changelog 129 KB
Newer Older
Clément OUDOT's avatar
Clément OUDOT committed
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
lemonldap-ng (2.0.8) stable; urgency=medium

  * Bugs:
    * #1314: Workaround for memory Leak in perl-fcgi with Perl < 5.18
    * #1659: RESTProxy doesn't fully work as a UserDB module
    * #1776: Manager breaks when moving a newly created category or application
    * #1939: expired issuer context is not reset when starting new authentication
    * #1990: [warn] Route xxx redefined when using the fastCGI server
    * #1992: Memory leak issue on CentOS 7 / perl 5.16
    * #2048: t/32-OIDC-Refresh-Token.t fails randomly
    * #2049: Unable to display notifications marked as done (DBI)
    * #2050: Wrong message displayed by CheckUser plugin
    * #2051: SAML Service Provider Macros are incorrectly displayed/saved by the manager
    * #2057: Log in request without captcha returns an internal server error
    * #2058: Use of configuration cache can mix global and local configuration parameters
    * #2059: Error in Manager / CLI / Editor when an attribute is not defined
    * #2061: pdata not cleaned with Kerberos authentication
    * #2063: Javascript error: window.datas is undefined
    * #2072: Configuration comparator error on application menu "order"
    * #2074: Portal menu : display condition with sp: does not work for SAML SP
    * #2080: SAML POST to SP becomes GET when an info is displayed
    * #2081: Parameter added to external redirect URL when info.tpl is used
    * #2082: SSLVarIf cannot be set in manager
    * #2085: OIDC provider doesn't work when info is displayed during the login process
    * #2086: LDAP notifications backend does not work
    * #2089: Old format notifications with file backend don t work
    * #2090: Session creation mixup when supplying an existing _session_id
    * #2097: Error after activating userLogger (Apache)
    * #2099: Error 500 when SAML Session is expired
    * #2101: Wildcard in virtualhost names : URL contains a non protected host
    * #2104: Sessions are not well computed by CheckUser plugin
    * #2105: Using RS* ID Token signature algorithm without a RSA key causes ID Token to be returned as "null"
    * #2111: Bad translation tag for password policy remaining grace message
    * #2113: Password policy warning before password expiration is badly displayed
    * #2116: Missing goToPortal translation for mails
    * #2118: Multivalued attributes received from CAS server stored as string "ARRAY" in session
    * #2120: OIDC: hybrid flow does not issue ID token
    * #2123: Rest2F does not transmit session attributes to Verify URL
    * #2127: Cache reload throw an error if status enabled
    * #2128: Manager with CDA issue
    * #2133: Issues with removed second factors notification system
    * #2138: logout forward doesn't work anymore
    * #2141: Auth Combination SSL/LDAP + VHOSTTYPE AuthBasic broken
    * #2142: OIDC consent validation fails after second factor form or redirection from external IDP
    * #2143: Enable redirection on forbidden access with self protected Portal URLs leads to an endless loop
    * #2144: OTT is not sent if SSL authentication fails with Choice
    * #2148: Bad request with Notification SPA
    * #2151: Session upgrade does not work with multiple second factors
    * #2152: Nginx configuration files do not work with IPv6
    * #2159: Single session module configuration
    * #2165: Server error with rule on Combination
    * #2167: OAuth2 handler should return 401 when access token is missing or invalid
    * #2168: LLNG is too strict on OIDC scope syntax
    * #2169: duplicates in _oidcConsents when scope is updated
    * #2171: Introspection endpoint does not recognize refreshed Access Tokens
    * #2179: refresh my rights downgrades authentication level set by 2FA
    * #2180: SingleSession plugin does not work if history is displayed

  * New features:
    * #2033: Manager API to reset 2FA
    * #2034: Manager API to manage SAML and OIDC clients
    * #2069: Manage Cookie SameSite value
    * #2136: Possibility to override language with a parameter in URL
    * #2154: Github authentication backend

  * Improvements:
    * #1598: Proxy Backend support for Password Module (passwordDB)
    * #1877: Option to run setMacros after setGroups
    * #1902: Configuration is saved even with errors with lemonldap-ng-cli
    * #1957: Provide packages for CentOS 8
    * #2046: compactConf is confusing
    * #2064: Do not show action buttons on portal when displaying waiting message (Kerberos or SSL Ajax call)
    * #2065: Improve diff.html templates to display Author, Date and Summary of both configurations
    * #2068: Append an option to set CSP frame ancestors header
    * #2070: LemonLDAP session cookie - SameSite attribute
    * #2071: Allow users to see and display theirs accepted notifications
    * #2073: Improve notifications SPA
    * #2076: Possibility to configure a custom CSS file
    * #2084: Make "error" the default log level for lasso
    * #2088: BruteForce module: increase delay between each login attempt
    * #2091: Better look for buttons in 2FA choice screen
    * #2093: CheckUser - Remove persistent session attributes if required
    * #2096: Improve introspection endpoint
    * #2102: Bad  Autologin rule lead to error 500 and crash the portal
    * #2103: Add a rollback option to lemonldap-ng-cli
    * #2106: CheckUser: Append an option to hide empty headers
    * #2108: "Underlying object can't load conf" is a bad error message
    * #2109: Securing the new API endpoints for 2.0.8 release
    * #2114: Improve adaptive display and show instance name
    * #2115: Possibility to select choice tab, as for menu tab
    * #2117: Remove warning messages "uninitialized value $encryption_mode"
    * #2119: Rely on "isRequired" XML field in importMetadata script to mark SAML attributes as mandatory
    * #2121: Prevent Portal to crash if Custom Functions module is not found
    * #2125: Internal Server Error when REST backend does not return a JSON Object
    * #2126: Prevent Portal to crash if a bad rule is used for enabling a plugin
    * #2129: AuthenticationLevel based macros and groups should be updated with second factor
    * #2130: Append password policy options to define and require special characters
    * #2131: Make json does nothing if only a Portal constant is appended
    * #2132: Application icons are displayed with real sizes by the Manager and It is not particularly convenient
    * #2135: Remove 'underscore' in notification reference
    * #2140: Append an option to define applications tooltip
    * #2145: Display  a custom param with GlobalLogout plugin
    * #2149: Add an easy way to set level of additional second factors
    * #2155: Implement Resource Owner Password Credentials Grant
    * #2156: "Require 2FA" should be renamed
    * #2161: DBI should test that "table" is set
    * #2164: Make SingleSession options configurable by a rule
    * #2166: Configuration parser does not check validity of SAML/OIDC/CAS/vhost options
    * #2173: Make CheckUser options configurable by a rule
    * #2175: Reorganize OIDC RP options in manager
    * #2177: OIDC: Allow additional audiences for ID Token
    * #2178: Make require old password option configurable by a rule
    * #2182: Append a Show/Hide password button into  change password form
    * #2184: SAML logout request returns 400 error code if session is not found
    * #2185: Append a rule to display sfaManager link

 -- Clément <clem.oudot@gmail.com>  Mon, 04 May 2020 22:43:29 +0200

Clément OUDOT's avatar
Clément OUDOT committed
119
120
121
122
123
124
125
126
127
128
lemonldap-ng (2.0.7) stable; urgency=medium

  * Bugs:
    * #1893: Issuer urldc is lost after error in 2F flow
    * #1909: Reset password by email issue
    * #1943: [Security: medium, CVE-2019-19791] Apache access rules and SOAP/REST endpoints
    * #1945: passwordpolicy.tpl contains wrong tag
    * #1948: Tranlation menu does not work with Diff.html
    * #1949: Don't Store Password shows password in cleartext
    * #1952: "Attributes and macros" session keys should not be translated
Clément OUDOT's avatar
Clément OUDOT committed
129
    * #1953: Outgoing emails are missing a Date: field
Clément OUDOT's avatar
Clément OUDOT committed
130
131
132
133
134
135
136
137
138
139
    * #1954: zimbra preauth not working
    * #1955: Redirection lost after notification validation
    * #1960: REST config service not working
    * #1961: IDP selection rule regression in 2.0.0
    * #1963: Server Error with OpenID Connect register endpoint
    * #1964: Diff.html does not work with minified JS
    * #1966: Configuration reload does not apply changes to location rules
    * #1968: skippedUnitTests/skippedGlobalTests have no effect
    * #1969: Force password reset with LDAP password policy does not work if macro _whatToTrace is not defined
    * #1974: ServiceToken handler TTL value always set to default
Clément OUDOT's avatar
Clément OUDOT committed
140
    * #1984: Reset expired password doesn't trigger when using Combination
Clément OUDOT's avatar
Clément OUDOT committed
141
142
143
144
145
146
147
148
149
150
    * #2005: Error in portal "refresh my rights" feature when whatToTrace value is not equal to login
    * #2009: Display authentication error on login form with Combination Kerberos + LDAP
    * #2010: Kerberos not working with session upgrade
    * #2012: Several issues with notification system
    * #2013: Handler, yum install
    * #2018: After temporary ldap failure, ldap connections stop working forever
    * #2038: Missing type attribute in 2FA HTML inputs
    * #2045: Authenticating with external OpenID Connect Provider fails because of special chars in user name

  * New features:
Clément OUDOT's avatar
Clément OUDOT committed
151
    * #813: Provide refresh tokens in OpenID Connect
Clément OUDOT's avatar
Clément OUDOT committed
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
    * #1605: certificate reset by mail
    * #1956: DecryptValue plugin
    * #1999: Possibility to view/close other sessions opened for the same user
    * #2006: Create a web service for "refresh my rights"

  * Improvements:
    * #1590: Possibility to configure new plugins in Manager
    * #1905: Append overScheme for persistent sessions
    * #1941: After logged out from SP we are always redirected to IdP - Unable to go back to SP Portal
    * #1947: Highlight active module with Diff.html
    * #1967: allow differents type of managerDN
    * #1983: The script purgeCentralCache should be more fault tolerant
    * #1988: Append a requiredAuthenticationLevel option for each uri
    * #1989: Main logo and lang icons are missing with upgradesession template
    * #1991: Some user logs not using whatToTrace for username
    * #1993: Same issue like (#1884) occures with Issuer redirection
    * #1994: Append varInUri extended function
    * #1995: Add an option to force claims in ID token
    * #1996: REQUEST_URI env variable is not set by CheckUser plugin
    * #1997: Enable checkTime option by default
Clément OUDOT's avatar
Clément OUDOT committed
172
    * #1998: Misleading token ID format
Clément OUDOT's avatar
Clément OUDOT committed
173
174
175
176
177
178
179
180
181
182
    * #2003: Possibility to set attributes and extra claims in OIDC registration endpoints
    * #2007: Password change prompt displayed even if initial auth fails
    * #2008: Specific message and error code for 2F failure
    * #2011: Create a function to test if a value belongs to a list
    * #2012: Several issues with notification system
    * #2014: New script to convert sessions between backends
    * #2019: Renew Captcha button
    * #2024: Change default value for cspFormAction
    * #2042: Add per-service macros

Clément OUDOT's avatar
Clément OUDOT committed
183
 -- Clément <clem.oudot@gmail.com>  Sat, 21 Dec 2019 16:59:22 +0100
Clément OUDOT's avatar
Clément OUDOT committed
184

Clément OUDOT's avatar
Clément OUDOT committed
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
lemonldap-ng (2.0.6) stable; urgency=medium

  * Bugs:
    * #1834: Use base64 URL for JWT generation
    * #1838: Return claims from scope values in ID token if no access token requested
    * #1852: SAML request lost after notification
    * #1853: Adding a second notification with same reference is not refused
    * #1856: Unable to validate more than one notification (JSON format)
    * #1857: Message "session is expired" if a notification is  refused
    * #1861: Persistent data and notification validation
    * #1863: Duplicate Set-Cookie header when sending lemonldappdata and lemonldap cookies
    * #1864: incorrect loading of SAML metadata when entityID containts html-encoded characters
    * #1865: Dependencies missing in RPM
    * #1866: Skin parameter is lost in second factor choice
    * #1867: Bad error template with Combination and OTT timeout
    * #1868: Yubikey enrolment failed on Internet Explorer
    * #1869: [Security:low] psessions case sensitivity might impact security of 2FA when using case-insensitive auth backends
    * #1874: OTT not regenerated after submitting TOTP form with an expired OTT
    * #1875: Variables from Users module DBI is not used when Authentication module is LDAP (chain: [LDAP,DBI]
    * #1876: $_ no longer works in macros, rules and headers since 2.0
    * #1878: Pdata cookie not cleared after cross domain Auth request
    * #1880: [Security:low] Restricted users can edit conf by using default route
    * #1881: [Security:high] oidc authorization codes are not tied to their RP
    * #1883: Infinite loop when displaying sessions by IP address
    * #1889: No changes detected by Manager when removing CAS/OIDC attributes from a CAS application / OIDC RP or provider
    * #1890: LinkedIn v1 API is not available anymore
    * #1891: GET parameter "cancel" with Choice and CAS authentication
    * #1897: Emails are sometimes sent in the wrong language
    * #1898: Handler SecureToken is not working anymore
    * #1901: Handler error if a header definition is empty
    * #1903: Mail password reset and Combination with LDAP does not work
    * #1906: Missing MAIN_LOGO variable in redirect.tpl
    * #1910: Issue with "force password change on next login" feature with LDAP
    * #1915: Skin selected by rule is lost in 2FA process
    * #1922: Accentuated UTF-8 value of header is UTF-8 encoded again by handler
    * #1925: AuthBasic handler does not work with AuthChoice
    * #1933: [Security:low] nginx portal example file does not filter REST urls
    * #1935: [Security:medium] AuthSlave does not check credential headers

  * New features:
    * #993: Define a local password policy
    * #1783: ContextSwitching plugin
    * #1843: OAuth2 introspection endpoint
    * #1847: Radius 2F module
    * #1860: Multiple instances of 2F modules

  * Improvements:
    * #1619: Support IBM Tivoli Directory Server (ITDS)
    * #1702: Improve log generated by lemonldap
    * #1825: Possibility to disable persistent sessions
    * #1829: Redirection lost between SSL/Ajax and SAML
    * #1831: Warning in lemonldap-ng-cli
    * #1832: Add save/restore in CLI help message and control restore parameters
    * #1833: Show cli errors on file access
    * #1835: [Security:improvement] Do not accept a "none" signature in JWT if we enforce signature verification
    * #1842: Merge userLogger notice with logger debug
    * #1844: CheckUser plugin does not compute real session attributes if Impersonation is enabled
    * #1846: Adapt response_types_supported / grant_types_supported attributes in OpenID Connect metadata depending on configured flows
    * #1849: CDA is not compatible with Handler::PSGI::Try
    * #1850: No "Session granted" log if grantSession plugin not enabled
    * #1851: Append notification REST services
    * #1862: When displaying notifications, sort them by date and references
    * #1870: REST Api endpoint "error"
    * #1873: Labels for 2FA choices
    * #1879: [security:low] Access token expiration time is not enforced on userinfo or OAuth handler
    * #1882: Confusing default OIDC issuer setting
    * #1884: Force Upgrade tokens to be stored into global storage if auth and authssl are served by different load balancers
    * #1885: Append an option to log an extra parameter
    * #1888: Javascript error on textContent method with .Net framework and WPF
    * #1896: Add _session_kind to default SOAP/REST exported attributes
    * #1899: Fix portal and manager display for Internet Explorer
    * #1904: Append an option "don t compact conf" + debug log + compact CAS parameters if not enabled
    * #1908: Complete blackout probably due to uncontroled SQL connexion timeout
    * #1913: Append an option to allow / forbid browsers to store users password
    * #1916: Issuer OTT timeout
    * #1919: Customizable error message when a required SAML attribute is missing
    * #1923: REST ression server is too intolerant of clock drift
    * #1927: Implement  CORS preflight request
    * #1928: Option to hide password generation checkbox in mail password reset plugin
    * #1929: Custom functions are not imported into Safe Jail
    * #1930: Display password change form after a password policy error in mail reset password plugin
    * #1931: Disable password input field until font is fully downloaded by browser
    * #1932: REST session server should return both session and _httpSession id
    * #1936: Append an option to display Slave logo
    * #1938: CheckUser plugin : include search parameters

 -- Clément <clem.oudot@gmail.com>  Tue, 24 Sep 2019 11:13:39 +0200

Clément OUDOT's avatar
Clément OUDOT committed
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
lemonldap-ng (2.0.5) stable; urgency=medium

  * Bugs:
    * #1521: The manager renames the id of applications created by lemonldap-ng-cli
    * #1655: Can't delete notifications from the manager
    * #1717: Warnings "Devel::StackTrace" when using unnative Perl functions
    * #1746: Impersonation does not work with double cookies authentication
    * #1749: Authentication with "Double Cookies for a single session" (securedCookie==3) does not work
    * #1753: Logout with CASv2 is not working (Bad URL)
    * #1754: Configuration caching issue when overriding globalStorage in lemonldap-ng.ini
    * #1755: CheckUser plugin fails if OTT globalStrorage is enabled
    * #1759: Server Error when OpenID Connect provider enabled without any RP
    * #1762: CDA sessions are not removed when handler uses SOAP
    * #1775: Authentication with double cookies fails when uniq session is enabled
    * #1777: Server Error with SAML SLO and expired SSO session
    * #1779: Go to portal message not translated in register confirmation mail
    * #1795: [Security: low] CAS 3.0 Logout does not validate redirect URL
    * #1800: Auth::Slave is unusable with Choice
    * #1802: No error returned if no code provided on OpenID Connect token endpoint
    * #1805: Auth::LDAP unusable in combination if UserDB::LDAP isn't called
    * #1809: UserDB::DBI with Auth::LDAP seems to not work properly
    * #1810: [Security: low] llng-fastcgi-server could fail to setgid
    * #1811: Lua-headers file is missing
    * #1813: searchOn* does not work when a portal uses REST session backend
    * #1814: Local cache not fully purged
    * #1818: [Security:low] XXE vulnerability in SOAP notification server
    * #1819: Portal Notification server unusable with old XML format
    * #1821: Pdata not cleared after session upgrade
    * #1822: Session upgrade does not work with 2FA
    * #1824: lmConfigEditor does not work anymore
    * #1826: Race condition on SSL login form button

  * New features:
    * #1796: Display a message if an expired 2f device is removed

  * Improvements:
    * #1706: html not interpreted for translated messages
    * #1723: Real authentication is masked when using proxy authentication module
    * #1732: Sessions explorer and Browseable::Postgres
    * #1734: RPM version uses JSON::PP instead of JSON::XS
    * #1747: Logging out from portal cause an error with doubleCookie after refreshing rights
    * #1750: Wrong version / author / IP / log in lemonldap-ng-cli
    * #1758: Warnings in Viewer.pm when saving configuration
    * #1763: Transmission of Authorization header should probably be on by default
    * #1764: Set choosen language in user session
    * #1765: Better CORS handling
    * #1766: Warning in logs with SAML
    * #1767: Append startTime overScheme to display sessions to avoid browser crash
    * #1769: CSRF token is not automatically regenerated after a failed login with Auth::Choice
    * #1770: Add save/restore commands in cli
    * #1771: SSO sessions _updateTime value is not updated after a refresh request
    * #1773: Append option to modify service Token handler TTL
    * #1774: CheckUser plugin does not work with SAML
    * #1782: Append an option to set 2FA TTL
    * #1791: Append an option in Manager to merge only specified SSO groups with Impersonation
    * #1797: Allow ServiceToken to send service headers
    * #1799: StorePassword in session not working when using session REST server
    * #1827: Using lemonldap-ng-cli info gives warning with default configuration
    * #1828: 2F plugins and method loadTemplate are not using skin rules
    * #1830: [Security:improvement] Improved use of cryptography

 -- Clément <clem.oudot@gmail.com>  Sat, 29 Jun 2019 22:25:02 +0200

Yadd's avatar
Yadd committed
336
lemonldap-ng (2.0.4) stable; urgency=high
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372

  * Bugs:
    * #1684: UI manager: boolean values do not appears in configuration forms with Yaml config format
    * #1709: ViewDiff template not displayed
    * #1710: Configuration keys not displayed in Viewer
    * #1716: [Security:minor] Update jQuery
    * #1720: Duplicate session opening when using multiple Kerberos instances in Combination
    * #1724: CAS 1.0 /validate endpoint does not return username
    * #1726: Deb package: missing dependency IO::String
    * #1733: Invalid default crontab in RPM
    * #1736: Configuration version in Manager is different from software version
    * #1738: Error not well catched with Ext2F
    * #1741: Deleted category is not detected as a change when saving conf.
    * #1742: [Security: high] Setting tokenUseGlobalStorage allows unauthenticated users to access the portal (and applications without rules)
    * #1743: [Security: low] register_token used for account creation can be used as a valid session identifier
    * #1746: Impersonation does not work with double cookies authentication

  * New features:
    * #1146: Allow Handler to read OAuth2 access token instead of browser cookie
    * #1722: [Security: improvement] PKCE to secure OIDC Authorization Code flow

  * Improvements:
    * #1703: Fix faulty headers on a null value
    * #1711: Return Session ID when authentication is done via REST
    * #1712: Display idpChoice cancel button only if AuthChoice is enabled
    * #1713: CAS : Allow per application CAS login override
    * #1714: Check logLevel value
    * #1725: Allow unauthenticated clients on OIDC token endpoint
    * #1728: Improve redirect page
    * #1729: Display error if SAML service is enabled without private and public keys signature
    * #1730: Sort real and spoofed attributes in CheckUser and Session explorer
    * #1735: Highlight valid SSO sessions in sessions explorer
    * #1739: Improve log in Grant Session plugin

 -- Clément <clem.oudot@gmail.com>  Sun, 12 May 2019 16:17:01 +0200

Yadd's avatar
Yadd committed
373
lemonldap-ng (2.0.3) stable; urgency=medium
Clément OUDOT's avatar
Clément OUDOT committed
374
375
376
377
378
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423

  * Bugs:
    * #1543: Redirection lost with CAS RP -> Choice -> SAML Discovery Protocol -> SAML IDP
    * #1654: Password must change on AD still not fully working
    * #1656: No IP shown in history logon
    * #1667: [Security:medium] Option userControl is not applied anymore in standard login process
    * #1671: Error in SP-initiated saml logout with multiple SP
    * #1672: In SAML Issuer, environment variables to store current SP are not filled
    * #1673: Application list display and specific rules
    * #1675: [Security:minor] Using /logout instead of /?logout=1 does not work
    * #1676: Active Directory connection information not saved
    * #1679: Default jQuery URL in form replay has changed
    * #1680: In form replay, POST data keys are not URL encoded
    * #1682: LinkedIn OAuth2 authentication is not available in combination modules list
    * #1683: Changing configuration option cspScript has no effect
    * #1684: UI manager: boolean values do not appears in configuration forms with Yaml config format
    * #1686: SOAP Portal WSDL file is invalid
    * #1691: Password policy can't display messages
    * #1692: Parameter base64 is ignored in setHiddenFormValue
    * #1693: Information is not displayed in logout process
    * #1698: Invalid pdata causes SAML login to fail after logout
    * #1703: Fix faulty headers on a null value
    * #1708: lmerror page loops on url parameter

  * New features:
    * #1632: Optionally let Ext2F module handle code generation
    * #1658: CheckUser plugin
    * #1661: Configuration viewer module
    * #1664: Impersonation plugin
    * #1697: Command-line tool to delete session for specific user(s)

  * Improvements:
    * #1549: Option to override IDP entityID
    * #1595: Possibility to override message with a custom JSON file in template
    * #1651: Disable cache on portal page
    * #1653: Allow failback to default skin when a template is not found in custom theme
    * #1660: Restore possibility to hide message in portal template
    * #1666: Display errors on login form
    * #1668: As IDP SAML, do not try to send SLO response if no SLO endpoint defined in SP metadata
    * #1670: Display "authentication in progress" when using Ajax with Kerberos
    * #1681: Change behavior with SAML mandatory/optional attributes in SAML Issuer
    * #1687: Add granted log for user and connexion informations
    * #1694: Disable CSRF token with AuthBasic
    * #1696: Remove unnecessary antiframe protection in portal javascript
    * #1699: Authentication level for REST and GPG authentication
    * #1700: Update AuthBasic handler doc : REST server is required
    * #1704: Append parameter to sort IDP, OP and CAS servers in Auth menu loop

 -- Clément <clem.oudot@gmail.com>  Thu, 11 Apr 2019 10:09:35 +0200

Yadd's avatar
Yadd committed
424
lemonldap-ng (2.0.2) stable; urgency=medium
Clément OUDOT's avatar
Clément OUDOT committed
425
426
427
428
429
430
431
432
433
434
435
436

  * Bugs:
    * #1574: "Manager is unprotected" message when whatToTrace value is not the default
    * #1603: Warnings with confirmation required don't work
    * #1604: Manager unit tests randomly failed
    * #1607: Safe errors when saving configuration with lmConfigEditor
    * #1610: Unable to save empty value for cookie expiration time in Manager
    * #1613: handler https redirection does not work
    * #1614: Accents not well displayed in Portal
    * #1618: Version in server signature is wrong
    * #1623: ADPwdExpireWarning and ADPwdMaxAge parameters are missing in Manager
    * #1627: Display issue with GrantSession plugin
Yadd's avatar
Yadd committed
437
438
    * #1628: [Security:minor] GrantSession plugin discloses its message to unlogged users
    * #1630: [Security:minor] SSO cookie is sent to protected applications with Nginx-based ReverseProxy
Clément OUDOT's avatar
Clément OUDOT committed
439
440
441
442
443
    * #1636: SSL and Kerberos Auth Modules don t work with choice
    * #1639: User must change password on AD is broken
    * #1642: Unable to select skin from URL
    * #1643: Portal CSS is sent with empty background when portalSkinBackground is not defined
    * #1644: error while reseting password with ppolicy enabled
Clément OUDOT's avatar
Clément OUDOT committed
444
445
    * #1648: ldapAuthnLevel and dbiAuthnLevel are ignored
    * #1649: Error about Handler when saving configuration in lmConfigEditor
Clément OUDOT's avatar
Clément OUDOT committed
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465

  * New features:
    * #1569: GPG authentication module
    * #1629: Email-based two-factor module
    * #1631: Allow to display "env" as template variables

  * Improvements:
    * #1486: Portal starts even if init() has failed
    * #1600: Improve e2e tests
    * #1601: Create LDAP option to decode DN value
    * #1608: Date and comment not updated with lemonldap-ng-cli
    * #1609: add autocomplete="off" to 2F form fields
    * #1611: Improve apache configuration
    * #1622: Display delete button in 2FAManager only if action is allowed
    * #1625: "Use rule" option in issuer modules seem not to be used anymore
    * #1633: Better random generation
    * #1634: Improve management of template parameters
    * #1635: SAML attribut default value is not set
    * #1637: Add display options for SAML IDP like OIDC and CAS providers

Clément OUDOT's avatar
Clément OUDOT committed
466
 -- Clément <clem.oudot@gmail.com>  Tue, 12 Feb 2019 08:57:14 +0100
Clément OUDOT's avatar
Clément OUDOT committed
467

Yadd's avatar
Yadd committed
468
lemonldap-ng (2.0.1) stable; urgency=medium
Clément OUDOT's avatar
Clément OUDOT committed
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
491
492
493
494
495

  * Bugs:
    * #1564: Function authLogout is missing in package "Lemonldap::NG::Portal::Auth::SSL"
    * #1572: Error when saving in manager (mongoDB as ConfigurationBackend)
    * #1576: Browser doesn t select Portal appropriate language
    * #1579: SOAP Backend error for empty collection
    * #1582: MongoDB Conf backend looses sub hash keys
    * #1586: Portal message override do not work on plugins and mails templates
    * #1587: Captcha is not displayed in Register form if mail already exists
    * #1588: Captcha is validated with additional letters
    * #1589: Error in MailReset when asking to resend confirmation mail
    * #1592: Cannot select a menu tab with ?tab=<tab id> in URL
    * #1594: Cannot select oidcConsents tab in menu

  * Improvements:
    * #1565: OpenId - Default CSP value cause breakdown in OpenId authentification form
    * #1578: Fix fcgi/psgi extensions in documentation
    * #1583: Append parameter to configure number of allowed failed logins before brute force protection activation
    * #1584: Browser doesn t select Manager appropriate language
    * #1585: Fix main logo and langs icons display & double slash in lmerror 403 error URL
    * #1591: $req->user not available in plugins authenticated routes
    * #1593: Bad userinfo response: Unauthorized
    * #1596: Possibility to define new tabs in Menu
    * #1599: Usage of OpenID Connect with bad scope value result in unlimited session grow

 -- Clément <clem.oudot@gmail.com>  Fri, 21 Dec 2018 15:12:13 +0100

Yadd's avatar
Yadd committed
496
lemonldap-ng (2.0.0) stable; urgency=medium
Clément OUDOT's avatar
Clément OUDOT committed
497
498
499
500
501
502
503
504
505
506
507
508
509
510
511
512
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
552
553
554
555
556
557
558
559
560
561
562
563
564
565
566
567
568
569
570
571
572
573
574
575
576
577
578
579
580
581
582
583
584
585
586
587
588
589
590
591
592
593
594
595
596
597
598
599
600
601
602
603
604
605
606
607
608

  * Bugs:
    * #757: "Attempt to free unreferenced scalar" in Lemonldap::NG::Common::Session
    * #789: Apache reloading breaks SAML authentication
    * #804: Uncomplete logout in Issuer modules
    * #856: LemonLDAP loses exportedVars conf randomly
    * #863: get_url function builds wrong Portal URL
    * #918: Env variables are searched in backends
    * #998: encode_base64 can be udefined after a reload by URL
    * #1061: Multiple segfault using ModPerl::Registry with Apache2.4
    * #1113: OIDC Provider to SAML SP does not work
    * #1150: Can't get captcha to work with LDAP as backend
    * #1171: Session explorer freezes when session number is high
    * #1327: Facebook module not working due to API changes in Facebook
    * #1420: Answering to CAS proxy requests as CAS Provider
    * #1468: Enabling both Auth::SAML and Issuer::SAML breaks SLO

  * New features:
    * #575: Display differences between 2 conf
    * #782: Node.js handler
    * #819: Support of FIDO Alliance (multi-factor authentication)
    * #826: Tab in portal to manage OpenID Connect consent
    * #852: Possibility to reload/refresh his session without logout and relogin
    * #970: REST API for Portal
    * #971: Server-to-Server Handler
    * #1015: Two-Factor Authentication with OTP for portal user logins
    * #1019: Evaluate custom template parameters
    * #1091: Handler for DevOps (SSOaaS)
    * #1131: Portal plugin to "Stay connected on this device"
    * #1138: Generate Content-Security-Policy headers and related
    * #1148: U2F - Universal 2nd Factor Authentication
    * #1151: Replace Multi by a Combination parser
    * #1161: Manage access rules for CAS, SAML and OpenID Connect clients
    * #1162: Capability to use Log4Perl (and other log backends)
    * #1174: Auth and UserDB REST (delegation by web-service)
    * #1188: Custom auth/userDB/password/register modules
    * #1196: Auth::PAM module
    * #1204: Propose reauthentication if higher access level is requested
    * #1206: TLS support for mails
    * #1208: YAML configuration backend
    * #1212: Propose SSL authentication by Ajax
    * #1318: Auto-Signin based on $env rules
    * #1330: Menu rules for applications using SAML/CAS/OIDC
    * #1359: TOTP plugin
    * #1379: Feature: External Second Factor over REST API
    * #1391: Mixed TOTP/U2F second factor plugin
    * #1397: Plack servers support
    * #1399: Yubikey as second factor
    * #1419: Dispatch logger
    * #1427: Alternative FastCGI-Client handler for Apache2
    * #1438: Build trunk debian repository (nightly build)
    * #1458: Local conf backend
    * #1478: SAML Discovery Protocol (WAYF)
    * #1500: Possibility to override parameters in Choice modules
    * #1503: RENATER metadata download script
    * #1512: Option to choose which SAML attribute will be used as "user" key
    * #1535: Append Portal parameter to modify Handler Internal Cache
    * #1539: Option to enable / disable languages choice display

  * Improvements:
    * #354: Session Explorer: possibility to order sessions by date
    * #587: Selecting language while connecting to LemonLDAP
    * #595: Portal powered by FastCGI (using Plack)
    * #651: Common::CGI::abort should return 500 as HTTP status code
    * #673: Split conf/session/flags management from the Portal $self object
    * #713: Request management to handle sessions
    * #803: AuthSSL : Ability to choose SSLvar or UserDB depending of the CA
    * #868: Replace XML format by JSON for notifications
    * #1033: Translate mail subject - forgotten password
    * #1044: Adapt FastCGI server to be able to use an event Plack engine
    * #1065: Provide SSL options for AuthBasic
    * #1118: Manage unicode in session and configuration backends
    * #1133: Translation system for mails
    * #1137: Avoid using inline Javascript and CSS
    * #1140: Add CSRF protection to login and password change forms
    * #1160: Reorganize handler architecture
    * #1173: Performance: minimize Apache::Session access
    * #1181: Make Debian packages autopkgtestable
    * #1183: Rewrite CAS authentication module
    * #1201: IPv6 support
    * #1220: Vietnamese translation
    * #1222: Arabic translation
    * #1232: Italian translation
    * #1247: Support RSA SHA256 signature in SAML
    * #1267: Allow custom regexp for vhost display
    * #1302: Move all HTML fragments into templates
    * #1317: Wildcard in virtualhost names
    * #1322: Get user attributes in Auth module for external authentication
    * #1388: Auto-generation of parameters list in doc
    * #1400: CLUSTER - Status page who check the working state of LLNG
    * #1418: Sentry Logger (experimental)
    * #1427: Alternative FastCGI-Client handler for Apache2
    * #1428: Provide better logs with Nginx
    * #1429: Use cached configuration when configuration database isn't available
    * #1442: Last logins not shown when second factors are enabled
    * #1443: Hide countdown block when stopped
    * #1445: Let's stop french manager doc translation
    * #1448: Full status for Nginx
    * #1461: Remember Choice and other context settings before redirecting user to an external service
    * #1473: Complex nodes  not well displayed in manager
    * #1488: Be tolerant with whitespaces in ini file
    * #1490: Be able to use DBD::MariaDB
    * #1499: CSP prevents to submit OIDC consents form
    * #1501: Improve Login history module
    * #1504: Upgrade to bootstrap 4
    * #1515: Possibility to configure main logo on portal page
    * #1522: Notifications with checkbox does not work
    * #1526: Portal menu application and categorie logos not displayed
    * #1542: Provide sessions attributes in template
    * #1546: Configuration comparator does not work
    * #1550: Error when enables "SSL, Custom " Auth modules with Choice

Clément OUDOT's avatar
Clément OUDOT committed
609
610
lemonldap-ng (2.0.0~beta1) testing; urgency=low

Clément OUDOT's avatar
Clément OUDOT committed
611
612
lemonldap-ng (2.0.0~alpha3) testing; urgency=low

Clément OUDOT's avatar
Clément OUDOT committed
613
614
lemonldap-ng (2.0.0~alpha2) testing; urgency=low

Clément OUDOT's avatar
Clément OUDOT committed
615
lemonldap-ng (2.0.0~alpha1) testing; urgency=low
616

Clément OUDOT's avatar
Clément OUDOT committed
617
618
619
620
621
622
623
624
625
626
627
628
629
630
lemonldap-ng (1.9.19) oldstable; urgency=high

  * Bugs:
    * #1509: InactivityTimeout for applications don't work
    * #1520: lemonldap-ng-cli adds a new item when deleting an item that does not exist.
    * #1567: Captcha session id is too weak
    * #1580: Error when saving in manager (mongoDB as ConfigurationBackend)
    * #1662: id_token validity not correctly evaluated
    * #1744: [Security: low] register_token used for account creation can be used as a valid session identifier

  * Improvements:
    * #1516: All IDP conf not usable if only one IDP misconfigured
    * #1519: Cross domain authentication, ajax request and same origin policy

Clément OUDOT's avatar
Clément OUDOT committed
631
632
633
634
635
636
637
638
639
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
lemonldap-ng (1.9.18) stable; urgency=high

    * #1479: App Category order - Cannot save
    * #1476: Unescaped left brace generates a warning with Perl-5.28
    * #1474: OAuth2 token_type is case insensitive
    * #1514: Aliases not respecting redirect settings
    * #1494: Manage applications with the lemonldap-ng-cli
    * #1470: Warning when using CLI to set value which does not exists before
    * #1469: SMTP timeout breaks Manager configuration save

lemonldap-ng (1.9.17) stable; urgency=high

    * #1416: Attribute encoding in CAS responses
    * #1426: Error with mod_auth_openidc when kid is set in JWKS
    * #1423: "samlServicePrivateKeySig: Bad PEM encoding" on manager when
      saving config with some valid certificates
    * #1415: Improve test pages
    * #1413: Possibility to add conditions to display Choice tabs
    * #1407: Remote MYSQL - mysql_enable_utf8 not applied?
    * #1403: Parameter to ignore some tests during saving

lemonldap-ng (1.9.16) stable; urgency=high

    * #1390: Choice module allows XSS attack
    * #1389: Kerberos ticket revalidated in Multi mode
    * #1382: Kerberos - Username / Session uncorrectly set
    * #1378: lemonldap-ng-doc unable to install on Debian 7
    * #1372: Action "update-cache" in lemonldap-ng-cli does not work
    * #1371: incompatibility between 1.4 portal and 1.9/2.0 handler : _utime
      not defined
    * #1368: Impossible to configure IssuerDB Get Parameters with RDBI backend
    * #1366: Problem with kerberos and ajax and ldap ...
    * #1363: Bad equality operator in Handler::Main::Jail
    * #1362: Allow CAS 3.0 endpoints (/p3/serviceValidate and
      /p3/proxyValidate)
    * #1360: Using "force" and "cfgNum" with lemonldap-ng-cli does not work
    * #1063: lemonldap-ng-fastcgi-server has a hard dependency on nginx
    * #1253: Default values not saved by Manager (complex nodes)

Clément OUDOT's avatar
Clément OUDOT committed
670
671
672
673
674
675
676
677
678
679
680
681
682
683
684
685
686
687
lemonldap-ng (1.9.15) stable; urgency=high

    * #1358: Encoding issues with LDAP configuration backend
    * #1357: Wrong return status for processLogoutRequestMsg in SAML module
    * #1356: Prevent infinite loop in LDAP group recursive search
    * #1355: local session storage not being cleaned up
    * #1352: Encoding issues with MySQL configuration backend
    * #1351: missing dependency LWP::Protocol::https on CentOS 7 packaging
    * #1349: Initial url lost during reset password workflow
    * #1347: Do not allow "/" or ".." in skin parameter to avoid directory
      traversal attack
    * #1346: Check that skin directory exists before trying to open it
    * #1345: Autoredirect does not work after session expiration
    * #1343: Captcha code not removed after successful verification
    * #1341: llng-fastcgi-server: Allow to listen on TCP
    * #1337: mailFrom and mailReplyTo directives : bad default address
    * #1281: purgeLocalCache should use conf from manager

Yadd's avatar
Yadd committed
688
689
690
691
692
693
694
695
696
697
698
699
700
701
lemonldap-ng (1.9.14) stable; urgency=high

    * #707: Kerberos authentication module
    * #1308: make saml work with POST sso binding and multiple authentication
    * #1310: Form replay javascript generates error for fields with a dot
    * #1315: Missing Mouse dependency in Debian packages
    * #1316: In docs, for Alfresco, said they need to add an exclusion for
      ressources path
    * #1324: Allow SAML with Office365 multidomains
    * #1326: SessionIndex should not be mandatory in SAML SingleLogoutRequest
    * #1328: Value 0 can not be set in hidden field
    * #1329: No need to 'warn' if no IDP or SP is present in configuration
    * #1331: Manage UTF-8 values in HTTP headers

Clément OUDOT's avatar
Clément OUDOT committed
702
703
704
705
706
707
lemonldap-ng (1.9.13) stable; urgency=high

    * [LEMONLDAP-1209] - [UTF8-Enconding] Issues with mysql backend and saml attributes
    * [LEMONLDAP-1303] - Debian 9 and JSON parsing error - OpenID Connect
    * [LEMONLDAP-1304] - make saml tolerant to issuerDBSAMLPath

Clément OUDOT's avatar
Clément OUDOT committed
708
709
710
711
712
713
714
715
716
lemonldap-ng (1.9.12) stable; urgency=high

    * [LEMONLDAP-1293] - Unable to delete "Exported Attributes" in SAML SP
    * [LEMONLDAP-1294] - Debian - JSON - Apache::Session module failed
    * [LEMONLDAP-1295] - Bad UserInfo response wihen attribute values are Perl references
    * [LEMONLDAP-1297] - Restrict reload url to the localhost
    * [LEMONLDAP-1299] - Unable to use LemonLDAP on Debian Stretch - Portal issue
    * [LEMONLDAP-1298] - CAS logout redirect service

Clément OUDOT's avatar
Clément OUDOT committed
717
718
719
720
721
722
723
724
725
726
727
728
729
730
731
732
733
lemonldap-ng (1.9.11) stable; urgency=high

    * [LEMONLDAP-1244] - CGIPassAuth not usable in CentOS 7.3.1611 because of old Apache version
    * [LEMONLDAP-1255] - Issue with openid-configuration.pl when updating Perl
    * [LEMONLDAP-1262] - Session expired on Handler
    * [LEMONLDAP-1277] - Missing screen shot in documentation
    * [LEMONLDAP-1288] - Empty hash configuration parameters are converted to empty scalar trough SOAP
    * [LEMONLDAP-1289] - Proxy authentication module does not catch authentication error
    * [LEMONLDAP-1245] - adding salt feature for database backend
    * [LEMONLDAP-1254] - APT warning on weak digest algo on lemonldap repository
    * [LEMONLDAP-1256] - Avoid 'forcedSAML' in Choice module
    * [LEMONLDAP-1261] - SAML SessionIndex may leak SSO data and cause interoperability issues
    * [LEMONLDAP-1263] - No error message when backend is in ReadOnly
    * [LEMONLDAP-1270] - Logout_*
    * [LEMONLDAP-1243] - LinkedIn authentication module
    * [LEMONLDAP-1286] - httpd dependency

Clément OUDOT's avatar
Clément OUDOT committed
734
735
736
737
738
739
740
741
742
743
744
745
746
lemonldap-ng (1.9.10) stable; urgency=high

    * [LEMONLDAP-1202] - CSS an JS not correctly loaded in FR offline doc
    * [LEMONLDAP-1203] - NginX handler and CDA does not work
    * [LEMONLDAP-1207] - GUI Error (HTTP 500) on Issuer module "GET"
    * [LEMONLDAP-1214] - No display type selected when session expired and authentication done via Mutli or Choice
    * [LEMONLDAP-1218] - Warning on expired session can break transparent authentication
    * [LEMONLDAP-1231] - debian wheezy doc package not working
    * [LEMONLDAP-1233] - redirect_uri parameter validity should be checked first to avoid unwanted redirections
    * [LEMONLDAP-1211] - Provide error page / error message for error 404 and 502
    * [LEMONLDAP-1219] - Reject same SAML EntityID for Service Providers
    * [LEMONLDAP-1225] - Lost Password error message

Clément OUDOT's avatar
Clément OUDOT committed
747
748
749
750
751
752
753
754
755
756
757
lemonldap-ng (1.9.9) stable; urgency=high

    * [LEMONLDAP-1081] - SAML artifact server double encode UTF-8 characters
    * [LEMONLDAP-1193] - entityID not found in metadata if value is between simple quotes instead of double quotes
    * [LEMONLDAP-1195] - JS error when clicking on export configuration
    * [LEMONLDAP-1197] - CSP errors in Manager
    * [LEMONLDAP-1199] - Compilation error in IssuerDBOpenIDConnect.pm
    * [LEMONLDAP-1187] - Make crypto functions available in safe jail
    * [LEMONLDAP-1191] - Brute force protection for OIDC
    * [LEMONLDAP-1200] - Force AllowCreate in NameIDPolicy for broken SAML clients

Clément OUDOT's avatar
Clément OUDOT committed
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
773
774
775
776
777
778
779
780
781
782
783
784
785
786
787
lemonldap-ng (1.9.8) stable; urgency=high

    * [LEMONLDAP-1121] - Fail to require customNginxHandler
    * [LEMONLDAP-1130] - SOAP request fail (FCGI) - missing path info
    * [LEMONLDAP-1136] - Mail reset form allows email enumaration
    * [LEMONLDAP-1139] - Errors "Session cannot be tied"
    * [LEMONLDAP-1141] - Bad encoding in reset password emails
    * [LEMONLDAP-1145] - Missing user identifier in mail reset log messages
    * [LEMONLDAP-1147] - SAML session ID
    * [LEMONLDAP-1149] - lemonldap-ng-fastcgi-server not working on CentOS7
    * [LEMONLDAP-1152] - jquery-ui.min.js not found
    * [LEMONLDAP-1155] - Typo in OIDC OP for keeping acr_values parameter
    * [LEMONLDAP-1159] - Session concurrency issue with SAML + OpenID Connect flow
    * [LEMONLDAP-1166] - Typo in bootstrap footer.tpl
    * [LEMONLDAP-1170] - Browse sessions by ip address duplicates entries
    * [LEMONLDAP-1179] - Bad session count in sessions explorer multi IP tab
    * [LEMONLDAP-1086] - Make Debian packages autopkgtestable
    * [LEMONLDAP-1120] - Add public pages concept in LemonLDAP::Portal
    * [LEMONLDAP-1122] - Enclose expressions
    * [LEMONLDAP-1125] - Avoid using unsafe eval Javascript
    * [LEMONLDAP-1127] - SAML: Reject same entityID on different Metadata
    * [LEMONLDAP-1132] - Warn users about session expired in portal
    * [LEMONLDAP-1135] - Warnings in unit tests
    * [LEMONLDAP-1143] - Manage doc indexing using robots.txt to avoid indexing old doc
    * [LEMONLDAP-1144] - Add vhost in reject log message
    * [LEMONLDAP-1156] - Export OpenIDConnect request parameters in %ENV
    * [LEMONLDAP-1158] - Export CAS request parameters in %ENV
    * [LEMONLDAP-1129] - Extract CN field from SSL certificate (authSSL)
    * [LEMONLDAP-1177] - Custom skin lost when submitting login form

Clément OUDOT's avatar
Clément OUDOT committed
788
789
790
791
792
793
794
795
796
797
798
799
800
801
802
803
804
805
806
807
808
809
lemonldap-ng (1.9.7) stable; urgency=high

    * [LEMONLDAP-1097] - invalid base64 encoding on openidconnect key2jwks
    * [LEMONLDAP-1099] - FCGI: reload method return Internal Server Error
    * [LEMONLDAP-1101] - SAML IDP-initiated : Federation not found on login
    * [LEMONLDAP-1102] - Random access denied
    * [LEMONLDAP-1105] - Broken openidconect oidcRPMetaDataOptionsExtraClaims parsing (or saving) when using sql datastore
    * [LEMONLDAP-1107] - Use of uninitialized value in pattern match...Simple.pm line 1561
    * [LEMONLDAP-1109] - Notification DBI backend has compilation error
    * [LEMONLDAP-1117] - Corrupted persistent session when value has accentued characters and storage is LDAP
    * [LEMONLDAP-1096] - Use manager libraries for doc with "external" hook
    * [LEMONLDAP-1098] - Allow access tokens to be gathered as parameters too
    * [LEMONLDAP-1100] - Create custom lltype for custom handler
    * [LEMONLDAP-1104] - Allow the parameters for the reload url to contain basic credentials
    * [LEMONLDAP-1106] - returnJSONError on _OpenIDConnect.pm should return a 400 status not a 200
    * [LEMONLDAP-1108] - caFile/caPathc options should be available for LDAPS, not only for LDAP+TLS
    * [LEMONLDAP-1110] - Provide autopkgtest tests
    * [LEMONLDAP-1114] - Missing DirectoryIndex in offline documentation
    * [LEMONLDAP-1116] - Change how we check signatures on SAML messages
    * [LEMONLDAP-173]  - Token for cross domain authentication
    * [LEMONLDAP-1115] - Documentation error

