diff options
authorOlav Morken <>2014-12-18 09:59:02 (GMT)
committerOlav Morken <>2014-12-18 09:59:16 (GMT)
commit03db9ccf91c2986d420e392e777318383038c92a (patch)
parent3dd7c01926a64db08bdea3695efd7ff343789b66 (diff)
Include version 0.8.1 in the NEWS-file.
This release was branched from the 0.8.0-release, and was therefore not included in the NEWS-file for the master-branch.
1 files changed, 17 insertions, 0 deletions
diff --git a/NEWS b/NEWS
index 0d99640..b116c88 100644
--- a/NEWS
+++ b/NEWS
@@ -24,6 +24,23 @@ Version 0.9.0
* Fix looking up sessions by NameID, which is used during logout.
+Version 0.8.1
+This is a security release with fixes backported from version 0.9.1.
+It turned out that session overflow bugs fixes in version 0.9.0 and
+0.9.1 can lead to information disclosure, where data from one session
+is leaked to another session. Depending on how this data is used by the
+web application, this may lead to data from one session being disclosed
+to an user in a different session. (CVE-2014-8566)
+In addition to the information disclosure, this release contains some
+fixes for logout processing, where logout requests would crash the
+Apache web server. (CVE-2014-8567)
Version 0.8.0