 | |
| 219 | |
| 220 | SimpleID 0.7 |
| 221 | ------------ |
| 222 | |
| 223 | - Improved OpenID specification compliance: |
| 224 | * Added additional return_to verification using discovery. |
| 225 | * Fixed support for SHA256. |
| 226 | * Fixed indirect message URL encoding. |
| 227 | * Fixed filtering of extension-specific parameters. |
| 228 | * Fixed XRDS document for SimpleID. |
| 229 | - Preliminary implementation of the OpenID User Interface extension. |
| 230 | - Added support for GMP for improved performance for arbitary precision |
| 231 | arithmetic operations. |
| 232 | - Improved user interface: |
| 233 | * Separated Dashboard, My Profile and My Sites pages. |
| 234 | * Added "log in as different user" functionality. |
| 235 | * CSS improvements. |
| 236 | * Added framekiller code. |
| 237 | * Support for nicer URLs via mod_rewrite. |
| 238 | - Enhanced detection of SSL/TLS for user login page. |
| 239 | - Implemented flexible persistent storage system to store user data. |
| 240 | - Improved extension framework: major refactoring of hooks available to be |
| 241 | utilised by extensions. |
| 242 | - Improved URL routing framework: included simpleweb.inc. |
| 243 | - Added upgrade script. |
| 244 | - Enhanced logging of status and errors. |
| 245 | - Enhanced code documentation. |
| 246 | |
| 247 | |
| 248 | SimpleID 0.6.5 |
| 249 | -------------- |
| 250 | |
| 251 | - Bug fixes: |
| 252 | * Fixed XSS vulnerability in user login page. |
| 253 | * Fixed XRDS-Location HTTP header. |
| 254 | |
| 255 | |
| 256 | SimpleID 0.6.4 |
| 257 | -------------- |
| 258 | |
| 259 | - Fixed user interface bug on trusted sites page (disable Submit button when |
| 260 | there are no trusted sites). |
| 261 | |
| 262 | |
| 263 | SimpleID 0.6.3 |
| 264 | -------------- |
| 265 | |
| 266 | - Fixed session_type verification response when using OpenID 1.1 associations. |
| 267 | |
| 268 | |
| 269 | SimpleID 0.6.2 |
| 270 | -------------- |
| 271 | |
| 272 | - Fixed session_type verification issue when using OpenID 1.1 associations. |
| 273 | |
| 274 | |
| 275 | SimpleID 0.6.1 |
| 276 | -------------- |
| 277 | |
| 278 | - Fixed return_to verification issue when using OpenID 1.1 (legacy handling of |
| 279 | nonce parameter). |
| 280 | |
| 281 | SimpleID 0.6 |
| 282 | ------------ |
| 283 | |
| 284 | - Bug fixes: |
| 285 | * Fixed syntax errors in openid.inc. |
| 286 | * Fixed incorrect error authentication response. |
| 287 | - Implemented digest authentication for user login (security enhancements). |
| 288 | - Implemented persistent login |
| 289 | - Enhanced form security: |
| 290 | * Added form token verification. |
| 291 | * Enhanced encoding of HTML special characters. |
| 292 | - Improved compliance against OpenID specifications: |
| 293 | * Added return_to verification. |
| 294 | - Changed extension of extensions from .inc to .extension.inc. |
| 295 | - Enhanced code documentation. |
| 296 | |
| 297 | |
| 298 | SimpleID 0.5.1 |
| 299 | -------------- |
| 300 | |
| 301 | - Bug fixes: |
| 302 | * Removed remnants of maths question (removed in SimpleID 0.5) from user.inc |
| 303 | - Included Simple Registration Extension by default |
| 304 | |
| 305 | |
| 306 | SimpleID 0.5 |
| 307 | ------------ |
| 308 | |
| 309 | - Bug fixes: |
| 310 | * Removed XSS vulnerabilities |
| 311 | * Fixed incorrect processing of Simple Registration Extension parameters |
| 312 | * Fixed URL for identifier selection. |
| 313 | - The identifier variable is now optional in identity files. SimpleID automatically |
| 314 | assigns an identifier to all identities where this is not specified. |
| 315 | - Log in security improvements: |
| 316 | * Removed requirement to complete a maths question to log in. |
| 317 | * Added nonce check into login page to detect repeat attacks. |
| 318 | - Improved compliance against OpenID specifications: |
| 319 | * Enhanced support for OpenID 2.0. |
| 320 | * Enhanced checking of request parameters. |
| 321 | * Added support for discovery of SimpleID services via XRDS. |
| 322 | - Support for SHA256 where this is compiled into PHP. |
| 323 | - Added default profile page and XRDS document for each user. |
| 324 | |
| 325 | |
| 326 | SimpleID 0.2.1 |
| 327 | -------------- |
| 328 | |
| 329 | - Bug fixes: |
| 330 | * Removed incorrect and legacy handling of nonce parameter in OpenID 1.1 |
| 331 | authentication responses |
| 332 | |
| 333 | |
| 334 | SimpleID 0.2 |
| 335 | ------------ |
| 336 | |
| 337 | - Bug fixes: |
| 338 | * Fixed template compile error in Simple Registration Extension. |
| 339 | |
| 340 | |
| 341 | SimpleID 0.1 |
| 342 | ------------ |
| 343 | |
| 344 | - Initial release |