Clément OUDOT's avatar
Clément OUDOT committed
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
lemonldap-ng (1.9.6) stable; urgency=high

    * [LEMONLDAP-1058] - Timeout on save conf
    * [LEMONLDAP-1060] - Missing reload target for nginx
    * [LEMONLDAP-1064] - getApacheSession not working with id
    * [LEMONLDAP-1068] - Error in logout request
    * [LEMONLDAP-1069] - start-stop-daemon warning in lemonldap-ng-fastcgi-server init script
    * [LEMONLDAP-1071] - OpenID Connect discovery: LLNG does not use booleans
    * [LEMONLDAP-1075] - Unable to add rule or header in a vhost using lemonldap-ng-cli
    * [LEMONLDAP-1076] - IDP resolution rule is no more available in Manager
    * [LEMONLDAP-1078] - CryptoJS URL have changed
    * [LEMONLDAP-1079] - Security options for SAML are set to Off by default
    * [LEMONLDAP-1080] - Typo is URL matching for Auth OpenID
    * [LEMONLDAP-1093] - /run/llng-fastcgi-server is deleted on reboot
    * [LEMONLDAP-1094] - typo in error_pt.al
    * [LEMONLDAP-1001] - Possibility to configure the update interval used for timeout activity
    * [LEMONLDAP-1065] - Provide SSL options for AuthBasic
    * [LEMONLDAP-1082] - Return explicit error if no token endpoint auth method is set
    * [LEMONLDAP-1083] - Create an option to not store SAML/OIDC tokens in session
    * [LEMONLDAP-1084] - Disable SAML SLO request when LL::NG configured as SP and IDP does not support SLO
    * [LEMONLDAP-1087] - Allow to check audience and time conditions separately in SAML flow
    * [LEMONLDAP-1088] - Allow relayState to be a redirection URI
    * [LEMONLDAP-1089] - Option to bypass consent in OpenID Connect Issuer
    * [LEMONLDAP-1067] - Authbasic handler for Nginx

Clément OUDOT's avatar
Clément OUDOT committed
835
836
837
838
839
840
841
842
843
844
845
846
847
848
849
850
851
852
lemonldap-ng (1.9.5) stable; urgency=high

    * [LEMONLDAP-966] - RSA Keys generated from Manager are incomplete
    * [LEMONLDAP-1028] - SAML SP SOAP logout does not happen
    * [LEMONLDAP-1046] - Default value for samlIDPMetaDataOptionsSSOBinding should be undef
    * [LEMONLDAP-1047] - SAML SLO from IDP does not work when SP is LL::NG
    * [LEMONLDAP-1048] - Unable to upgrade a configuration from 1.4 to 1.9 using lmConfigEditor
    * [LEMONLDAP-1049] - Unable to read LDAP session in 1.4 format with 1.9 version
    * [LEMONLDAP-1050] - signing in to chrome devices via sso is broken
    * [LEMONLDAP-1054] - test_config not found in lemonldap-ng-fastcgi-server init script
    * [LEMONLDAP-1059] - Portal disconnection warning
    * [LEMONLDAP-1043] - Display total number of sessions
    * [LEMONLDAP-1045] - Wrong SAML attributes encoding issued by IDP
    * [LEMONLDAP-1052] - Use Lasso 'thin-sessions'
    * [LEMONLDAP-1055] - Remove network access attempts during tests
    * [LEMONLDAP-1057] - Change displayed message when sending confirmation mail after password reset
    * [LEMONLDAP-1056] - SAML SLO relay URL not catched

Clément OUDOT's avatar
Clément OUDOT committed
853
854
855
856
857
858
859
860
861
862
863
864
lemonldap-ng (1.9.4) stable; urgency=high

    * [LEMONLDAP-1034] - Missing dependencies in documentation
    * [LEMONLDAP-1036] - LDAP sessions are not purged
    * [LEMONLDAP-1037] - Using LDAP as conf backend, IssuerDBGetParameters with wrong value inserted after conf save
    * [LEMONLDAP-1038] - All information is lost when vhost or SAML/OIDC partner is renamed in Manager
    * [LEMONLDAP-1039] - Error not displayed correctly for notification browsing
    * [LEMONLDAP-1040] - Session browsing not working if _whatToTrace is missing
    * [LEMONLDAP-1041] - ldapAttributeId not used everywhere in _LDAPGKFAS
    * [LEMONLDAP-1035] - Manage Plack engines in FastCGI server
    * [LEMONLDAP-1042] - Some information are lost when renaming OIDC/SAML partner

Clément OUDOT's avatar
Clément OUDOT committed
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
lemonldap-ng (1.9.3) stable; urgency=low

    * [LEMONLDAP-985] - authForce is not well called trough AuthMulti
    * [LEMONLDAP-997] - Circular dependency for liblemonldap-ng-handler-perl package
    * [LEMONLDAP-1003] - Replace Mouse by Moose if ModPerl::Registry is used with Perl 5.22
    * [LEMONLDAP-1006] - Typo in Common/Apache/Session.pm on LDAP disconnect
    * [LEMONLDAP-1008] - Bad comment in lemonldap-ng.ini
    * [LEMONLDAP-1009] - Version shown in Manager is not the one of the main module
    * [LEMONLDAP-1010] - Problem with persistent sessions and MongoDB backend
    * [LEMONLDAP-1012] - AuthTwitter is not working anymore
    * [LEMONLDAP-1013] - AuthFacebook is not working anymore
    * [LEMONLDAP-1014] - Example values for LDAP backend configuration are wrong
    * [LEMONLDAP-1016] - Can't configure OpenID Connect RP Extra claims in lemonldap web manager
    * [LEMONLDAP-1018] - Slave authentication error (Can't locate object method "checkHeader")
    * [LEMONLDAP-1020] - Can't define SMTP server with port
    * [LEMONLDAP-1022] - The path of the request is lost when using the url parameter of a Choice module
    * [LEMONLDAP-1026] - lemonldap-ng-fastcgi-server is missing libfcgi-procmanager-perl as a dependency
    * [LEMONLDAP-1029] - Missing images in Debian packaging
    * [LEMONLDAP-1030] - Cannot start Manager with zero conf in LDAP backend
    * [LEMONLDAP-983] - Import encrypt in functions
    * [LEMONLDAP-1004] - Es, it, pt, ne and de translations
    * [LEMONLDAP-1011] - Option to allow a user to reset an expired password
    * [LEMONLDAP-1023] - Add documentation to nginx handler
    * [LEMONLDAP-1025] - provide additional GET parameters while redirecting to handler
    * [LEMONLDAP-1031] - Be less restrictive on service parameter check in CAS issuer

Clément OUDOT's avatar
Clément OUDOT committed
891
892
893
894
895
896
897
898
899
900
901
902
903
904
lemonldap-ng (1.9.2) stable; urgency=low

    * [LEMONLDAP-985] - authForce is not well called trough AuthMulti
    * [LEMONLDAP-988] - CPAN Tests fails for Lemonldap-NG-Common
    * [LEMONLDAP-989] - CPAN Tests fails for Lemonldap-NG-Portal
    * [LEMONLDAP-991] - LDAP TCP connections is still not closed
    * [LEMONLDAP-992] - LL:NG use wrong variables with Multi auth
    * [LEMONLDAP-994] - Can't call method "add_output_filter" on an undefined value when I logout
    * [LEMONLDAP-995] - Encoding problem in menu categories and applications
    * [LEMONLDAP-996] - logout_app_sso URL rejected
    * [LEMONLDAP-1000] - Session errors with persistent sessions
    * [LEMONLDAP-1002] - Show sent headers in debug mode
    * [LEMONLDAP-986] - Propose packages for SLES 12 SP1

Clément OUDOT's avatar
Clément OUDOT committed
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
lemonldap-ng (1.9.1) stable; urgency=low

    * [LEMONLDAP-961] - PAUSE indexer report
    * [LEMONLDAP-962] - Applications logos and portal background not displayed in Manager
    * [LEMONLDAP-964] - Links to change
    * [LEMONLDAP-965] - Syntax checking on certificate must be more tolerant
    * [LEMONLDAP-968] - Headers corrupted when authenticating with HTTP basic authentication on a protected application
    * [LEMONLDAP-969] - /var/run is a tmpfs so FastCGI pid can't be written after reboot
    * [LEMONLDAP-972] - Missing test for exportedHeaders
    * [LEMONLDAP-974] - keyMsgFail are missing in Manager/Attributes.pm
    * [LEMONLDAP-976] - $ENV is replaced by $datas->{ENV}
    * [LEMONLDAP-978] - CPAN Tests fails for Lemonldap-NG-Common
    * [LEMONLDAP-980] - Error "password must be changed" when user not found in AD
    * [LEMONLDAP-984] - Allow to set replica for MongoDB configuration backend
    * [LEMONLDAP-973] - Activate maintenance mode if reval() fails
    * [LEMONLDAP-185] - Check configuration uploaded by lmConfigEditor

Clément OUDOT's avatar
Clément OUDOT committed
922
lemonldap-ng (1.9.0) stable; urgency=low
Clément OUDOT's avatar
Clément OUDOT committed
923

Clément OUDOT's avatar
Clément OUDOT committed
924
925
926
927
928
929
930
931
932
933
934
935
936
937
938
939
940
941
942
943
944
945
946
947
948
949
950
951
952
953
954
955
956
957
958
959
960
961
962
963
964
965
    * [LEMONLDAP-176] - POST Handler feature does not work with mod_proxy
    * [LEMONLDAP-395] - LL::NG::Handler::CGI ignores some config parameters
    * [LEMONLDAP-729] - Handler Jail may be inconsistent with its attributes
    * [LEMONLDAP-759] - Cannot store Conf or Sessions in AD (was Storable appears to not work on 64-bit OS)
    * [LEMONLDAP-767] - future deprecated dependency
    * [LEMONLDAP-777] - Password fiedls in Manager
    * [LEMONLDAP-802] - Apache2::Connection remote_ip not supported in Apache 2.4
    * [LEMONLDAP-825] - Error when session is not in backend but only in cookie
    * [LEMONLDAP-827] - Error encoding of passwords when using special characters in file lmconf.
    * [LEMONLDAP-828] - wrong Makefile target for translation
    * [LEMONLDAP-835] - Interface with unicode
    * [LEMONLDAP-840] - Auth-User HTTP Header appears even if no HTTP Headers defined on VHost
    * [LEMONLDAP-854] - Manager returns "Not authorized" with Apache 2.4 and fr-doc not installed
    * [LEMONLDAP-858] - Error 500 at Save (on virtualHost Rules), when the displayName of one Category Portal Menu contains accentuated Character
    * [LEMONLDAP-866] - Configuration deletion does not work
    * [LEMONLDAP-867] - 404 errors in documentation
    * [LEMONLDAP-870] - _lastSeen should be updated when a issuer module (ex: CAS) is called
    * [LEMONLDAP-872] - Omegat does not end
    * [LEMONLDAP-914] - Password expiration interception in Multi mode
    * [LEMONLDAP-922] - SAML Error on update session
    * [LEMONLDAP-923] - Error save conf SlaveMasterIp
    * [LEMONLDAP-948] - openid userinfo endpoints need Authorization header
    * [LEMONLDAP-954] - GLPI link is broken
    * [LEMONLDAP-955] - GRR link is broken
    * [LEMONLDAP-958] - Infinite redirection loop when redirected from Handler for an error (403/500/503)
    * [LEMONLDAP-428] - Ergonomic items
    * [LEMONLDAP-534] - splice not necessary to parse @_ in subroutines
    * [LEMONLDAP-633] - unify var substitution in locationRules and exportedHeaders
    * [LEMONLDAP-717] - Handler init management
    * [LEMONLDAP-733] - Form replay refactoring
    * [LEMONLDAP-776] - Use Bootstrap for Manager
    * [LEMONLDAP-787] - [UserDB][LDAP] Allow alias dereferencing in search
    * [LEMONLDAP-790] - Portal should not return HTML for AJAX requests
    * [LEMONLDAP-794] - Default values must be set before storing in local cache
    * [LEMONLDAP-795] - Propose JSON serialization in Apache::Session to be able to access to sessions with other languages
    * [LEMONLDAP-796] - Replace our own serializer by JSON in Conf/File.pm
    * [LEMONLDAP-798] - Avoid opening local cache when root
    * [LEMONLDAP-815] - Improve the cookie name regexp
    * [LEMONLDAP-821] - JSON File as new default configuration backend
    * [LEMONLDAP-824] - autocomplete=off does not prevent anymore password manager use
    * [LEMONLDAP-833] - Manager - Multi : display only the selected modules
    * [LEMONLDAP-865] - Check conditions in AuthSlave and UserDBSlave
Yadd's avatar
Yadd committed
966
    * [LEMONLDAP-877] - Replace Storable by JSON to be arch independent
Clément OUDOT's avatar
Clément OUDOT committed
967
968
969
970
971
972
973
974
975
976
977
978
979
980
981
982
983
984
985
986
987
988
989
990
991
992
993
994
995
996
997
998
999
1000
1001
1002
1003
1004
1005
1006
1007
1008
1009
1010
1011
1012
1013
1014
1015
1016
1017
1018
1019
1020
1021
1022
1023
1024
1025
1026
1027
1028
1029
1030
1031
1032
1033
1034
1035
1036
1037
1038
1039
1040
1041
1042
1043
1044
1045
1046
1047
1048
1049
    * [LEMONLDAP-908] - Replace own minifier by external
    * [LEMONLDAP-911] - Possibility to set a specific logo for a choice module
    * [LEMONLDAP-917] - Possibility to define finely sessions timeout activity
    * [LEMONLDAP-924] - Manager not checking regex before saving
    * [LEMONLDAP-930] - Scripts must have POD
    * [LEMONLDAP-946] - Set cfgAuthor to lmConfigEditor
    * [LEMONLDAP-24] - Browse configuration versions and apply them
    * [LEMONLDAP-183] - OAuth 2.0 / OpenID Connect authentication module
    * [LEMONLDAP-184] - OAuth 2.0 / OpenID Connect provider module
    * [LEMONLDAP-227] - VirtualHost Copy/paste functions in Manager
    * [LEMONLDAP-287] - Implement HTTP Strict Transport Security
    * [LEMONLDAP-495] - Persistent sessions Explorer
    * [LEMONLDAP-583] - Nginx handler
    * [LEMONLDAP-630] - Modularization of Handler code
    * [LEMONLDAP-770] - Configuration of portal background
    * [LEMONLDAP-773] - Implement CAS 3.0 Protocol (attributes exchange)
    * [LEMONLDAP-800] - MongoDB configuration and session backend
    * [LEMONLDAP-820] - New Manager interface with AngularJS
    * [LEMONLDAP-836] - Add Choice to included X509 certificate in Signature of SAML Messages, when LL::NG acts as IDP
    * [LEMONLDAP-915] - Portal message customization
    * [LEMONLDAP-925] - New Notification Explorer
    * [LEMONLDAP-935] - Capability to duplicate virtualhost
    * [LEMONLDAP-864] - SAML and manager translations(utf8)
    * [LEMONLDAP-859] - Perl-Digest-SHA is not listed at dependencies documentation
    * [LEMONLDAP-873] - Change screenshots in doc
    * [LEMONLDAP-891] - Remove "return to SP link"
    * [LEMONLDAP-909] - Push French translation into sources
    * [LEMONLDAP-932] - Packages for RHEL / CentOS
    * [LEMONLDAP-871] - Manager protection
    * [LEMONLDAP-874] - Add portal and logout links, add current version
    * [LEMONLDAP-878] - Button to download file
    * [LEMONLDAP-879] - Possibility to have a certificate instead of a public key
    * [LEMONLDAP-880] - Bug in Logs node
    * [LEMONLDAP-881] - Load metadata from file
    * [LEMONLDAP-882] - Problem with radio buttons in samlAttributeContainer component
    * [LEMONLDAP-883] - Bug with choices modules confguration
    * [LEMONLDAP-884] - Optional URL in AuthChoices module
    * [LEMONLDAP-885] - Unable to register OpenID Connect metadata
    * [LEMONLDAP-886] - favicon disappear when using configuration tab
    * [LEMONLDAP-888] - SAML attributes and other options not saved
    * [LEMONLDAP-889] - Saving an old configuration leads to "No such file or directory"
    * [LEMONLDAP-892] - Set OpenID Connect standard attributes in default values
    * [LEMONLDAP-893] - Unable to download configuration
    * [LEMONLDAP-894] - Get another default component for nodes
    * [LEMONLDAP-895] - Associated help is not displayed in SAML SP/IDP
    * [LEMONLDAP-896] - Labels for samlSP and samlSPName not displayed
    * [LEMONLDAP-897] - Handler Status does not work
    * [LEMONLDAP-898] - Handler Menu does not work
    * [LEMONLDAP-899] - Button to show/hide documentation panel
    * [LEMONLDAP-900] - Fill the domain when creating a new virtual host
    * [LEMONLDAP-901] - Propose default names for IDP/SP/OP/RP
    * [LEMONLDAP-902] - Replace javascript prompts by dialogs/modals
    * [LEMONLDAP-903] - ZeroConf
    * [LEMONLDAP-904] - Open IDP/SP node after its creation
    * [LEMONLDAP-905] - Login is displayed in errors
    * [LEMONLDAP-906] - Hide inaccessible modules in manager interface
    * [LEMONLDAP-907] - Deleting a menu entry isn't detected
    * [LEMONLDAP-913] - XS mode: menu never visible when tree is displayed
    * [LEMONLDAP-916] - missing semicolons in Makefile
    * [LEMONLDAP-919] - Choosing Multi module should not lock passwordDB configuration
    * [LEMONLDAP-920] - Clear cfgLog when using lmConfigEditor
    * [LEMONLDAP-921] - Implement lemonldap-ng-cli wth new configuration code
    * [LEMONLDAP-926] - Error is not displayed to user
    * [LEMONLDAP-927] - Use modal instead of alert
    * [LEMONLDAP-928] - Bad notification encoding
    * [LEMONLDAP-929] - Manage other portal CGIs
    * [LEMONLDAP-934] - LLNG status for Nginx
    * [LEMONLDAP-936] - Extra headers sent to protected applications
    * [LEMONLDAP-938] - Can't save conf due to bad custom function name
    * [LEMONLDAP-940] - Timout for reloadUrls
    * [LEMONLDAP-941] - Aliases not taken into account
    * [LEMONLDAP-942] - Session explorer not usable with Apache::Session::Browseable::MySQL
    * [LEMONLDAP-943] - Zimbra Handler
    * [LEMONLDAP-944] - Notifications - invalid date
    * [LEMONLDAP-945] - Auto-protected CGI not working
    * [LEMONLDAP-947] - Notifications cannot be purged for DBI and LDAP
    * [LEMONLDAP-949] - Handler PSGI should set LMREMOTE_USER
    * [LEMONLDAP-950] - spelling
    * [LEMONLDAP-952] - Errors not displayed in Notifications Explorer
    * [LEMONLDAP-953] - Notifications are mixed under the same letter
    * [LEMONLDAP-956] - Custom functions don't work with useSafeJail
    * [LEMONLDAP-957] - Replace $http.success() by .then()

Clément OUDOT's avatar
Clément OUDOT committed
1050
1051
1052
1053
1054
1055
1056
1057
1058
1059
lemonldap-ng (1.4.11) stable; urgency=low

    * [LEMONLDAP-1068] - Error in logout request
    * [LEMONLDAP-1080] - Typo is URL matching for Auth OpenID
    * [LEMONLDAP-1092] - Net::LDAP does not have an uri method in el5
    * [LEMONLDAP-1001] - Possibility to configure the update interval used for timeout activity
    * [LEMONLDAP-1052] - Use Lasso 'thin-sessions'
    * [LEMONLDAP-1083] - Create an option to not store SAML/OIDC tokens in session
    * [LEMONLDAP-1084] - Disable SAML SLO request when LL::NG configured as SP and IDP does not support SLO

Clément OUDOT's avatar
Clément OUDOT committed
1060
1061
1062
1063
1064
1065
1066
1067
1068
lemonldap-ng (1.4.10) stable; urgency=low

    * [LEMONLDAP-985] - authForce is not well called trough AuthMulti
    * [LEMONLDAP-1034] - Missing dependencies in documentation
    * [LEMONLDAP-1047] - SAML SLO from IDP does not work when SP is LL::NG
    * [LEMONLDAP-1050] - signing in to chrome devices via sso is broken
    * [LEMONLDAP-1059] - Portal disconnection warning
    * [LEMONLDAP-1057] - Change displayed message when sending confirmation mail after password reset

Clément OUDOT's avatar
Clément OUDOT committed
1069
1070
1071
1072
1073
1074
1075
1076
1077
lemonldap-ng (1.4.9) stable; urgency=low

    * [LEMONLDAP-1003] - Replace Mouse by Moose if ModPerl::Registry is used with Perl 5.22
    * [LEMONLDAP-1006] - Typo in Common/Apache/Session.pm on LDAP disconnect
    * [LEMONLDAP-1022] - The path of the request is lost when using the url parameter of a Choice module
    * [LEMONLDAP-1027] - Can't locate object method "client_ip" via package "Apache2::Connection"
    * [LEMONLDAP-1004] - Es, it, pt, ne and de translations
    * [LEMONLDAP-1031] - Be less restrictive on service parameter check in CAS issuer

Clément OUDOT's avatar
Clément OUDOT committed
1078
1079
1080
1081
1082
1083
1084
1085
lemonldap-ng (1.4.8) stable; urgency=low

    * [LEMONLDAP-985] - authForce is not well called trough AuthMulti
    * [LEMONLDAP-991] - LDAP TCP connections is still not closed
    * [LEMONLDAP-992] - LL:NG use wrong variables with Multi auth
    * [LEMONLDAP-1000] - Session errors with persistent sessions
    * [LEMONLDAP-986] - Propose packages for SLES 12 SP1

Clément OUDOT's avatar
Clément OUDOT committed
1086
1087
1088
1089
1090
1091
1092
1093
1094
1095
1096
lemonldap-ng (1.4.7) stable; urgency=low

    * [LEMONLDAP-802] - Apache2::Connection remote_ip not supported in Apache 2.4
    * [LEMONLDAP-842] - manager configuration tree does not display correctly
    * [LEMONLDAP-866] - Configuration deletion does not work
    * [LEMONLDAP-958] - Infinite redirection loop when redirected from Handler for an error (403/500/503)
    * [LEMONLDAP-964] - Links to change
    * [LEMONLDAP-968] - Headers corrupted when authenticating with HTTP basic authentication on a protected application
    * [LEMONLDAP-976] - $ENV is replaced by $datas->{ENV}
    * [LEMONLDAP-980] - Error "password must be changed" when user not found in AD

Clément OUDOT's avatar
Clément OUDOT committed
1097
1098
1099
1100
1101
1102
1103
1104
1105
1106
1107
1108
1109
1110
1111
lemonldap-ng (1.4.6) stable; urgency=low

    * [LEMONLDAP-705] - SAML with Signature Method rsa-sha256
    * [LEMONLDAP-715] - Multi with # in the module name: error while calling authLogout
    * [LEMONLDAP-720] - Error with CPAN tests
    * [LEMONLDAP-823] - duplicated groups when recursive groups enabled
    * [LEMONLDAP-841] - Error in extract_lang with a value with *
    * [LEMONLDAP-843] - localStorage replaced by localSessionStorage
    * [LEMONLDAP-845] - Session activity not updated
    * [LEMONLDAP-846] - Session cache not purged
    * [LEMONLDAP-848] - Do not call 'perl' directly (see RT#107205)
    * [LEMONLDAP-849] - Syntax checking on domain name is too restrictive
    * [LEMONLDAP-850] - SOAP data not well formatted
    * [LEMONLDAP-768] - Fixed with for application boxes in menu in bootstrap skin
    * [LEMONLDAP-771] - Adapt foot size in mobile mode for Bootstrap skin
Clément OUDOT's avatar
Clément OUDOT committed
1112
    * [LEMONLDAP-822] - checking pwdLastSet in AD is not sufficient
Clément OUDOT's avatar
Clément OUDOT committed
1113
    * [LEMONLDAP-781] - Lasso package
Clément OUDOT's avatar
Clément OUDOT committed
1114
    * [LEMONLDAP-785] - Display  password expiration management with Active Directory
Clément OUDOT's avatar
Clément OUDOT committed
1115
1116
1117
1118
1119
1120
1121
1122
    * [LEMONLDAP-792] - Support for multivaluated attributes in LDAP for groups

lemonldap-ng (1.4.5) stable; urgency=low

    * [LEMONLDAP-816] - Wrong definition of getAttributes in Portal WSDL
    * [LEMONLDAP-817] - Wrong parameter order for error SOAP operation in Portal WSDL
    * [LEMONLDAP-818] - Skin rules on mail reset and register page

Clément OUDOT's avatar
Clément OUDOT committed
1123
1124
1125
1126
1127
1128
1129
lemonldap-ng (1.4.4) stable; urgency=low

    * [LEMONLDAP-763] - purgeCentralCache sometimes hangs
    * [LEMONLDAP-783] - Test error with SOAP::Lite 1.12
    * [LEMONLDAP-784] - reset password in AD not working
    * [LEMONLDAP-788] - Captcha not working using multiple backends...
    * [LEMONLDAP-793] - Common/Conf/File must return an error if file can't be opened
Clément OUDOT's avatar
Clément OUDOT committed
1130
1131
1132
1133
1134
    * [LEMONLDAP-801] - Multi and Kerberos does not work with a positive LocationMatch
    * [LEMONLDAP-805] - Update session failure on high load if idle timeout is configured
    * [LEMONLDAP-806] - ErrorDocument conflicts with CentOS's default apache vhost
    * [LEMONLDAP-799] - parameter notOnOrAfter should be computed against SAML message emission date
    * [LEMONLDAP-807] - End of OpenID 2.0 support for Google on April 20, 2015
Clément OUDOT's avatar
Clément OUDOT committed
1135
1136
1137
1138
1139
1140
1141
1142
1143

lemonldap-ng (1.4.3) stable; urgency=low

    * [LEMONLDAP-775] - Cas Service Ticket should be used only once
    * [LEMONLDAP-772] - Collapse menu on click in mobile mode in Bootstrap skin
    * [LEMONLDAP-774] - Use portal bootstrap theme for test pages
    * [LEMONLDAP-765] - Provide packages for CentOS 7
    * [LEMONLDAP-780] - Remove old captcha dirs

Clément OUDOT's avatar
Clément OUDOT committed
1144
1145
1146
1147
1148
1149
1150
1151
1152
1153
1154
1155
1156
1157
1158
1159
1160
1161
1162
1163
1164
1165
1166
1167
1168
1169
1170
1171
1172
1173
1174
1175
1176
1177
1178
1179
1180
1181
1182
1183
1184
lemonldap-ng (1.4.2) stable; urgency=low

    * [LEMONLDAP-740] - TCP connections never closed on LDAP
    * [LEMONLDAP-743] - Password reset doesn't work with Apache::Session::MySQL::NoLock
    * [LEMONLDAP-745] - notifyDeleted ignored with the new bootstrap theme
    * [LEMONLDAP-747] -  Apache::Session::Postgres.pm
    * [LEMONLDAP-750] - Exported variable name vs LDAP attr name
    * [LEMONLDAP-751] - Login page on Bootstrap thème
    * [LEMONLDAP-752] - Portal URL is treated as Bad URL
    * [LEMONLDAP-753] - OpenID provider broken
    * [LEMONLDAP-754] - Error when configuring captcha trough Manager
    * [LEMONLDAP-758] - SAML metadata are not valid (NameIDFormat not in the rigth place)
    * [LEMONLDAP-761] - SOAP cannot be used with DBI backend
    * [LEMONLDAP-762] - Don't call data() on unavailable session
    * [LEMONLDAP-746] - Doc: update id size for DBI sessions backend
    * [LEMONLDAP-748] - Possibility to start with empty configuration masks errors loading conf backend
    * [LEMONLDAP-749] - AuthBasic doesn't support HTTPS with self-signed certificate
    * [LEMONLDAP-755] - check aliases when computing vhost rules on portal
    * [LEMONLDAP-760] - Apache2.4-style syntax

lemonldap-ng (1.4.1) stable; urgency=low

    * [LEMONLDAP-719] - AuthBasic handler doesn't check password when using AuthMulti (SSL;LDAP)
    * [LEMONLDAP-721] - Portal cipher object unavailable with useLocalConf = 1
    * [LEMONLDAP-722] - Error on session explorer and notification explorer on CentOS
    * [LEMONLDAP-723] - Error 500 on portal when mpm worker enabled on RHEL6.5
    * [LEMONLDAP-725] - [Password reset] Reset pwd with pwdReset cause empty $groups
    * [LEMONLDAP-727] - /status page not working since upgrade
    * [LEMONLDAP-728] - Skirt header cleaning with unprotect
    * [LEMONLDAP-730] - lmConfigEditor do not save conf with ldap backend
    * [LEMONLDAP-731] - convertConfig fail to migrate conf to LDAP from File
    * [LEMONLDAP-732] - Soap communication broken since upgrade
    * [LEMONLDAP-734] - lemonldap-ng-cli not working with LDAP conf backend
    * [LEMONLDAP-735] - IssuerDB modules do not work with Kerberos failback login script
    * [LEMONLDAP-736] - Do not force default value in SMTPServer
    * [LEMONLDAP-739] - dpkg error while installing fresh LemonLDAP::NG 1.4.0 on wheezy
    * [LEMONLDAP-738] - Add a portal button on the Manager
    * [LEMONLDAP-741] - Store errors in Common session module to display them in logs
    * [LEMONLDAP-742] - Do not make lock calls when session found in cache
    * [LEMONLDAP-737] - Possibilty to configure NotOnOrAfter and SessionNotOnOrAfter attributes in SAML messages

1185
1186
lemonldap-ng (1.4.0) stable; urgency=low

Clément OUDOT's avatar
Clément OUDOT committed
1187
1188
1189
1190
1191
1192
1193
1194
1195
1196
1197
1198
1199
1200
1201
1202
1203
1204
    * [LEMONLDAP-663] - Connections to auth backends not closed on errors
    * [LEMONLDAP-664] - Connections to LDAP not closed with the Multi plugin
    * [LEMONLDAP-670] - Bootstrap theme
    * [LEMONLDAP-693] - loginHistory and Session Explorer : Error
    * [LEMONLDAP-694] - Duplicate entry '1-globalStorage' for key 'PRIMARY' when using RDBI configuration
    * [LEMONLDAP-695] - Vulnerability on the size of session identifiers.
    * [LEMONLDAP-698] - error at reading last config number with RDBI config storage
    * [LEMONLDAP-699] - MySQL config storage lock does not work
    * [LEMONLDAP-700] - Unable to handle SAML session
    * [LEMONLDAP-701] - missing debian dependency to Mouse
    * [LEMONLDAP-704] - Unable to change password with Active Directory backend
    * [LEMONLDAP-708] - Memory leak in portal when notifications are enabled
    * [LEMONLDAP-709] - The cipher decrypt method breaks carriage returns
    * [LEMONLDAP-710] - sessionDatas not reinitialized from request to request in a thread
    * [LEMONLDAP-711] - Read a session in remote session backend causes an update request
    * [LEMONLDAP-712] - strange behaviour with session cache
    * [LEMONLDAP-386] - use LL::NG::Handler instead of custom perl module in apache config
    * [LEMONLDAP-430] - httpSession and updateSession + deleteSessionFromLocalStorage optimization
Yadd's avatar
Yadd committed
1205
    * [LEMONLDAP-591] - Portal should refresh their configuration cache on expiration
Clément OUDOT's avatar
Clément OUDOT committed
1206
1207
1208
1209
1210
1211
1212
1213
1214
1215
1216
1217
1218
1219
1220
1221
    * [LEMONLDAP-600] - Rewrite object libs with Moo or Mouse
    * [LEMONLDAP-636] - Manage exported variables per UserDB module
    * [LEMONLDAP-648] - Build French documentation in Makefile
    * [LEMONLDAP-657] - [SAML] NameID format customizable per SP
    * [LEMONLDAP-658] - Portal keepalive should be desactivable and configurable
    * [LEMONLDAP-671] - Cache management for configuration and sessions
    * [LEMONLDAP-675] - Password should not be send trough email
    * [LEMONLDAP-681] - Add option in SP configuration to specify which query_string method to use.
    * [LEMONLDAP-683] - Externalize all JS code and use make tidy-js
    * [LEMONLDAP-686] - Centralize default configuration values
    * [LEMONLDAP-702] - Possibility to start with empty configuration
    * [LEMONLDAP-703] - Do not use files for Captcha
    * [LEMONLDAP-26] - Auto-register page
    * [LEMONLDAP-208] - Build SAML IDP SSO initiated URL on IDP side for registered SP
    * [LEMONLDAP-629] - Handler with mpm_event

Clément OUDOT's avatar
Clément OUDOT committed
1222
1223
1224
1225
1226
1227
1228
1229
1230
1231
1232
1233
1234
1235
1236
1237
1238
1239
1240
1241
1242
1243
1244
1245
1246
1247
1248
1249
1250
1251
1252
1253
1254
1255
1256
1257
1258
1259
1260
1261
1262
1263
1264
1265
1266
1267
1268
1269
1270
1271
1272
1273
1274
1275
1276
lemonldap-ng (1.3.3) stable; urgency=low

    * [LEMONLDAP-665] - level parameter not used in userLog with syslog
    * [LEMONLDAP-684] - syslog: invalid level/facility: warn
    * [LEMONLDAP-685] - /var/lib/lemonldap-ng/psessions is not created on rpm based install
    * [LEMONLDAP-687] - 404 error : jquery-1.10.2.min.map is not found
    * [LEMONLDAP-688] - lemonldap-cli-ng apps-set-* and vhost-del not working properly
    * [LEMONLDAP-690] - Cannot register more than on POST URL in Manager
    * [LEMONLDAP-692] - lemonldap-ng-cli config encoding
    * [LEMONLDAP-689] - Remove compressed js file from Debian distribution
    * [LEMONLDAP-691] - Manage apache configuration during install

lemonldap-ng (1.3.2) stable; urgency=low

    * [LEMONLDAP-655] - Password change not working for DBI password backend with option "require old password" enabled
    * [LEMONLDAP-656] - UserDB Multi does not accept any module
    * [LEMONLDAP-660] - Missing PID in syslog messages
    * [LEMONLDAP-661] - lemonldap ng dependancy not installed for debian wheezy
    * [LEMONLDAP-662] - lemonldap ng psession directory not created in package
    * [LEMONLDAP-665] - level parameter not used in userLog with syslog
    * [LEMONLDAP-666] - Lemonldap NG (1.2.5) Control XSS problem with logonid have apostrophe
    * [LEMONLDAP-669] - [LDAP] Authentication process stopped if a user must change its password and expiration warning is displayed
    * [LEMONLDAP-674] - Remove Facebook script in offline doc
    * [LEMONLDAP-676] - Privacy break
    * [LEMONLDAP-677] - Signature Problem using ADFS as SP
    * [LEMONLDAP-679] - Javascript error in Manager when loading a metadata from URL
    * [LEMONLDAP-680] - CDA does not work for http with "double cookie for single session"
    * [LEMONLDAP-682] - Permissions for lemonldap-ng-cli
    * [LEMONLDAP-647] - Hide message div if no message to display
    * [LEMONLDAP-650] - logout tab in menu should display by default only if no other tab is present
    * [LEMONLDAP-654] - DBI authentication not working with Unix passwords in DB
    * [LEMONLDAP-659] - The user input field in password.tpl should be readonly or hidden
    * [LEMONLDAP-668] - Performance improvement with DNS cache
    * [LEMONLDAP-649] - Total rewrite of lemonldap-ng-cli tool
    * [LEMONLDAP-678] - Provide non minified versions of javascript libraries

lemonldap-ng (1.3.1) stable; urgency=low

    * [LEMONLDAP-635] - Extra tests fails on new install
    * [LEMONLDAP-637] - Missing XML::Simple dependency in Manager CPAN package
    * [LEMONLDAP-638] - Lemonldap::NG::Manager::Cli requires perl(feature),
      which is not available in EL5
    * [LEMONLDAP-639] - portal/captcha_output directory has 777 permissions
    * [LEMONLDAP-640] - /var/lib/lemonldap-ng/captcha is not created when
      installed from RPM
    * [LEMONLDAP-642] - Captcha directories not installed with DEB packages
    * [LEMONLDAP-644] - Captcha required in MailReset when asking to resend
      confirmation mail
    * [LEMONLDAP-645] - Captcha not displayed in AuthChoice with form based
      modules
    * [LEMONLDAP-646] - Manager broken for MSIE-8
    * [LEMONLDAP-641] - [SAML] Possibility to use IDP Name instead of IDP
      entityID in URL for IDP selection
    * [LEMONLDAP-643] - Launch initCaptcha only when needed

