// $Id: CHANGELOG.txt 512 2012-01-25 22:42:56Z kmo $ SimpleID 0.8.1 -------------- - Bug fixes: * #77 Incorrect detection of register_globals PHP configuration variable * #86 PHP syntax warnings in filesystem.store.inc * #88 Updated URL to Simple Registration Extension specification in example.identity.dist * #91 Missing parameters in simpleid_checkid_error() * #92 Corrected path handling in simpleweb * #98 Missing global variable in simpleid_openid_consent() - Improvements to user interface: * #94 Switch redirects from form-based to HTTP header-based - Improvements to the PAPE extension * #95 Added private personal identifiers SimpleID 0.8 ------------ - Improved OpenID specification compliance: * Added read-only support for attribute exchange extension * Addes support for provider authentication policy extension - Improvements to user interfaces: * #14 Added support for clean URLs * #18 Improved comformance to HTML specifications in user interface * #19 For OpenID immediate requests, assertion will not fail simply because return_to has not been verified * #23 Optional support for browsers to save SimpleID passwords - Improvements to SimpleID internals: * Refactored function names * Refactored function layout in discovery.inc and openid.inc * Opened up identity store code to allow support for non filesystem based identity files * Improved source code documentation - Bug fixes: * #74 Function naming conflict with PECL http module within http.inc SimpleID 0.7.6 -------------- - Fixed directory traversal vulnerability SA-2011-1 (http://simpleid.sourceforge.net/advisories/sa-2011-1) SimpleID 0.7.5 -------------- - Bug fixes: * #61 PHP safe mode causing curl configuration issues * #64 Issue with URL parsing under Simpleweb framework SimpleID 0.7.4 -------------- - Fixed incorrect implementation of fix for PHP's handling of HTTP parameters. SimpleID 0.7.3 -------------- - Bug fixes: * #47 PHP syntax warnings in discovery.inc. * #48 PHP syntax warnings in user.inc. * #50 Fix for PHP's handling of HTTP parameters. SimpleID 0.7.2 -------------- - Bug fixes: * #40 PHP syntax warnings in simpleweb.inc. * #42 PHP syntax warnings in index.php. SimpleID 0.7.1 -------------- - Bug fixes: * Incorrect specification for expiry time for auto login. * Fixed verification of credentials under legacy authentication. * Fixed incorrect signing of Simple Registration Extension response. * Fixed Javascript for digest authentication. * Used Javascript instead of forms for page redirection for better HTTPS user experience. SimpleID 0.7 ------------ - Improved OpenID specification compliance: * Added additional return_to verification using discovery. * Fixed support for SHA256. * Fixed indirect message URL encoding. * Fixed filtering of extension-specific parameters. * Fixed XRDS document for SimpleID. - Preliminary implementation of the OpenID User Interface extension. - Added support for GMP for improved performance for arbitary precision arithmetic operations. - Improved user interface: * Separated Dashboard, My Profile and My Sites pages. * Added "log in as different user" functionality. * CSS improvements. * Added framekiller code. * Support for nicer URLs via mod_rewrite. - Enhanced detection of SSL/TLS for user login page. - Implemented flexible persistent storage system to store user data. - Improved extension framework: major refactoring of hooks available to be utilised by extensions. - Improved URL routing framework: included simpleweb.inc. - Added upgrade script. - Enhanced logging of status and errors. - Enhanced code documentation. SimpleID 0.6.5 -------------- - Bug fixes: * Fixed XSS vulnerability in user login page. * Fixed XRDS-Location HTTP header. SimpleID 0.6.4 -------------- - Fixed user interface bug on trusted sites page (disable Submit button when there are no trusted sites). SimpleID 0.6.3 -------------- - Fixed session_type verification response when using OpenID 1.1 associations. SimpleID 0.6.2 -------------- - Fixed session_type verification issue when using OpenID 1.1 associations. SimpleID 0.6.1 -------------- - Fixed return_to verification issue when using OpenID 1.1 (legacy handling of nonce parameter). SimpleID 0.6 ------------ - Bug fixes: * Fixed syntax errors in openid.inc. * Fixed incorrect error authentication response. - Implemented digest authentication for user login (security enhancements). - Implemented persistent login - Enhanced form security: * Added form token verification. * Enhanced encoding of HTML special characters. - Improved compliance against OpenID specifications: * Added return_to verification. - Changed extension of extensions from .inc to .extension.inc. - Enhanced code documentation. SimpleID 0.5.1 -------------- - Bug fixes: * Removed remnants of maths question (removed in SimpleID 0.5) from user.inc - Included Simple Registration Extension by default SimpleID 0.5 ------------ - Bug fixes: * Removed XSS vulnerabilities * Fixed incorrect processing of Simple Registration Extension parameters * Fixed URL for identifier selection. - The identifier variable is now optional in identity files. SimpleID automatically assigns an identifier to all identities where this is not specified. - Log in security improvements: * Removed requirement to complete a maths question to log in. * Added nonce check into login page to detect repeat attacks. - Improved compliance against OpenID specifications: * Enhanced support for OpenID 2.0. * Enhanced checking of request parameters. * Added support for discovery of SimpleID services via XRDS. - Support for SHA256 where this is compiled into PHP. - Added default profile page and XRDS document for each user. SimpleID 0.2.1 -------------- - Bug fixes: * Removed incorrect and legacy handling of nonce parameter in OpenID 1.1 authentication responses SimpleID 0.2 ------------ - Bug fixes: * Fixed template compile error in Simple Registration Extension. SimpleID 0.1 ------------ - Initial release