diff --git a/doc/sources/admin/documentation.rst b/doc/sources/admin/documentation.rst index b76f7c596..942e6e72e 100644 --- a/doc/sources/admin/documentation.rst +++ b/doc/sources/admin/documentation.rst @@ -31,7 +31,7 @@ Installation and configuration - `Version 2.0 `__ (stable) - `Version 1.9 `__ (oldstable) -- Archived versions (unmaintained by `LLNG Team `__ ) +- Archived versions (unmaintained by LLNG Team ) - `Version 1.4 `__ - `Version 1.3 `__ @@ -53,20 +53,22 @@ Debian Following Debian Policy, LLNG packages are never upgraded in published distributions. However, security patches are backported by maintenance teams *(except some inor ones)*. See `Security tracker `__ -=========== ======================== ======================================== ===================================================== ============================================================ =============================== ============================================================= -Debian dist LLNG version Secured Maintenance LTS Limit `Extended LTS `__ Limit -=========== ======================== ======================================== ===================================================== ============================================================ =============================== ============================================================= -*6* *Squeeze* *0.9.4.1* |maybe| No known vulnerability *None* *February 2016* *April 2019* -**7** Wheezy `1.1.2 `__ |maybe| No known vulnerability **None** [1]_ May 2018 Probably 2021 -**8** Jessie `1.3.3 `__ |clean| CVE-2019-19791 tagged as minor **None** [1]_ June 2020 Probably 2023 -**9** Stretch `1.9.7 `__ |clean| CVE-2019-19791 tagged as minor `Debian LTS Team `__ June 2022 -\ *Stretch-backports* `2.0.2 `__ |bad| CVE-2019-12046, CVE-2019-13031, CVE-2019-15941 *None* *June 2019* -\ Stretch-backports-sloppy `2.0.11 `__ |maybe| *Maybe none*, "best effort" [3]_ Until Debian 11 release [4]_ -**10** Buster `2.0.2 `__ |clean| CVE-2019-19791 tagged as minor `Debian Security Team `__ Probably July 2024 -\ Buster-backports `2.0.11 `__ |clean| `LLNG Team `, "best effort" [3]_ Until Debian 11 release [4]_ -\ Bullseye `2.0.11 `__ |clean| `Debian Security Team `__ Probably July 2026 -**Next** Testing Latest [5]_ |clean| `LLNG Team `__ -=========== ======================== ======================================== ===================================================== ============================================================ =============================== ============================================================= +=========== ========================== ======================================== ===================================================== ============================================================ =============================== ============================================================= +Debian dist LLNG version Secured Maintenance LTS Limit `Extended LTS `__ Limit +=========== ========================== ======================================== ===================================================== ============================================================ =============================== ============================================================= +*6* *Squeeze* *0.9.4.1* |maybe| No known vulnerability *None* *February 2016* *April 2019* +*7* *Wheezy* `1.1.2 `__ |maybe| No known vulnerability *None* *May 2018* *June 2020* +**8** Jessie `1.3.3 `__ |clean| CVE-2019-19791 tagged as minor **None** [1]_ June 2020 June 2022 +**9** Stretch `1.9.7 `__ |clean| CVE-2019-19791 tagged as minor `Debian LTS Team `__ June 2022 Probably 2024 +\ *Stretch-backports* `2.0.2 `__ |bad| CVE-2019-12046, CVE-2019-13031, CVE-2019-15941 *None* *June 2019* +\ *Stretch-backports-sloppy* `2.0.11 `__ |maybe| *None* *August 2021* +**10** Buster `2.0.2 `__ |clean| CVE-2019-19791 tagged as minor `Debian Security Team `__ June 2024 Probably 2026 +\ *Buster-backports* `2.0.11 `__ |clean| *None* *August 2021* +\ Buster-backports-sloppy `2.0.11 `__ |clean| LLNG Team, "best effort" [3]_ Until Debian 12 release [4]_ +**11** Bullseye `2.0.11 `__ |clean| `Debian Security Team `__ July 2026 Probably 2028 +\ Bullseye-backports `2.0.11 `__ |clean| LLNG Team, "best effort" [3]_ Until Debian 12 release [4]_ +**Next** Testing/Unstable Latest [5]_ |clean| LLNG Team +=========== ========================== ======================================== ===================================================== ============================================================ =============================== ============================================================= See `Debian Security Tracker `__ @@ -142,7 +144,7 @@ Other backports are not covered by Debian Security Policy .. [4] - around September 2021 + around July 2023 .. [5] few days after release diff --git a/doc/sources/admin/upgrade_2_0_x.rst b/doc/sources/admin/upgrade_2_0_x.rst index 93dd34621..ebf2f3df4 100644 --- a/doc/sources/admin/upgrade_2_0_x.rst +++ b/doc/sources/admin/upgrade_2_0_x.rst @@ -43,19 +43,52 @@ Security Portal templates changes ~~~~~~~~~~~~~~~~~~~~~~~~ -If you customized the HTML mail content, you must update them to use HTML::Template variables (this was changed to fix XSS injections). +Email templates +^^^^^^^^^^^^^^^ -For session variables, replace for example ``$cn`` by ````, and for other variables, replace for example ``$url`` by ````. +If you customized the HTML email templates, you must update them to use HTML::Template variables (this was changed to fix XSS injections). -Some changes have been made to include new plugins (FindUser and CheckDevOps), you need to report them only if you have a custom theme and you want to use these plugins +In the following files: ``mail_2fcode.tpl`` ``mail_certificateReset.tpl`` ``mail_footer.tpl`` ``mail_password.tpl`` ``mail_register_done.tpl`` ``mail_certificateConfirm.tpl`` ``mail_confirm.tpl`` ``mail_header.tpl`` ``mail_register_confirm.tpl`` +Replace the following variables: + + +.. list-table:: + :header-rows: 1 + + * - Old syntax + - New syntax + * - ``$code`` + - ```` + * - ``$url`` + - ```` + * - ``$login`` + - ```` + * - ``$password`` + - ```` + * - ``$firstname`` + - ```` + * - ``$lastname`` + - ```` + +Replace all other variables such as ``$cn`` by ````. + +Login form +^^^^^^^^^^ To benefit from the new feature allowing to show password on login form, adapt ``standardform.tpl`` (see `changes `__) To disable password store in browser when changing password (this was already possible for login form), adapt ``password.tpl`` (see `changes `__) To fix placeholder display in password field when password store is disabled in browser, adapt ``password.tpl`` (see `changes `__) -See also "Simplification of TOTP options" below. +TOTP +^^^^ +See also `Simplification of TOTP options`_ below. + +FindUser, CheckDevOps templates +^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ + +Some changes have been made to include new plugins (FindUser and CheckDevOps), you need to report them only if you have a custom theme and you want to use these plugins Client Credential sessions missing expiration time ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ diff --git a/lemonldap-ng-portal/site/cron/purgeCentralCache b/lemonldap-ng-portal/site/cron/purgeCentralCache index 7b476e9c2..665da37f9 100755 --- a/lemonldap-ng-portal/site/cron/purgeCentralCache +++ b/lemonldap-ng-portal/site/cron/purgeCentralCache @@ -144,8 +144,7 @@ for my $options (@backends) { next if ( $options->{backend} eq "Apache::Session::Memcached" ); my @t; if ( $options->{backend}->can('deleteIfLowerThan') ) { - next - if $options->{backend}->deleteIfLowerThan( + my ( $success, $rows ) = $options->{backend}->deleteIfLowerThan( $options, { not => { '_session_kind' => 'Persistent' }, @@ -158,7 +157,14 @@ for my $options (@backends) { ) } } - ); + ); + + if ($success) { + if ($rows) { + $nb_purged += $rows; + } + next; + } } # Get all expired sessions diff --git a/lemonldap-ng-portal/site/templates/bootstrap/captcha.tpl b/lemonldap-ng-portal/site/templates/bootstrap/captcha.tpl index 408aef804..cff170998 100644 --- a/lemonldap-ng-portal/site/templates/bootstrap/captcha.tpl +++ b/lemonldap-ng-portal/site/templates/bootstrap/captcha.tpl @@ -5,7 +5,7 @@
- common/icons/arrow_refresh.png" alt="Renew Captcha" title="Renew Captcha" class="img-thumbnail mb-3" /> + common/icons/arrow_refresh.png" alt="Renew Captcha" title="Renew Captcha" class="img-thumbnail mb-3" autocomplete="one-time-code" />
diff --git a/lemonldap-ng-portal/site/templates/bootstrap/certificateReset.tpl b/lemonldap-ng-portal/site/templates/bootstrap/certificateReset.tpl index f44ac7705..240330c6d 100644 --- a/lemonldap-ng-portal/site/templates/bootstrap/certificateReset.tpl +++ b/lemonldap-ng-portal/site/templates/bootstrap/certificateReset.tpl @@ -25,7 +25,7 @@
- " class="form-control" trplaceholder="mail" required /> + " class="form-control" trplaceholder="mail" required />
diff --git a/lemonldap-ng-portal/site/templates/bootstrap/checkdevops.tpl b/lemonldap-ng-portal/site/templates/bootstrap/checkdevops.tpl index e8a60724e..90f647791 100644 --- a/lemonldap-ng-portal/site/templates/bootstrap/checkdevops.tpl +++ b/lemonldap-ng-portal/site/templates/bootstrap/checkdevops.tpl @@ -33,7 +33,7 @@ " /> - " trplaceholder="URL / DNS" aria-required="true"/> + " trplaceholder="URL / DNS" aria-required="true" autocomplete="url" />
diff --git a/lemonldap-ng-portal/site/templates/bootstrap/checkuser.tpl b/lemonldap-ng-portal/site/templates/bootstrap/checkuser.tpl index 2b854ae7d..912fd9d4c 100644 --- a/lemonldap-ng-portal/site/templates/bootstrap/checkuser.tpl +++ b/lemonldap-ng-portal/site/templates/bootstrap/checkuser.tpl @@ -17,7 +17,7 @@
- " trplaceholder="URL / DNS" aria-required="true"/> + " trplaceholder="URL / DNS" aria-required="true" autocomplete="url" />