Tag release 1.9.21
  • Bugs:

    • #1836: Use base64 URL for JWT generation
    • #1924: [security:low] oidc authorization codes are not tied to their RP
  • Improvements:

    • #1837: [Security:improvement] Do not accept a "none" signature in JWT if we enforce signature verification
    • #1892: $data->{_session_kind} uninitialized