Cosign 1.7.0 Released

[johanna bromberg craig <canna@xxxxxxxxx>]

The Cosign Team is pleased to announce the availability of version 
1.7.0 of cosign [ MD5 f4cece2c7b8b642c8135e90da7c4d422] .

Changelog at http://www.umich.edu/~umweb/software/cosign/changelog.txt

Changes:

	config: must specify path to apxs to build either filter, no default.
	common: first pass at rate logging, see README and man pages
	cgi: issue a new login cookie if the one presented is more than
		24 hours old.
	cgi: looping page a redirect now instead of just an error.
	cgi: check for sql injection prior to username query.
	cgi: less verbose logging, more sumamries.
	daemon: default log facility now daemon.
	daemon: more precise logging, supression of common errors.
	daemon/monster: override syslog facility and level from cmd line.
	filter: all settings configureable thorough runtime directives.
	filter: new directive to delimit authN optional, which allows you
		to push authN deicsions back into the application.
	filter: issue a new service cookie if the one presented is more than
		24 hours old.
	html: new looping page, a redirect from the cgi, will allow you to
		capture the browser info ( in access logs ) for clients
		who are looping.

Thanks to Phil Pishioneri from Penn State University for some minor bug 
fixes.

FYI: Cosign 1.8.0, which will mostly be Brett Lomas' (University of 
Auckland) changes to allow runtime configuration of the cgi and daemon 
from a single configuration file, will be released as soon as we get it 
reviewed and checked in. The only planned filter change is to allow 
CosignProtected On/Off in .htaccess files. Those of you who do not like 
to upgrade often and/or really want the runtime configuration for the 
cgi and daemon are advised to consider waiting.

-Johanna, and the core cosign dev team