DRACOON OAuth Service

Version 4.12.0 (2019-06-18)

Security Issue Fixed an XSS vulnerability on the login page.

Security Issue Fixed a reflected XSS vulnerability.

New Feature Added OAuth client types (see RFC 6749, section 2.1).

New Feature Improved support of DRACOON branding.

New Feature Introduced "lang" parameter to enable a client to request a specific language.

New Feature Introduced logout mechanism to terminate OAuth session.

New Feature Introduced token revocation endpoint.

New Feature Added an option to make the position of the login box adjustable.

New Feature DRACOON OAuth Service now uses Spring Boot.

New Feature Added device information to OAuth authorizations so that devices can be distinguished.

Improvement Discontinued usage of "X-Fowarded-Host" header.

Improvement Improved responsiveness of the UI.

Improvement Added an option to configure GZIP compression.

Bugfix Fixed an issue where special chars in branded texts prevented the UI from being correctly displayed.

Bugfix Fixed an issue with URI validation.

Bugfix Revised handling of errors on remote calls.