Skip to main content
OCLC Support

EZproxy v7.0.16 release notes

Release Date: April 2020

Operating system requirements

EZproxy v7.0 is supported under two different operating systems:

The supported versions of these operating systems along with their minimum hardware requirements can be found at Requirements.

Administrative updates 

Reminder: Ending support for proxy by port due to incompatibility with many websites  

OCLC will end support for EZproxy’s proxy by port option on 30 September 2020, due to its incompatibility with many popular e-resource websites. If you are currently running proxy by port, you may continue to do so for the time being. After 30 September 2020, you will need to enable Proxy by Hostname in order to receive support from OCLC. Proxy by hostname will help ensure seamless access for your library’s e-resource subscriptions. For more information, please see migrating to Proxy by Hostname or contact OCLC Support. 

Action needed: 

Hosted EZproxy customers need not take any action. Stand-alone EZproxy customers will need to migrate to Proxy by Hostname prior to 30 September 2020 in order to assure continued access to OCLC Support. For more information, please see migrating to Proxy by Hostname or contact support@oclc.org

SAML auth: Attributes with special characters

Prior to EZproxy version 7.0, SAML auth: attributes with special characters did not require any unique configuration. In v7 auth: urn:x.x.x.x with special characters like colons will require quotes. 

Action needed: 

If currently using: auth:urn:oid:1.3.6.1.4.1.5923.1.1.1.7 

It now needs to use the following format: auth:"urn:oid:1.3.6.1.4.1.5923.1.1.1.7" 

SAML Upgrade Notes

Signing of assertions and responses

As was the case with EZproxy 6.6.2, assertion signing may need to updated. Earlier versions of EZproxy would also accept Response documents in which the Response was not signed, the Assertion was signed, and the Assertion was not encrypted.  When updating to this release, any site relying on this behavior will need to add the following to their ShibbolethMetadata directive. After configuring this option, libraries may need to toggle options in the response config to find a setting that matches your local needs. 

-SignResponse=false -SignAssertion=true -EncryptAssertion=false \

ADFS requires explicit issuer

For some sites that do not want to log specific usernames in their logs, the following configuration changes are required to avoid the encrypted string logging.

ifIssuer = "url"; setlogin:loguser 

Enhancements 

EZproxy now uses a 64 bit build to improve the user experience 

EZproxy has moved to an exclusively 64-bit build. By deprecating the development of 32-bit builds and focusing on 64-bit builds, OCLC can more quickly increase the frequency of future feature development for EZproxy.  

Improved security with OpenSSL 1.1.1f 

EZproxy v7.0 was built with the most current Long Term Support release of OpenSSL. For a full list of improvements in OpenSSL 1.1.1f, please review the OpenSSL documentation.

More flexible cookie handling to support Chrome 80 changes

In our testing, OCLC confirmed a small number of cases in which external resources failed to load properly on proxied publisher websites using Chrome 80. Changes were made to EZproxy's cookie handling patterns to better account for this behavior.

Option ForceHttpsLogin enabled by default

Libraries were previously given the option to enable ForceHttpsLogin. To increase the security of logins, we have enabled this option by default.  

Bug fixes 

Intrusion API

This version resolves an issue with how EZproxy handles the Intrusion API response object. In some cases, this may lead to more security events being reported.

RedirectSafe and SPU Config

Security enhancement was made to block a RedirectSafe url configuration if the user.txt admin user was configured to allow the unsafe redirect.  

Important links

Product website

More product information can be found at http://www.oclc.org/ezproxy.en.html

Support website(s)

Support information for this product and related products can be found at:

 

  • Was this article helpful?