126 lines
5.1 KiB
Plaintext
126 lines
5.1 KiB
Plaintext
lemonldap-ng (2.0.9-1) unstable; urgency=medium
|
|
|
|
This release fixes 2 CVE:
|
|
- CVE-2020-24660: Nginx configuration for Handler protected applications
|
|
must be updated if your virtual host configuration contains per-URL access
|
|
rules based on regular expressions in addition to the built-in default access rule.
|
|
- CVE-2020-16093: LDAP server certificates were previously not verified by default
|
|
when using secure transports (LDAPS or TLS). Starting from this release, certificate
|
|
validation is now enabled by default, including on existing installations. If
|
|
your SSL configuration is not valid, you can temporarily disable certificate
|
|
verification.
|
|
See upgrade notes in local documentation or on https://lemonldap-ng.org
|
|
|
|
-- Clement OUDOT <clement@oodo.net> Sun, 06 Sep 2020 22:00:00 +0100
|
|
|
|
lemonldap-ng (2.0.6-1) unstable; urgency=medium
|
|
|
|
FastCGI / uWsgi servers require llng-lmlog.conf and llng-lua-headers.conf.
|
|
Those configuration files are now provided by lemonldap-ng-handler package
|
|
and installed in /etc/nginx/snippets directory.
|
|
|
|
-- maudoux <maudoux@localhost> Wed, 11 Sep 2019 22:47:57 +0200
|
|
|
|
lemonldap-ng (2.0.5-1) unstable; urgency=medium
|
|
|
|
This version adds some improvements in cryptographic functions. To take
|
|
advantage of them, you must change the encryption key of LemonLDAP::NG.
|
|
|
|
-- Xavier Guimard <yadd@debian.org> Thu, 27 Jun 2019 23:19:09 +0200
|
|
|
|
lemonldap-ng (2.0.0-1) unstable; urgency=medium
|
|
|
|
2.0 is a major release, many things have been changed. You must read
|
|
https://lemonldap-ng.org/documentation/2.0/upgrade before upgrade.
|
|
|
|
-- Xavier Guimard <x.guimard@free.fr> Mon, 11 Dec 2017 22:48:25 +0100
|
|
|
|
lemonldap-ng (1.9.2-1) unstable; urgency=medium
|
|
|
|
liblemonldap-ng-handler-perl package has been split into:
|
|
- lemonldap-ng-handler that provides web server configuration
|
|
- liblemonldap-ng-handler-perl that provides Perl libraries only
|
|
|
|
-- Xavier Guimard <x.guimard@free.fr> Sat, 17 May 2016 22:25:43 +0200
|
|
|
|
lemonldap-ng (1.9.0-1) unstable; urgency=low
|
|
|
|
1) Configuration and sessions storage
|
|
|
|
From now, Lemonldap::NG uses JSON serialization to store configuration and
|
|
sessions instead of Storable::nfreeze Perl function. This permits one to have
|
|
heterogenous servers connected to the same LLNG organization (32/64 bits or
|
|
different Perl versions). Old format still works but:
|
|
* configuration backends: new format is applied at first configuration
|
|
save,
|
|
* sessions storages: new format is applied for each new session or when
|
|
updating an existing session. You can force LemonLDAP::NG to keep the old
|
|
serialization method by setting useStorable to 1 in sessions backend
|
|
options if you have some custom hooks.
|
|
Note that this behaviour only affects modules Apache::Session::File, SQL
|
|
database and Apache::Session::LDAP
|
|
|
|
If you have more than one server and don't want to stop the SSO service, start
|
|
upgrading in the following order:
|
|
* servers that have only handlers;
|
|
* portal servers (all together if your load balancer doesn't keep state by
|
|
user or client IP and if users use the menu);
|
|
* manager server
|
|
|
|
2) Manage Ajax requests when sessions expires
|
|
|
|
To request for authentication, handlers sent a 302 HTTP code even if request
|
|
was an Ajax one. From now, after redirection, portal will send a 401 code
|
|
with a WWW-Authenticate header containing "SSO portal-URL". This is a little
|
|
HTTP protocol hook created because browsers follow redirection transparently.
|
|
If you want to keep old behaviour, set noAjaxHook to 1 (in General Parameters
|
|
-> Advanced -> Handler redirections -> Keep redirections for Ajax).
|
|
|
|
3) New "Multi" authentication scheme
|
|
|
|
The Multi backend configuration has changed. Now the stacks are defined in
|
|
separate attributes:
|
|
* multiAuthStack
|
|
* multiUserDBStack
|
|
|
|
So an old configuration like this:
|
|
|
|
authentication = Multi LDAP;DBI
|
|
userDB = Multi LDAP;DBI
|
|
|
|
Must be replaced by:
|
|
|
|
authentication = Multi
|
|
userDB = Multi
|
|
multiAuthStack = LDAP;DBI
|
|
multiUserDBStack = LDAP;DBI
|
|
|
|
4) Form replay
|
|
|
|
Management of form replay has been rewritten. If you uses this experimental
|
|
feature, you must edit your configuration and rewrite it.
|
|
|
|
-- Xavier Guimard <x.guimard@free.fr> Thu, 21 Jan 2016 17:13:07 +0100
|
|
|
|
lemonldap-ng (1.4.6-1) unstable; urgency=medium
|
|
|
|
Handler files "My::Package" are no longer installed by default as a module
|
|
"Lemonldap::NG::Handler" generic is now available. It is therefore
|
|
necessary either to modify Apache configuration files to use
|
|
"Lemonldap::NG::Handler" or create your own Perl modules using the provided
|
|
examples files.
|
|
|
|
-- Xavier Guimard <x.guimard@free.fr> Mon, 29 Dec 2014 17:10:00 +0100
|
|
|
|
lemonldap-ng (1.2.2-1) unstable; urgency=low
|
|
|
|
Examples files (Apache configuration and default handler files) are now not
|
|
installed in /var/lib/lemonldap-ng/handler but available as examples files
|
|
|
|
Since 1.2.2, LemonLDAP::NG uses 'Demo' authentication backend by default
|
|
and the manager is protected by default by LemonLDAP::NG. So for an
|
|
unconfigured installation, you have to use dwho account to access to the
|
|
manager (password dwho)
|
|
|
|
-- Xavier Guimard <x.guimard@free.fr> Thu, 29 Nov 2012 06:22:45 +0100
|