Tags give the ability to mark specific points in history as being important
  • v2.0.5   Tag release 2.0.5
    7aa3d03c · Fix date in DEB ·
    • Bugs:

      • #1521: The manager renames the id of applications created by lemonldap-ng-cli
      • #1655: Can't delete notifications from the manager
      • #1717: Warnings "Devel::StackTrace" when using unnative Perl functions
      • #1746: Impersonation does not work with double cookies authentication
      • #1749: Authentication with "Double Cookies for a single session" (securedCookie==3) does not work
      • #1753: Logout with CASv2 is not working (Bad URL)
      • #1754: Configuration caching issue when overriding globalStorage in lemonldap-ng.ini
      • #1755: CheckUser plugin fails if OTT globalStrorage is enabled
      • #1759: Server Error when OpenID Connect provider enabled without any RP
      • #1762: CDA sessions are not removed when handler uses SOAP
      • #1775: Authentication with double cookies fails when uniq session is enabled
      • #1777: Server Error with SAML SLO and expired SSO session
      • #1779: Go to portal message not translated in register confirmation mail
      • #1795: [Security: low] CAS 3.0 Logout does not validate redirect URL
      • #1800: Auth::Slave is unusable with Choice
      • #1802: No error returned if no code provided on OpenID Connect token endpoint
      • #1805: Auth::LDAP unusable in combination if UserDB::LDAP isn't called
      • #1809: UserDB::DBI with Auth::LDAP seems to not work properly
      • #1810: [Security: low] llng-fastcgi-server could fail to setgid
      • #1811: Lua-headers file is missing
      • #1813: searchOn* does not work when a portal uses REST session backend
      • #1814: Local cache not fully purged
      • #1818: [Security:low] XXE vulnerability in SOAP notification server
      • #1819: Portal Notification server unusable with old XML format
      • #1821: Pdata not cleared after session upgrade
      • #1822: Session upgrade does not work with 2FA
      • #1824: lmConfigEditor does not work anymore
      • #1826: Race condition on SSL login form button
    • New features:

      • #1796: Display a message if an expired 2f device is removed
    • Improvements:

      • #1706: html not interpreted for translated messages
      • #1723: Real authentication is masked when using proxy authentication module
      • #1732: Sessions explorer and Browseable::Postgres
      • #1734: RPM version uses JSON::PP instead of JSON::XS
      • #1747: Logging out from portal cause an error with doubleCookie after refreshing rights
      • #1750: Wrong version / author / IP / log in lemonldap-ng-cli
      • #1758: Warnings in Viewer.pm when saving configuration
      • #1763: Transmission of Authorization header should probably be on by default
      • #1764: Set choosen language in user session
      • #1765: Better CORS handling
      • #1766: Warning in logs with SAML
      • #1767: Append startTime overScheme to display sessions to avoid browser crash
      • #1769: CSRF token is not automatically regenerated after a failed login with Auth::Choice
      • #1770: Add save/restore commands in cli
      • #1771: SSO sessions _updateTime value is not updated after a refresh request
      • #1773: Append option to modify service Token handler TTL
      • #1774: CheckUser plugin does not work with SAML
      • #1782: Append an option to set 2FA TTL
      • #1791: Append an option in Manager to merge only specified SSO groups with Impersonation
      • #1797: Allow ServiceToken to send service headers
      • #1799: StorePassword in session not working when using session REST server
      • #1827: Using lemonldap-ng-cli info gives warning with default configuration
      • #1828: 2F plugins and method loadTemplate are not using skin rules
      • #1830: [Security:improvement] Improved use of cryptography
  • v1.9.20   Tag version 1.9.20
    d183cbcb · Update packaging files ·
    • Bugs:
      • #1756: Cross-domain auth not working
      • #1820: [Security:medium] XXE vulnerability in SOAP notification server
  • v2.0.4   Tag release 2.0.4
    • Bugs:

      • #1684: UI manager: boolean values do not appears in configuration forms with Yaml config format
      • #1709: ViewDiff template not displayed
      • #1710: Configuration keys not displayed in Viewer
      • #1716: [Security:minor] Update jQuery
      • #1720: Duplicate session opening when using multiple Kerberos instances in Combination
      • #1724: CAS 1.0 /validate endpoint does not return username
      • #1726: Deb package: missing dependency IO::String
      • #1733: Invalid default crontab in RPM
      • #1736: Configuration version in Manager is different from software version
      • #1738: Error not well catched with Ext2F
      • #1741: Deleted category is not detected as a change when saving conf.
      • #1742: [Security: high] Setting tokenUseGlobalStorage allows unauthenticated users to access the portal (and applications without rules)
      • #1743: [Security: low] register_token used for account creation can be used as a valid session identifier
      • #1746: Impersonation does not work with double cookies authentication
    • New features:

      • #1146: Allow Handler to read OAuth2 access token instead of browser cookie
      • #1722: [Security: improvement] PKCE to secure OIDC Authorization Code flow
    • Improvements:

      • #1703: Fix faulty headers on a null value
      • #1711: Return Session ID when authentication is done via REST
      • #1712: Display idpChoice cancel button only if AuthChoice is enabled
      • #1713: CAS : Allow per application CAS login override
      • #1714: Check logLevel value
      • #1725: Allow unauthenticated clients on OIDC token endpoint
      • #1728: Improve redirect page
      • #1729: Display error if SAML service is enabled without private and public keys signature
      • #1730: Sort real and spoofed attributes in CheckUser and Session explorer
      • #1735: Highlight valid SSO sessions in sessions explorer
      • #1739: Improve log in Grant Session plugin
  • v1.9.19   Create tag for 1.9.19 release
    b63ee346 · Update documentation ·
    • Bugs:

      • #1509: InactivityTimeout for applications don't work
      • #1520: lemonldap-ng-cli adds a new item when deleting an item that does not exist.
      • #1567: Captcha session id is too weak
      • #1580: Error when saving in manager (mongoDB as ConfigurationBackend)
      • #1662: id_token validity not correctly evaluated
      • #1744: [Security: low] register_token used for account creation can be used as a valid session identifier
    • Improvements:

      • #1516: All IDP conf not usable if only one IDP misconfigured
      • #1519: Cross domain authentication, ajax request and same origin policy
  • v2.0.3   Tag 2.0.3
    • Bugs:

      • #1543: Redirection lost with CAS RP -> Choice -> SAML Discovery Protocol -> SAML IDP
      • #1654: Password must change on AD still not fully working
      • #1656: No IP shown in history logon
      • #1667: [Security:medium] Option userControl is not applied anymore in standard login process
      • #1671: Error in SP-initiated saml logout with multiple SP
      • #1672: In SAML Issuer, environment variables to store current SP are not filled
      • #1673: Application list display and specific rules
      • #1675: [Security:minor] Using /logout instead of /?logout=1 does not work
      • #1676: Active Directory connection information not saved
      • #1679: Default jQuery URL in form replay has changed
      • #1680: In form replay, POST data keys are not URL encoded
      • #1682: LinkedIn OAuth2 authentication is not available in combination modules list
      • #1683: Changing configuration option cspScript has no effect
      • #1684: UI manager: boolean values do not appears in configuration forms with Yaml config format
      • #1686: SOAP Portal WSDL file is invalid
      • #1691: Password policy can't display messages
      • #1692: Parameter base64 is ignored in setHiddenFormValue
      • #1693: Information is not displayed in logout process
      • #1698: Invalid pdata causes SAML login to fail after logout
      • #1703: Fix faulty headers on a null value
      • #1708: lmerror page loops on url parameter
    • New features:

      • #1632: Optionally let Ext2F module handle code generation
      • #1658: CheckUser plugin
      • #1661: Configuration viewer module
      • #1664: Impersonation plugin
      • #1697: Command-line tool to delete session for specific user(s)
    • Improvements:

      • #1549: Option to override IDP entityID
      • #1595: Possibility to override message with a custom JSON file in template
      • #1651: Disable cache on portal page
      • #1653: Allow failback to default skin when a template is not found in custom theme
      • #1660: Restore possibility to hide message in portal template
      • #1666: Display errors on login form
      • #1668: As IDP SAML, do not try to send SLO response if no SLO endpoint defined in SP metadata
      • #1670: Display "authentication in progress" when using Ajax with Kerberos
      • #1681: Change behavior with SAML mandatory/optional attributes in SAML Issuer
      • #1687: Add granted log for user and connexion informations
      • #1694: Disable CSRF token with AuthBasic
      • #1696: Remove unnecessary antiframe protection in portal javascript
      • #1699: Authentication level for REST and GPG authentication
      • #1700: Update AuthBasic handler doc : REST server is required
      • #1704: Append parameter to sort IDP, OP and CAS servers in Auth menu loop
  • v2.0.2   Create tag for 2.0.2
    2f81f4b3 · Update documentation ·
    • Bugs:

      • #1574: "Manager is unprotected" message when whatToTrace value is not the default
      • #1603: Warnings with confirmation required don't work
      • #1604: Manager unit tests randomly failed
      • #1607: Safe errors when saving configuration with lmConfigEditor
      • #1610: Unable to save empty value for cookie expiration time in Manager
      • #1613: handler https redirection does not work
      • #1614: Accents not well displayed in Portal
      • #1618: Version in server signature is wrong
      • #1623: ADPwdExpireWarning and ADPwdMaxAge parameters are missing in Manager
      • #1627: Display issue with GrantSession plugin
      • #1628: GrantSession plugin discloses its message to unlogged users
      • #1630: SSO cookie is sent to protected applications with Nginx-based ReverseProxy
      • #1636: SSL and Kerberos Auth Modules don t work with choice
      • #1639: User must change password on AD is broken
      • #1642: Unable to select skin from URL
      • #1643: Portal CSS is sent with empty background when portalSkinBackground is not defined
      • #1644: error while reseting password with ppolicy enabled
      • #1648: ldapAuthnLevel and dbiAuthnLevel are ignored
      • #1649: Error about Handler when saving configuration in lmConfigEditor
    • New features:

      • #1569: GPG authentication module
      • #1629: Email-based two-factor module
      • #1631: Allow to display "env" as template variables
    • Improvements:

      • #1486: Portal starts even if init() has failed
      • #1600: Improve e2e tests
      • #1601: Create LDAP option to decode DN value
      • #1608: Date and comment not updated with lemonldap-ng-cli
      • #1609: add autocomplete="off" to 2F form fields
      • #1611: Improve apache configuration
      • #1622: Display delete button in 2FAManager only if action is allowed
      • #1625: "Use rule" option in issuer modules seem not to be used anymore
      • #1633: Better random generation
      • #1634: Improve management of template parameters
      • #1635: SAML attribut default value is not set
      • #1637: Add display options for SAML IDP like OIDC and CAS providers
  • ubuntu/disco   Create tag for 2.0.2
    2f81f4b3 · Update documentation ·
  • debian/buster   Version published in debian/buster
    2f81f4b3 · Update documentation ·
  • v2.0.1   Tag 2.0.1
    2dfe4bdd · Update doc ·
    • Bugs:

      • #1564: Function authLogout is missing in package "Lemonldap::NG::Portal::Auth::SSL"
      • #1572: Error when saving in manager (mongoDB as ConfigurationBackend)
      • #1576: Browser doesn t select Portal appropriate language
      • #1579: SOAP Backend error for empty collection
      • #1582: MongoDB Conf backend looses sub hash keys
      • #1586: Portal message override do not work on plugins and mails templates
      • #1587: Captcha is not displayed in Register form if mail already exists
      • #1588: Captcha is validated with additional letters
      • #1589: Error in MailReset when asking to resend confirmation mail
      • #1592: Cannot select a menu tab with ?tab= in URL
      • #1594: Cannot select oidcConsents tab in menu
    • Improvements:

