- Include a Quick Install Guide in the distribution. Contributed by Luis Melendez (cc0luism@uco.es) from the University of Cordoba.
- Correct a bug in AuthServer that caused a valid AuthN cookie to be reconstructed upon bogus TEST operations. Contributed by Francisco J. Jordano (arcturus@us.es), from BVSSPA.
- Add the Signoff_Location directive, so PoAs can initiate sign-off procedures by direct user request. Contributed by Maja Gorecka-Wolniewicz (Maja.Wolniewicz@uni.torun.pl), from the Nicolaus Copernicus University, Torun, Poland.
- BasicAuth databases are able to manage assertion formats. Contributed by Luis Melendez (cc0luism@uco.es) from the University of Cordoba.
- Templates in the AS definition (HTML contents and assertions) can include now the backtick operator, so arbitrary system commands can be run to build their final value. Contributed by Luis Melendez (cc0luism@uco.es) from the University of Cordoba.
- Proxy definitions can be made almost universal (directly installable at any PAPI setup) by means of the set of public variables that the proxy uses for rewriting. Contributed by Luis Melendez (cc0luism@uco.es) from the University of Cordoba.
- Fix the way in which attributes are extracted from assertions. Contributed by Francisco J. Jordano (arcturus@us.es), from BVSSPA.
- Deal with X-PAPICallBackCtl headers, so PAPI proxies can be stacked.
- Correct a bug that made certain combination of values in query strings to be mangled when traversing a multiple-GPoA hierarchy.
- Apply rewriting rules to style attribute contents in HTML tags. Noted by Victor Hernandez (vjhergom@cic.upo.es), from the Pablo de Olavide University.
- Add the directive Pass_URL_Pattern, to allow for skipping PAPI access checkings for certain URLs under a PAPI-protected location.
- Add the directive PAPI_Redirect_by_URL, allowing for a more sophisticated control on proxy mode rewriting rules, that are only applied when the requested URL matches the specified pattern.
- Add the directives PAPI_Header_Redirect and PAPI_POST_Redirect, that apply specific rewriting rules to the header values and the data sent using the HTTP POST method (respectively) through a PoA in proxy mode.
- Modify the Form_Processor directive to add the optional parameter "match", so rules are only applied when the content of the page holding the form matches. Contributed by by Maja Gorecka-Wolniewicz (Maja.Wolniewicz@uni.torun.pl), from the Nicolaus Copernicus University, Torun, Poland. Correct a bug that caused the GPoA_Rewrite directives to cascade data restrictions beyond their scope when the more stringent rule was placed at the beginning of the GPoA_Rewrite ruleset. Contributed by Jaime Perez (jperez@blackout.homelinux.org) from URJC.
- Now it is possible to use URN inside PAPI assertions. This has some problems in the past because the character ':' is the separator inside PAPI tokens.
- Enhance proxy mode behavior when dealing with URL references, cookies and rewrite rules in the case of proxying entire domains (using the Remote_Domain directive).
- The PoA passes now all user attribute values in specific Apache notes as well as in specific requests headers. Attributes are extracted from the user assertion exchanged through the PAPI tokens. Notes have the identifier PAPIAttr-<ATTNAME> and headers are called X-PAPIAttr-<ATTNAME>.
- Correct a bug in the parsing and processing of the Form_Processor directive values. Noted by Jaime Perez (jperez@blackout.homelinux.org) from URJC and Antonio Ruiperez (aruip@csi.uned.es) from the UNED.
- Correct a bug in the attribute request processing of BasicAuth.pm that caused spurious results when a suitable site was not available.