Update changelog

2019-09-24 11:20:56 +02:00 · 2019-09-24 11:20:56 +02:00 · bb5728f7a8
parent 39c968b215
commit bb5728f7a8
1 changed files with 88 additions and 0 deletions
--- a/88
+++ b/88
@ -1,3 +1,91 @@
+lemonldap-ng (2.0.6) stable; urgency=medium
+
+  * Bugs:
+    * #1834: Use base64 URL for JWT generation
+    * #1838: Return claims from scope values in ID token if no access token requested
+    * #1852: SAML request lost after notification
+    * #1853: Adding a second notification with same reference is not refused
+    * #1856: Unable to validate more than one notification (JSON format)
+    * #1857: Message "session is expired" if a notification is  refused
+    * #1861: Persistent data and notification validation
+    * #1863: Duplicate Set-Cookie header when sending lemonldappdata and lemonldap cookies
+    * #1864: incorrect loading of SAML metadata when entityID containts html-encoded characters
+    * #1865: Dependencies missing in RPM
+    * #1866: Skin parameter is lost in second factor choice
+    * #1867: Bad error template with Combination and OTT timeout
+    * #1868: Yubikey enrolment failed on Internet Explorer
+    * #1869: [Security:low] psessions case sensitivity might impact security of 2FA when using case-insensitive auth backends
+    * #1874: OTT not regenerated after submitting TOTP form with an expired OTT
+    * #1875: Variables from Users module DBI is not used when Authentication module is LDAP (chain: [LDAP,DBI]
+    * #1876: $_ no longer works in macros, rules and headers since 2.0
+    * #1878: Pdata cookie not cleared after cross domain Auth request
+    * #1880: [Security:low] Restricted users can edit conf by using default route
+    * #1881: [Security:high] oidc authorization codes are not tied to their RP
+    * #1883: Infinite loop when displaying sessions by IP address
+    * #1889: No changes detected by Manager when removing CAS/OIDC attributes from a CAS application / OIDC RP or provider
+    * #1890: LinkedIn v1 API is not available anymore
+    * #1891: GET parameter "cancel" with Choice and CAS authentication
+    * #1897: Emails are sometimes sent in the wrong language
+    * #1898: Handler SecureToken is not working anymore
+    * #1901: Handler error if a header definition is empty
+    * #1903: Mail password reset and Combination with LDAP does not work
+    * #1906: Missing MAIN_LOGO variable in redirect.tpl
+    * #1910: Issue with "force password change on next login" feature with LDAP
+    * #1915: Skin selected by rule is lost in 2FA process
+    * #1922: Accentuated UTF-8 value of header is UTF-8 encoded again by handler
+    * #1925: AuthBasic handler does not work with AuthChoice
+    * #1933: [Security:low] nginx portal example file does not filter REST urls
+    * #1935: [Security:medium] AuthSlave does not check credential headers
+
+  * New features:
+    * #993: Define a local password policy
+    * #1783: ContextSwitching plugin
+    * #1843: OAuth2 introspection endpoint
+    * #1847: Radius 2F module
+    * #1860: Multiple instances of 2F modules
+
+  * Improvements:
+    * #1619: Support IBM Tivoli Directory Server (ITDS)
+    * #1702: Improve log generated by lemonldap
+    * #1825: Possibility to disable persistent sessions
+    * #1829: Redirection lost between SSL/Ajax and SAML
+    * #1831: Warning in lemonldap-ng-cli
+    * #1832: Add save/restore in CLI help message and control restore parameters
+    * #1833: Show cli errors on file access
+    * #1835: [Security:improvement] Do not accept a "none" signature in JWT if we enforce signature verification
+    * #1842: Merge userLogger notice with logger debug
+    * #1844: CheckUser plugin does not compute real session attributes if Impersonation is enabled
+    * #1846: Adapt response_types_supported / grant_types_supported attributes in OpenID Connect metadata depending on configured flows
+    * #1849: CDA is not compatible with Handler::PSGI::Try
+    * #1850: No "Session granted" log if grantSession plugin not enabled
+    * #1851: Append notification REST services
+    * #1862: When displaying notifications, sort them by date and references
+    * #1870: REST Api endpoint "error"
+    * #1873: Labels for 2FA choices
+    * #1879: [security:low] Access token expiration time is not enforced on userinfo or OAuth handler
+    * #1882: Confusing default OIDC issuer setting
+    * #1884: Force Upgrade tokens to be stored into global storage if auth and authssl are served by different load balancers
+    * #1885: Append an option to log an extra parameter
+    * #1888: Javascript error on textContent method with .Net framework and WPF
+    * #1896: Add _session_kind to default SOAP/REST exported attributes
+    * #1899: Fix portal and manager display for Internet Explorer
+    * #1904: Append an option "don t compact conf" + debug log + compact CAS parameters if not enabled
+    * #1908: Complete blackout probably due to uncontroled SQL connexion timeout
+    * #1913: Append an option to allow / forbid browsers to store users password
+    * #1916: Issuer OTT timeout
+    * #1919: Customizable error message when a required SAML attribute is missing
+    * #1923: REST ression server is too intolerant of clock drift
+    * #1927: Implement  CORS preflight request
+    * #1928: Option to hide password generation checkbox in mail password reset plugin
+    * #1929: Custom functions are not imported into Safe Jail
+    * #1930: Display password change form after a password policy error in mail reset password plugin
+    * #1931: Disable password input field until font is fully downloaded by browser
+    * #1932: REST session server should return both session and _httpSession id
+    * #1936: Append an option to display Slave logo
+    * #1938: CheckUser plugin : include search parameters
+
+ -- Clément <clem.oudot@gmail.com>  Tue, 24 Sep 2019 11:13:39 +0200
+
 lemonldap-ng (2.0.5) stable; urgency=medium

  * Bugs: