12/23/2021
- allow deprecated declarations to build with OpenSSL 3.0; see #31
- release 1.4.4

12/22/2021
- hash the cache encryption key to a string instead of bytes
- Makefile.am improvements:
  - move OpenSSL libs go generic libraries so cache files compile with the right flags
  - use ${srcdir} to conform to distcheck
- add Github Actions CI; remove Travis

10/12/2021
- make outgoing_proxy an endpoint property
- accommodate for NULL key in oauth2_cache_get and oauth2_cache_set
- release 1.4.3.2

10/11/2021
- add outgoing_proxy option to verify context
- correct remote_user debug printout
- release 1.4.3.1

06/21/2021
- printout remote username claim when not found, for debugging purposes

06/10/2021
- use encrypted JWTs for storing encrypted cache contents and avoid using static AAD/IV
  closes #26; thanks @niebardzo
- avoid memory leaks on JWT validation errors
- release 1.4.3

06/07/2021
- correct iat slack validation defaults, see https://github.com/zmartzone/mod_oauth2/discussions/20
  thanks @DrakezulsMinimalism
- release 1.4.2.1

05/28/2021
- add Travis and LGTM

05/25/2021
- set memory alignment of shm cache structs to 64 bytes; see #21 and #24
- release 1.4.2

04/19/2021
- apache: use include directory from APXS; thanks @abbra
- pass missing argument to oauth2_error in _oauth2_dpop_jti_validate; thanks @abbra

02/02/2021
- avoid creating files for anonymous shared memory segments; see #18
- release 1.4.1

01/30/2021
- fix Apache cleanup routines; see zmartzone/liboauth2#18 and zmartzone/mod_oauth2#7

01/26/2021
- add support for RFC 8705 OAuth 2.0 Mutual-TLS Certificate-Bound Access Tokens
  https://tools.ietf.org/html/rfc8705; thanks @vdzhuvinov
 
12/23/2020
- use per-process semaphore locking to prevent multi-process issue; see #18
- release 1.4.0.1

12/21/2020
- release 1.4.0

12/03/2020
- add oauth2_cfg_openidc_set_options for configurable state cookie handling

12/02/2020
- cleanup OIDC expired/superfluous state cookies; closes zmartzone/ngx_openidc_module#6

11/13/2020
- add support for PKCE

11/12/2020
- separate OpenID client configs and named providers
- fix parsing in oauth2_cfg_set_flag_slot
- add configurable state and session cookie paths

11/11/2020
- fix session cache handler cloning
- support configurable cookie path for session cookie

11/09/2020
- refactored caching; use named caches consistently

11/08/2020
- use endpoint more consistently
- harmonize naming of endpoint, endpoint auth and ropc

11/07/2020
- don't use automake config.h; closes #10; thanks @babelouest

10/07/2020
- add support for DPOP bound access tokens
- bump to 1.4.0-dev

02/27/2020
- lock access to cache globals
- log corrections and improvements

02/26/2020
- resolve some TODOs; valgrind
- bump to 1.3.0

02/25/2020
- change to named sessions

02/21/2020
- add serialized id_token to session
- externalize oauth2_jose_jwt_verify and allow verification context to be NULL
- bump to 1.2.5

02/13/2020
- add userinfo endpoint request and claims
- bump to 1.2.4
- change to named cache configurations

02/10/2020
- implement session expiry checks
- bump to 1.2.3

02/05/2020
- add missing ROPC config functions
- bump to 1.2.2

02/04/2020
- add generic endpoint config struct and ROPC client capability
- bump to 1.2.1 and bump copyright year

01/31/2020
- sane session cfg defaults

09/12/2019
- change http request header function naming
- more openidc handling
- bump to 1.2.0

09/02/2019
- fix type (auth->client_secret_jwt.aud = NULL); closes #3; thanks @pengjiaoyang

08/19/2019
- add first outline of openidc and sessions

07/03/2019
- return status code from HTTP callouts
- bump to version 1.1.1

07/01/2019
- encapsulate oauth2_log_sink_t
- bump to version 1.1.0

05/20/2019
- add Apache Require claim authorization functions
- bump to version 1.0.1

03/22/2019
- initial import of version 1.0.0