      • #1565: OpenId - Default CSP value cause breakdown in OpenId authentification form
      • #1578: Fix fcgi/psgi extensions in documentation
      • #1583: Append parameter to configure number of allowed failed logins before brute force protection activation
      • #1584: Browser doesn t select Manager appropriate language
      • #1585: Fix main logo and langs icons display & double slash in lmerror 403 error URL
      • #1591: $req->user not available in plugins authenticated routes
      • #1593: Bad userinfo response: Unauthorized
      • #1596: Possibility to define new tabs in Menu
      • #1599: Usage of OpenID Connect with bad scope value result in unlimited session grow
  • v2.0.0   Recreate 2.0.0 tag
    ea90c3c7 · Try to fix CI pipeline ·

    This is a major version with a lot of changes. You need to apply all upgrade instructions listed here: https://lemonldap-ng.org/documentation/2.0/upgrade

    Changelog:

    • Bugs:

      • #757: "Attempt to free unreferenced scalar" in Lemonldap::NG::Common::Session
      • #789: Apache reloading breaks SAML authentication
      • #804: Uncomplete logout in Issuer modules
      • #856: LemonLDAP loses exportedVars conf randomly
      • #863: get_url function builds wrong Portal URL
      • #918: Env variables are searched in backends
      • #998: encode_base64 can be udefined after a reload by URL
      • #1061: Multiple segfault using ModPerl::Registry with Apache2.4
      • #1113: OIDC Provider to SAML SP does not work
      • #1150: Can't get captcha to work with LDAP as backend
      • #1171: Session explorer freezes when session number is high
      • #1327: Facebook module not working due to API changes in Facebook
      • #1420: Answering to CAS proxy requests as CAS Provider
      • #1468: Enabling both Auth::SAML and Issuer::SAML breaks SLO
    • New features:

      • #575: Display differences between 2 conf
      • #782: Node.js handler
      • #819: Support of FIDO Alliance (multi-factor authentication)
      • #826: Tab in portal to manage OpenID Connect consent
      • #852: Possibility to reload/refresh his session without logout and relogin
      • #970: REST API for Portal
      • #971: Server-to-Server Handler
      • #1015: Two-Factor Authentication with OTP for portal user logins
      • #1019: Evaluate custom template parameters
      • #1091: Handler for DevOps (SSOaaS)
      • #1131: Portal plugin to "Stay connected on this device"
      • #1138: Generate Content-Security-Policy headers and related
      • #1148: U2F - Universal 2nd Factor Authentication
      • #1151: Replace Multi by a Combination parser
      • #1161: Manage access rules for CAS, SAML and OpenID Connect clients
      • #1162: Capability to use Log4Perl (and other log backends)
      • #1174: Auth and UserDB REST (delegation by web-service)
      • #1188: Custom auth/userDB/password/register modules
      • #1196: Auth::PAM module
      • #1204: Propose reauthentication if higher access level is requested
      • #1206: TLS support for mails
      • #1208: YAML configuration backend
      • #1212: Propose SSL authentication by Ajax
      • #1318: Auto-Signin based on $env rules
      • #1330: Menu rules for applications using SAML/CAS/OIDC
      • #1359: TOTP plugin
      • #1379: Feature: External Second Factor over REST API
      • #1391: Mixed TOTP/U2F second factor plugin
      • #1397: Plack servers support
      • #1399: Yubikey as second factor
      • #1419: Dispatch logger
      • #1427: Alternative FastCGI-Client handler for Apache2
      • #1438: Build trunk debian repository (nightly build)
      • #1458: Local conf backend
      • #1478: SAML Discovery Protocol (WAYF)
      • #1500: Possibility to override parameters in Choice modules
      • #1503: RENATER metadata download script
      • #1512: Option to choose which SAML attribute will be used as "user" key
      • #1535: Append Portal parameter to modify Handler Internal Cache
      • #1539: Option to enable / disable languages choice display
    • Improvements:

      • #354: Session Explorer: possibility to order sessions by date
      • #587: Selecting language while connecting to LemonLDAP
      • #595: Portal powered by FastCGI (using Plack)
      • #651: Common::CGI::abort should return 500 as HTTP status code
      • #673: Split conf/session/flags management from the Portal $self object
      • #713: Request management to handle sessions
      • #803: AuthSSL : Ability to choose SSLvar or UserDB depending of the CA
      • #868: Replace XML format by JSON for notifications
      • #1033: Translate mail subject - forgotten password
      • #1044: Adapt FastCGI server to be able to use an event Plack engine
      • #1065: Provide SSL options for AuthBasic
      • #1118: Manage unicode in session and configuration backends
      • #1133: Translation system for mails
      • #1137: Avoid using inline Javascript and CSS
      • #1140: Add CSRF protection to login and password change forms
      • #1160: Reorganize handler architecture
      • #1173: Performance: minimize Apache::Session access
      • #1181: Make Debian packages autopkgtestable
      • #1183: Rewrite CAS authentication module
      • #1201: IPv6 support
      • #1220: Vietnamese translation
      • #1222: Arabic translation
      • #1232: Italian translation
      • #1247: Support RSA SHA256 signature in SAML
      • #1267: Allow custom regexp for vhost display
      • #1302: Move all HTML fragments into templates
      • #1317: Wildcard in virtualhost names
      • #1322: Get user attributes in Auth module for external authentication
      • #1388: Auto-generation of parameters list in doc
      • #1400: CLUSTER - Status page who check the working state of LLNG
      • #1418: Sentry Logger (experimental)
      • #1427: Alternative FastCGI-Client handler for Apache2
      • #1428: Provide better logs with Nginx
      • #1429: Use cached configuration when configuration database isn't available
      • #1442: Last logins not shown when second factors are enabled
      • #1443: Hide countdown block when stopped
      • #1445: Let's stop french manager doc translation
      • #1448: Full status for Nginx
      • #1461: Remember Choice and other context settings before redirecting user to an external service
      • #1473: Complex nodes not well displayed in manager
      • #1488: Be tolerant with whitespaces in ini file
      • #1490: Be able to use DBD::MariaDB
      • #1499: CSP prevents to submit OIDC consents form
      • #1501: Improve Login history module
      • #1504: Upgrade to bootstrap 4
      • #1515: Possibility to configure main logo on portal page
      • #1522: Notifications with checkbox does not work
      • #1526: Portal menu application and categorie logos not displayed
      • #1542: Provide sessions attributes in template
      • #1546: Configuration comparator does not work
      • #1550: Error when enables "SSL, Custom " Auth modules with Choice
  • v1.9.18
    073266f3 · Update documentation ·

    This is a minor release for LemonLDAP::NG 1.9 with some bugfixes and enhancements:

    • #1479: App Category order - Cannot save
    • #1476: Unescaped left brace generates a warning with Perl-5.28
    • #1474: OAuth2 token_type is case insensitive
    • #1514: Aliases not respecting redirect settings
    • #1494: Manage applications with the lemonldap-ng-cli
    • #1470: Warning when using CLI to set value which does not exists before
    • #1469: SMTP timeout breaks Manager configuration save

    The full changelog can be seen here: %1.9.18

    Download: https://lemonldap-ng.org/download

    They made this release:

    • Community: Raphaël Hoareau, Chris A, Frédéric Massot
    • Organizations: Gendarmerie Nationale, Worteks
    • Core team: David Coutadeur, Xavier Guimard, Christophe Maudoux and Clément Oudot

    If you use LemonLDAP::NG and enjoy it, please let us know:

  • v1.9.17
    b5a1f934 · Update version to 1.9.17 ·

    Changes:

    • #1416: Attribute encoding in CAS responses
    • #1426: Error with mod_auth_openidc when kid is set in JWKS
    • #1423: "samlServicePrivateKeySig: Bad PEM encoding" on manager when saving config with some valid certificates
    • #1415: Improve test pages
    • #1413: Possibility to add conditions to display Choice tabs
    • #1407: Remote MYSQL - mysql_enable_utf8 not applied?
    • #1403: Parameter to ignore some tests during saving

    Contributors:

    • Community: Paul Curie, Anthony Roussel, Antoine Roiser
    • Core team: David Coutadeur, Xavier Guimard, Christophe Maudoux, Clément Oudot
  • ubuntu/cosmic   Version published in ubuntu/cosmic
    b5a1f934 · Update version to 1.9.17 ·
  • v1.9.16   Tag release 1.9.16
    • #1390: Choice module allows XSS attack
    • #1389: Kerberos ticket revalidated in Multi mode
    • #1382: Kerberos - Username / Session uncorrectly set
    • #1378: lemonldap-ng-doc unable to install on Debian 7
    • #1372: Action "update-cache" in lemonldap-ng-cli does not work
    • #1371: incompatibility between 1.4 portal and 1.9/2.0 handler : _utime not defined
    • #1368: Impossible to configure IssuerDB Get Parameters with RDBI backend
    • #1366: Problem with kerberos and ajax and ldap ...
    • #1363: Bad equality operator in Handler::Main::Jail
    • #1362: Allow CAS 3.0 endpoints (/p3/serviceValidate and /p3/proxyValidate)
    • #1360: Using "force" and "cfgNum" with lemonldap-ng-cli does not work
    • #1063: lemonldap-ng-fastcgi-server has a hard dependency on nginx
    • #1253: Default values not saved by Manager (complex nodes)
  • ubuntu/bionic   Version published in ubuntu/bionic
  • v1.9.15   Tag release 1.9.15
    c6a8aac7 · Update documentation ·

    Changelog:

    • #1358: Encoding issues with LDAP configuration backend
    • #1357: Wrong return status for processLogoutRequestMsg in SAML module
    • #1356: Prevent infinite loop in LDAP group recursive search
    • #1355: local session storage not being cleaned up
    • #1352: Encoding issues with MySQL configuration backend
    • #1351: missing dependency LWP::Protocol::https on CentOS 7 packaging
    • #1349: Initial url lost during reset password workflow
    • #1347: Do not allow "/" or ".." in skin parameter to avoid directory traversal attack
    • #1346: Check that skin directory exists before trying to open it
    • #1345: Autoredirect does not work after session expiration
    • #1343: Captcha code not removed after successful verification
    • #1341: llng-fastcgi-server: Allow to listen on TCP
    • #1337: mailFrom and mailReplyTo directives : bad default address
    • #1281: purgeLocalCache should use conf from manager
  • v1.9.14   Tag release 1.9.14
    44007903 · Update RELEASE file ·

    Changelog:

    • #707: Kerberos authentication module
    • #1308: make saml work with POST sso binding and multiple authentication
    • #1310: Form replay javascript generates error for fields with a dot
    • #1315: Missing Mouse dependency in Debian packages
    • #1316: In docs, for Alfresco, said they need to add an exclusion for ressources path
    • #1324: Allow SAML with Office365 multidomains
    • #1326: SessionIndex should not be mandatory in SAML SingleLogoutRequest
    • #1328: Value 0 can not be set in hidden field
    • #1329: No need to 'warn' if no IDP or SP is present in configuration
    • #1331: Manage UTF-8 values in HTTP headers
  • v1.9.13
    bd7becb9 · Tag release 1.9.13 ·
  • v1.9.12
    721d64a3 · Tag release 1.9.12 ·
  • v1.9.11
    f8e273c6 · Tag release 1.9.11 ·