diff --git a/changelog b/changelog index de3397191..f5c3dac8c 100644 --- a/changelog +++ b/changelog @@ -1,3 +1,91 @@ +lemonldap-ng (2.0.6) stable; urgency=medium + + * Bugs: + * #1834: Use base64 URL for JWT generation + * #1838: Return claims from scope values in ID token if no access token requested + * #1852: SAML request lost after notification + * #1853: Adding a second notification with same reference is not refused + * #1856: Unable to validate more than one notification (JSON format) + * #1857: Message "session is expired" if a notification is refused + * #1861: Persistent data and notification validation + * #1863: Duplicate Set-Cookie header when sending lemonldappdata and lemonldap cookies + * #1864: incorrect loading of SAML metadata when entityID containts html-encoded characters + * #1865: Dependencies missing in RPM + * #1866: Skin parameter is lost in second factor choice + * #1867: Bad error template with Combination and OTT timeout + * #1868: Yubikey enrolment failed on Internet Explorer + * #1869: [Security:low] psessions case sensitivity might impact security of 2FA when using case-insensitive auth backends + * #1874: OTT not regenerated after submitting TOTP form with an expired OTT + * #1875: Variables from Users module DBI is not used when Authentication module is LDAP (chain: [LDAP,DBI] + * #1876: $_ no longer works in macros, rules and headers since 2.0 + * #1878: Pdata cookie not cleared after cross domain Auth request + * #1880: [Security:low] Restricted users can edit conf by using default route + * #1881: [Security:high] oidc authorization codes are not tied to their RP + * #1883: Infinite loop when displaying sessions by IP address + * #1889: No changes detected by Manager when removing CAS/OIDC attributes from a CAS application / OIDC RP or provider + * #1890: LinkedIn v1 API is not available anymore + * #1891: GET parameter "cancel" with Choice and CAS authentication + * #1897: Emails are sometimes sent in the wrong language + * #1898: Handler SecureToken is not working anymore + * #1901: Handler error if a header definition is empty + * #1903: Mail password reset and Combination with LDAP does not work + * #1906: Missing MAIN_LOGO variable in redirect.tpl + * #1910: Issue with "force password change on next login" feature with LDAP + * #1915: Skin selected by rule is lost in 2FA process + * #1922: Accentuated UTF-8 value of header is UTF-8 encoded again by handler + * #1925: AuthBasic handler does not work with AuthChoice + * #1933: [Security:low] nginx portal example file does not filter REST urls + * #1935: [Security:medium] AuthSlave does not check credential headers + + * New features: + * #993: Define a local password policy + * #1783: ContextSwitching plugin + * #1843: OAuth2 introspection endpoint + * #1847: Radius 2F module + * #1860: Multiple instances of 2F modules + + * Improvements: + * #1619: Support IBM Tivoli Directory Server (ITDS) + * #1702: Improve log generated by lemonldap + * #1825: Possibility to disable persistent sessions + * #1829: Redirection lost between SSL/Ajax and SAML + * #1831: Warning in lemonldap-ng-cli + * #1832: Add save/restore in CLI help message and control restore parameters + * #1833: Show cli errors on file access + * #1835: [Security:improvement] Do not accept a "none" signature in JWT if we enforce signature verification + * #1842: Merge userLogger notice with logger debug + * #1844: CheckUser plugin does not compute real session attributes if Impersonation is enabled + * #1846: Adapt response_types_supported / grant_types_supported attributes in OpenID Connect metadata depending on configured flows + * #1849: CDA is not compatible with Handler::PSGI::Try + * #1850: No "Session granted" log if grantSession plugin not enabled + * #1851: Append notification REST services + * #1862: When displaying notifications, sort them by date and references + * #1870: REST Api endpoint "error" + * #1873: Labels for 2FA choices + * #1879: [security:low] Access token expiration time is not enforced on userinfo or OAuth handler + * #1882: Confusing default OIDC issuer setting + * #1884: Force Upgrade tokens to be stored into global storage if auth and authssl are served by different load balancers + * #1885: Append an option to log an extra parameter + * #1888: Javascript error on textContent method with .Net framework and WPF + * #1896: Add _session_kind to default SOAP/REST exported attributes + * #1899: Fix portal and manager display for Internet Explorer + * #1904: Append an option "don t compact conf" + debug log + compact CAS parameters if not enabled + * #1908: Complete blackout probably due to uncontroled SQL connexion timeout + * #1913: Append an option to allow / forbid browsers to store users password + * #1916: Issuer OTT timeout + * #1919: Customizable error message when a required SAML attribute is missing + * #1923: REST ression server is too intolerant of clock drift + * #1927: Implement CORS preflight request + * #1928: Option to hide password generation checkbox in mail password reset plugin + * #1929: Custom functions are not imported into Safe Jail + * #1930: Display password change form after a password policy error in mail reset password plugin + * #1931: Disable password input field until font is fully downloaded by browser + * #1932: REST session server should return both session and _httpSession id + * #1936: Append an option to display Slave logo + * #1938: CheckUser plugin : include search parameters + + -- Clément Tue, 24 Sep 2019 11:13:39 +0200 + lemonldap-ng (2.0.5) stable; urgency=medium * Bugs: