This document duplicates reference information found at http://www.ja-sig.org/wiki/display/CASC/phpCAS+ChangeLog for interested parties, in the case the wiki wouldn't be available. ---- Changes in version 1.1.0RC7 Security fixes * Fix XSS Vulnerability. Sanatize parameters before using the url submitted by a client [PHPCAS-52] (Joachim Fritschi) Changes in version 1.1.0RC6 Bug fixes * restore any possible old session before renaming the session [PHPCAS-50] (Joachim Fritschi) Changes in version 1.1.0RC5 Bug fixes * fixed don't destroy existing sessions unless needed, more debug output [PHPCAS-50] (Joachim Fritschi) Changes in version 1.1.0RC4 Bug fixes * fixed use PHP4 functions to parse saml11 attributes [PHPCAS-51] (Joachim Fritschi) Changes in version 1.1.0RC3 Bug fixes * added a check for missing params [PHPCAS-42] (Joachim Fritschi) Changes in version 1.1.0RC2 New features * added custom validation Urls [PHPCAS-45] (Joachim Fritschi). Bug fixes * fixed PGT DB storage parameter list [PHPCAS-47] (Paul Merchant, Jr.) * fixed parsing of STs [PHPCAS-44] (Joachim Fritschi) * fixed session initialisation [PHPCAS-50] (Joachim Fritschi) * fixed urls with than one query parameter [PHPCAS-42] (Caio Chassot) Changes in version 1.1.0RC1 New features * added SAML support [PHPCAS-40] (Brian Long and Matthias Crauwels). Bug fixes * fixed invalid validation URLs [PHPCAS-39] (Alex Danieli). * removed old PHP4 references [PHPCAS-41] (Yann Richard). * fixed curl options [PHPCAS-38] (Andy Cowling). Improvement * added accept IP addresses for allowed clients [PHPCAS-37] (Arunas Stockus) Changes in version 1.0.2RC1 Bug fixes * fix redirections masking error messages [PHPCAS-36] (Olivier Berger) * fixed validatePGT() failing on phpCAS::traceBegin() with newer domxml-php4-to-php5.php [PHPCAS-35] (Olivier Berger) * Fixed missing exit() at end of callback() method [PHPCAS-34] (Olivier Berger) * Update included domxml-php4-php5.php to most recent version now under LGPL [PHPCAS-30] (Olivier Berger) * fixed empty $target_service in CASClient:serviceMail [PHPCAS-22] (Julien Marchal). Changes in version 1.0.1 Bug fixes * fixed PEAR base install directory [PHPCAS-28] (Brett Bieber). * fixed illegal characters in session id [PHPCAS-29] (Michael Ströder, Brett Bieber). * fixed refresh with ticket causes authentication failure [related to PHPCAS-27] (Brett Bieber). * fixed conflict with custom session handlers [PHPCAS-26] (Martin Gonzalez). Changes in version 1.0.0 New features * phpCAS is now PEAR-installable (Brett Bieber). * added method handleLogoutRequests() to handle logout requests incoming from the CAS server (Julien Marchal and Pascal Aubry, requested by Craig Andrews). * added methods setHttpProxy(), setNetworkInterface() and setExtraCurlOptions() (Stéphane Gully). Enhancements * removed undesirable notice (Glennie Vignarajah). * removed PEAR DB dependency when storing PGTs to the filesytem (Stéphane Gully). Changes in version 0.6.0 New features * added methods setCasServerCert() and setCasServerCaCert() to authenticate the CAS server, and method setNoCasServerValidation() to skip the SSL checks (Pascal Aubry, requested by Andrew Petro). * Added spanish and catalan translations (Ivan Garcia). Bug fix * fixed PGT storage path on Windows (Olivier Thebault). Changes in version 0.5.1 New features * restored method isAuthenticated() (Julien Marchal). Changes in version 0.5.0 New features * added japanese translation (Noriyuki Fukuoka). * added german translation (Henrik Genssen). * phpCAS now works for CAS v3 proxy tickets (Matt Zukowski). * phpCAS now also works with lighttpd (Marvin Addison) Bug fixes * fixed method setHTMLFooter() (Noriyuki Fukuoka). * fixed method setHTMLHeader() (Xavier Castanho). * fixed method isHttps() (Henrik Genssen). * fixed method PGTStorageDB() (Ray Lambe). * encode all the parameters, not only '&' characters (Matthew Debus). * fixed ST proxy tickets (Julien Marchal). Changes in version 0.4.23 Enhancement * removed notice messages (David Lowry). Changes in version 0.4.22 Bug fix * added default value for parameter gateway in methods setServerLoginUrl() and redirectToCas() (Velpi). New Feature * added method isSessionAuthenticated() (Brendan Arnold). Other change * removed the call to error_reporting() to allow the configuration of error reporting at server level (Pascal Aubry, requested by Sylvain Derosiaux). Changes in version 0.4.21 Bug fix * some URLs were ill-formed in some rare circumstances (Jérôme Andrieux). New Feature * added methods setServerLoginURL() and setServerLogoutURL() (Wyman Chan). Changes in version 0.4.20 New feature * phpCAS::checkAuthentication() implements the gateway feature of CAS (Pascal Aubry, requested by Romuald Lorthioir). Other change * phpCAS::authenticateIfNeeded() was renamed phpCAS::forceAuthentication() (Pascal Aubry). Changes in version 0.4.19 New features * the service URL for the CAs server can be fixed with method phpCAS::setFixedServiceURL (Julien Marchal). * the callback URL used to receive PGTs can be fixed with method phpCAS::setFixedCallbackURL() (Julien Marchal). * added a CASClient wrapper to class phpCAS for method retrievePGT() (Julien Marchal). Changes in version 0.4.18 Bug fixes * debugging information was missing (Alexandre Boisseau). * used an undefined variable in pgt-file.php (Alexandre Boisseau). Changes in version 0.4.17 Enhancement * made phpCAS PHP5 compliant (Vangelis Haniotakis). Changes in version 0.4.16 Enhancement * added the possibility not to start the session management (Vangelis Haniotakis). Changes in version 0.4.15 Enhancement * added a hack to make phpCAS work with IIS (Vangelis Haniotakis). Changes in version 0.4.14 Enhancement * a URL can be given to the CAS server on logout (Sébastien Gougeon and Yann Richard). Changes in version 0.4.13 Bug fix * Removed infinite loop in debug mode (Robert Legros). Changes in version 0.4.12 Enhancement * phpCAS now works even if the web server does not set SERVER_NAME, by relying on HTTP_HOST (Terence Chiu). Changes in version 0.4.11 Bug fix * A typo prevented ticket validation to work correctly (Robert Legros). Changes in version 0.4.10 Enhancement * phpCAS was previously working with PHP >= 4.3.0. A debug_backtrace() wrapper was added and get_elements_by_tagname() calls were modified to make phpCAS work with phpCAS >= 4.2.2 (Robert Legros). Changes in version 0.4.9 New features * Added greek translation (Haniotakis Vangelis). Changes in version 0.4.8 Enhancements * PEAR's DB.php inclusion is done only if a DB class was not already included. This eases the integration into some stand-alone tools that already include DB.php, like Tikiwiki (Pascal Aubry, requested by Terence Chiu). Changes in version 0.4.7 Enhancements * PHP session is now destroyed when using the phpCAS::logout() method (Pascal Aubry, requested by Ruben Recaba). * Call getenv() whenever possible instead of directly dealing with environment variables (with $_ENV['xxx']), as $_ENV is not available par default on some Windows systems (Pascal Aubry). * Set error reporting level to E_ALL ~ E_NOTICE (Pascal Aubry). * Added the release number in the name of the main directory of the zip distribution file (Pascal Aubry, requested by Vincent Mathieu). * Explicitly set certificate control to get round with different curl default configurations (Wyman Chan). Changes in version 0.4.6 Security bug fix * Credentials given to HTTP realms were given in the service URLs to the CAS server (Julien Marchal). Enhancements * phpCAS now works behind an Apache reverse proxy (Julien Marchal). Changes in version 0.4.5 Enhancements * Developer releasing is now made by ant (Pascal Aubry). Bug fixes * CAS/PGTStorage files have been renamed to fit to Windows case insensitivity (Pascal Aubry); * %TMP% and %TEMP% environment variables are now taken into account to set the location of the log file (Pascal Aubry). Changes in version 0.4.4 Enhancement * ticket retrieval and validation is now made with curl (Pascal Aubry). Changes in version 0.4.3 Bug fix * phpCAS was not exiting right after redirecting in callback mode (Julien Marchal) Changes in version 0.4.2 New features * Authentication checking is not necessarily redirecting to the CAS server (introduced phpCAS::isAuthenticated()) (Pascal Aubry) * phpCAS can now be used to access IMAP/POP3/NNTP services (cf phpCAS::serviceMail()) (Pascal Aubry) Enhancements * debugging informations has been improved and is now send to a separate file (/tmp/phpCAS.log by default, can be changed by phpCAS::setDebug()) (Pascal Aubry) Changes * phpCAS::authenticate() is replaced by phpCAS::authenticateIfNeeded() (semantics unchanged) (Pascal Aubry) * phpCAS::service() is replaced by phpCAS::serviceWeb() (semantics unchanged) (Pascal Aubry) * phpCAS::setDebug() accepts FALSE (to stop debugging) or the name of a file (to log informations) (Pascal Aubry) Changes in version 0.4.1 New features * Sessionning between CAS proxies and services (Pascal Aubry) Changes in version 0.4 New features * CAS proxies can be chained (Pascal Aubry) * improved error printing and debugging (introduced phpCAS::error()) (Pascal Aubry) Enhancements * proxy parameter removed from phpCAS::client() and introduced phpCAS::proxy() (Pascal Aubry) * moved history from CAS/doc.php to history.php (create_version script updated accordingly) (Pascal Aubry) * improved type-checking and controls for phpCAS methods (Pascal Aubry) Changes in version 0.3.2 New features * CAS proxies now work with HTTP (HTTPS only used for callbacks) (Pascal Aubry) Changes in version 0.3.1 Bug fixes * syntax error in CAS/client.php (Julien Marchal) Changes in version 0.3 New features * CAS proxies are now supported (but no PGT retrieving for proxied client) (Pascal Aubry) * introduced phpCAS container (Pascal Aubry) Bug fixes * CAS_LANG_DEFAULT is now taken into account (Pascal Aubry) TODO * support for PGT storage to databases (Pascal Aubry) * PGT retrieving for proxied clients (Pascal Aubry) Version 0.2 Features (Pascal Aubry) * `Basic' (1.0) CAS mechanism supported (CAS proxies not implemented) * Support for CAS versions 1.0 and 2.0 URL's * Debug mode * Customization of all output pages * Internationalization (english and french, looking for translators...)