// $Id: CHANGELOG.txt 512 2012-01-25 22:42:56Z kmo $

SimpleID 0.8.1
--------------

- Bug fixes:
    * #77 Incorrect detection of register_globals PHP configuration variable
    * #86 PHP syntax warnings in filesystem.store.inc
    * #88 Updated URL to Simple Registration Extension specification in
      example.identity.dist
    * #91 Missing parameters in simpleid_checkid_error()
    * #92 Corrected path handling in simpleweb
    * #98 Missing global variable in simpleid_openid_consent()
- Improvements to user interface:
    * #94 Switch redirects from form-based to HTTP header-based
- Improvements to the PAPE extension
    * #95 Added private personal identifiers
    

SimpleID 0.8
------------

- Improved OpenID specification compliance:
    * Added read-only support for attribute exchange extension
    * Addes support for provider authentication policy extension 
- Improvements to user interfaces:
    * #14 Added support for clean URLs
    * #18 Improved comformance to HTML specifications in user interface
    * #19 For OpenID immediate requests, assertion will not fail simply because
      return_to has not been verified
    * #23 Optional support for browsers to save SimpleID passwords
- Improvements to SimpleID internals:
    * Refactored function names
    * Refactored function layout in discovery.inc and openid.inc
    * Opened up identity store code to allow support for non filesystem based
      identity files
    * Improved source code documentation
- Bug fixes:
    * #74 Function naming conflict with PECL http module within http.inc
    
SimpleID 0.7.6
--------------

- Fixed directory traversal vulnerability SA-2011-1
  (http://simpleid.sourceforge.net/advisories/sa-2011-1)

SimpleID 0.7.5
--------------

- Bug fixes:
    * #61 PHP safe mode causing curl configuration issues
    * #64 Issue with URL parsing under Simpleweb framework


SimpleID 0.7.4
--------------

- Fixed incorrect implementation of fix for PHP's handling of HTTP parameters.


SimpleID 0.7.3
--------------

- Bug fixes:
    * #47 PHP syntax warnings in discovery.inc.
    * #48 PHP syntax warnings in user.inc.
    * #50 Fix for PHP's handling of HTTP parameters.


SimpleID 0.7.2
--------------

- Bug fixes:
    * #40 PHP syntax warnings in simpleweb.inc.
    * #42 PHP syntax warnings in index.php.


SimpleID 0.7.1
--------------

- Bug fixes:
    * Incorrect specification for expiry time for auto login.
    * Fixed verification of credentials under legacy authentication.
    * Fixed incorrect signing of Simple Registration Extension response.
    * Fixed Javascript for digest authentication.
    * Used Javascript instead of forms for page redirection for better HTTPS
      user experience.


SimpleID 0.7
------------

- Improved OpenID specification compliance:
    * Added additional return_to verification using discovery.
    * Fixed support for SHA256.
    * Fixed indirect message URL encoding.
    * Fixed filtering of extension-specific parameters.
    * Fixed XRDS document for SimpleID.
- Preliminary implementation of the OpenID User Interface extension.
- Added support for GMP for improved performance for arbitary precision
  arithmetic operations.
- Improved user interface:
    * Separated Dashboard, My Profile and My Sites pages.
    * Added "log in as different user" functionality.
    * CSS improvements.
    * Added framekiller code.
    * Support for nicer URLs via mod_rewrite.
- Enhanced detection of SSL/TLS for user login page.
- Implemented flexible persistent storage system to store user data.
- Improved extension framework: major refactoring of hooks available to be
  utilised by extensions.
- Improved URL routing framework: included simpleweb.inc.
- Added upgrade script.
- Enhanced logging of status and errors.
- Enhanced code documentation.


SimpleID 0.6.5
--------------

- Bug fixes:
    * Fixed XSS vulnerability in user login page.
    * Fixed XRDS-Location HTTP header.


SimpleID 0.6.4
--------------

- Fixed user interface bug on trusted sites page (disable Submit button when
  there are no trusted sites).


SimpleID 0.6.3
--------------

- Fixed session_type verification response when using OpenID 1.1 associations.


SimpleID 0.6.2
--------------

- Fixed session_type verification issue when using OpenID 1.1 associations.


SimpleID 0.6.1
--------------
  
- Fixed return_to verification issue when using OpenID 1.1 (legacy handling of
  nonce parameter).

SimpleID 0.6
------------

- Bug fixes:
    * Fixed syntax errors in openid.inc.
    * Fixed incorrect error authentication response.
- Implemented digest authentication for user login (security enhancements).
- Implemented persistent login
- Enhanced form security:
    * Added form token verification.
    * Enhanced encoding of HTML special characters.
- Improved compliance against OpenID specifications:
    * Added return_to verification.
- Changed extension of extensions from .inc to .extension.inc.
- Enhanced code documentation.


SimpleID 0.5.1
--------------

- Bug fixes:
    * Removed remnants of maths question (removed in SimpleID 0.5) from user.inc
- Included Simple Registration Extension by default


SimpleID 0.5
------------

- Bug fixes:
    * Removed XSS vulnerabilities
    * Fixed incorrect processing of Simple Registration Extension parameters
    * Fixed URL for identifier selection.
- The identifier variable is now optional in identity files.  SimpleID automatically
  assigns an identifier to all identities where this is not specified.
- Log in security improvements:
    * Removed requirement to complete a maths question to log in.
    * Added nonce check into login page to detect repeat attacks.
- Improved compliance against OpenID specifications:
    * Enhanced support for OpenID 2.0.
    * Enhanced checking of request parameters.
    * Added support for discovery of SimpleID services via XRDS.
- Support for SHA256 where this is compiled into PHP.
- Added default profile page and XRDS document for each user.


SimpleID 0.2.1
--------------

- Bug fixes:
    * Removed incorrect and legacy handling of nonce parameter in OpenID 1.1
      authentication responses


SimpleID 0.2
------------

- Bug fixes:
    * Fixed template compile error in Simple Registration Extension.


SimpleID 0.1
------------

- Initial release