Clément OUDOT's avatar
Clément OUDOT committed
1277
1278
lemonldap-ng (1.3.0) stable; urgency=low

Clément OUDOT's avatar
Clément OUDOT committed
1279
1280
1281
1282
1283
1284
1285
1286
1287
1288
1289
1290
1291
1292
1293
1294
1295
1296
1297
1298
1299
1300
1301
1302
1303
1304
1305
1306
1307
    * [LEMONLDAP-471] - Incompatibility with Config::IniFiles 2.72
    * [LEMONLDAP-499] - purgeLocalCache does not work
    * [LEMONLDAP-513] - AD password field for userModifyPassword is not
      userPassword but unicodePwd and must be quoted and unicoded
    * [LEMONLDAP-520] - Manager requires custom functions to be run with
      arguments
    * [LEMONLDAP-590] - Memory Leak in Lemonldap::NG::Common::Conf
    * [LEMONLDAP-592] - Encoding problems in POD
    * [LEMONLDAP-593] - Auth Multi getDisplayType error when using # in Multi
      line configuration
    * [LEMONLDAP-599] - Missing some dependencies with Debian packaging
    * [LEMONLDAP-603] - Portal's display broken with MS IE 8
    * [LEMONLDAP-605] - skin rules are not applied on mail reset page
    * [LEMONLDAP-611] - Build failure on EL5
    * [LEMONLDAP-614] - Configuration is broken when adding a form replay node
      without post data
    * [LEMONLDAP-616] - logout_sso do not stop on the "you are disconnected"
      page
    * [LEMONLDAP-618] - Lasso error with AuthChoice
    * [LEMONLDAP-625] - remote_ip() not available with some mod_perl and may
      not be required for LLNG
    * [LEMONLDAP-626] - Manager's display broken with Internet Explorer 8
    * [LEMONLDAP-627] - Sessions explorer broken with Browseable backends
    * [LEMONLDAP-634] - Wrong rights on notifications dir in Debian
    * [LEMONLDAP-241] - Test for cryptographic functions
    * [LEMONLDAP-366] - [Notifications] Move Notifications code from Portal to
      Common
    * [LEMONLDAP-412] - Passwrd policy expiration warning time not friendly
      displayed
Yadd's avatar
Yadd committed
1308
    * [LEMONLDAP-493] - Make LL::NG's rpm spec file more portable
Clément OUDOT's avatar
Clément OUDOT committed
1309
1310
1311
1312
1313
1314
1315
1316
1317
1318
1319
1320
1321
1322
1323
1324
1325
1326
1327
1328
1329
1330
1331
1332
1333
1334
1335
1336
1337
1338
1339
    * [LEMONLDAP-500] - do not burden config in memory with useless things
    * [LEMONLDAP-524] - minimize weight of relaystate in SAML session backend
    * [LEMONLDAP-559] - Refine useXForwardedForIP option by setting trusted
      proxies
    * [LEMONLDAP-585] - Split SSO sessions and persistent sessions at
      installation
    * [LEMONLDAP-586] - Allow mail reset to be tested with Demo backend
    * [LEMONLDAP-589] - Debug info always printed in
      Lemonldap::NG::Common::Conf::LDAP
    * [LEMONLDAP-594] - Remove debian repository from distribution
    * [LEMONLDAP-596] - compute macros and local groups in a certain order
    * [LEMONLDAP-607] - Die and add error information if LDAP server is not
      reachable
    * [LEMONLDAP-619] - Add AuthFacebook module
    * [LEMONLDAP-620] - Centralize LWP::UserAgent in one file
    * [LEMONLDAP-628] - Optimization of configuration reload in Portal
    * [LEMONLDAP-61] - FastCGI portal
    * [LEMONLDAP-217] - Captcha in portal
    * [LEMONLDAP-291] - Support secondary Apache authentication in a "choice"
      authentication configuration
    * [LEMONLDAP-409] - Specific AD authentication module
    * [LEMONLDAP-457] - [Notifications] LDAP backend to store notifications
    * [LEMONLDAP-503] - vhost aliases
    * [LEMONLDAP-558] - Vhost alias
    * [LEMONLDAP-584] - BrowserID authentication module
    * [LEMONLDAP-588] - Include lemonldap-ng-cli
    * [LEMONLDAP-604] - Upgrade jQuery and jQuery UI built-in dependencies
    * [LEMONLDAP-612] - Hide password in logs when password is stored in
      session
    * [LEMONLDAP-613] - Log applied rule in debug mode
    * [LEMONLDAP-615] - Add AuthGoogle module
Yadd's avatar
Yadd committed
1340
    * [LEMONLDAP-617] - [SAML] Allow to skip the IDP selection
Clément OUDOT's avatar
Clément OUDOT committed
1341
1342
1343
1344
1345
1346
1347
1348
1349
1350
1351
1352
1353
1354
1355
1356
1357
1358
1359
1360
1361
1362
    * [LEMONLDAP-621] - Config storage in JSON file
    * [LEMONLDAP-623] - WebID authentication and user DB modules
    * [LEMONLDAP-632] - Rename liblemonldap-ng-conf-perl to
      lemonldap-ng-common-perl
    * [LEMONLDAP-631] - Minimize jQuery-UI

lemonldap-ng (1.2.5) stable; urgency=low

    * [LEMONLDAP-532] - SOAP not working with SSL
    * [LEMONLDAP-597] - Wrong evaluation of $ENV{REMOTE_ADDR} in Auth::Multi
      when safe jail is enabled
    * [LEMONLDAP-599] - Missing some dependencies with Debian packaging
    * [LEMONLDAP-603] - Portal's display broken with MS IE 8
    * [LEMONLDAP-605] - skin rules are not applied on mail reset page
    * [LEMONLDAP-608] - Could not configure different config file in Portal
      thru SharedConf
    * [LEMONLDAP-609] - case insensitive comparison in vhost
    * [LEMONLDAP-596] - compute macros and local groups in a certain order
    * [LEMONLDAP-598] - Sessions Explorer should use the browseable indexes
    * [LEMONLDAP-607] - Die and add error information if LDAP server is not
      reachable

Clément OUDOT's avatar
Clément OUDOT committed
1363
1364
1365
1366
1367
1368
1369
1370
1371
1372
1373
1374
1375
1376
1377
1378
1379
1380
1381
1382
1383
1384
1385
1386
1387
1388
1389
1390
1391
1392
1393
1394
1395
1396
1397
1398
1399
1400
1401
1402
1403
1404
1405
1406
1407
1408
1409
1410
1411
1412
1413
1414
1415
1416
1417
1418
1419
1420
1421
1422
1423
1424
1425
1426
1427
lemonldap-ng (1.2.4) stable; urgency=low

    * [LEMONLDAP-590] - Memory Leak in Lemonldap::NG::Common::Conf
    * [LEMONLDAP-592] - Encoding problems in POD
    * [LEMONLDAP-593] - Auth Multi getDisplayType error when using # in Multi
      line configuration
    * [LEMONLDAP-589] - Debug info always printed in
      Lemonldap::NG::Common::Conf::LDAP
    * [LEMONLDAP-594] - Remove debian repository from distribution

lemonldap-ng (1.2.3) stable; urgency=low

    * [LEMONLDAP-316] - Accentued letters in application list raise an error
      when configuration is stored in LDAP
    * [LEMONLDAP-536] - Password reset by mail do not work with DBI backend
    * [LEMONLDAP-537] - Web service deleteNotification do not work with DBI
      backend
    * [LEMONLDAP-538] - Bad log level in _DBI.pm
    * [LEMONLDAP-539] - Add SOAP::Lite dependency for Handler CPAN module
    * [LEMONLDAP-543] - LL:NG::Handler::AuthBasic fails to manage persistent
      connections
    * [LEMONLDAP-544] - Bad indexes in Browseable doc
    * [LEMONLDAP-545] - "none" target does not work in Handler/CGI.pm
    * [LEMONLDAP-548] - Error when displaying password policy messages (grace
      or expiration)
    * [LEMONLDAP-550] - Cannot use Target Url in Form Replay
    * [LEMONLDAP-551] - Invalid GET Request after Form Replay
    * [LEMONLDAP-552] - Error on configuration save if no reloadUrls defined
    * [LEMONLDAP-553] - SOAP Error: id is required at
      /usr/share/perl5/Lemonldap/NG/Portal/_SOAP.pm line 165
    * [LEMONLDAP-555] - Rules field stay in readonly with JQuery 1.7.2
    * [LEMONLDAP-556] - Cookie sent to untrusted domain with CDA
    * [LEMONLDAP-557] - Get Key From All Sessions in File backend can fail on
      corrupted sessions
    * [LEMONLDAP-561] - SAML transient NameID does not work
    * [LEMONLDAP-562] - CAS Authn + SAML IDP: authLogout error
    * [LEMONLDAP-570] - SAML messages signatures are not verified - SECURITY
      ISSUE
    * [LEMONLDAP-574] - Local cache purge script does not work
    * [LEMONLDAP-579] - missing dir in handler debian package
    * [LEMONLDAP-580] - Mail subject is not correctly encoded
    * [LEMONLDAP-412] - Passwrd policy expiration warning time not friendly
      displayed
    * [LEMONLDAP-512] - free size for cipher key
    * [LEMONLDAP-554] - Some improvements on lmConfigEditor
    * [LEMONLDAP-559] - Refine useXForwardedForIP option by setting trusted
      proxies
    * [LEMONLDAP-563] - CAS Authn + SAML IDP: Passing request parameters to
      redirect
    * [LEMONLDAP-566] - Allow to sort categories in the application list
    * [LEMONLDAP-568] - Split Test and Handler Apache configuration
    * [LEMONLDAP-569] - Fix application div height in application list
    * [LEMONLDAP-572] - Add X-Forwarded-For Header in SOAP request sent by
      LL::NG::Handler::AuthBasic
    * [LEMONLDAP-573] - Do not send void HTTP headers
    * [LEMONLDAP-576] - Hide post form when using Form Replay
    * [LEMONLDAP-577] - Display "Password changed" in Menu
    * [LEMONLDAP-549] - Display LL::NG version in Manager
    * [LEMONLDAP-560] - logging SAML authn response
    * [LEMONLDAP-578] - Rules to display a skin depending on called URL or IP
      address
    * [LEMONLDAP-535] - Force the ip adress when calling the webservice
      urn:/Lemonldap::NG::Common::CGI::SOAPService
    * [LEMONLDAP-546] - Form replay: POST request is not sent
    * [LEMONLDAP-541] - Handler SOAP errors : setAttributes is not an
Christophe Maudoux's avatar
Typo    
Christophe Maudoux committed
1428
      authorized function
Clément OUDOT's avatar
Clément OUDOT committed
1429
1430
1431
1432
1433
    * [LEMONLDAP-547] - Update Browseable documentation in case of SAML in use
    * [LEMONLDAP-565] - Update META.yml files
    * [LEMONLDAP-581] - Clean Perl dependencies
    * [LEMONLDAP-582] - Update .pm copyrights

1434
1435
1436
1437
1438
1439
1440
1441
1442
1443
1444
1445
1446
1447
1448
1449
1450
1451
1452
1453
1454
1455
1456
1457
1458
1459
1460
1461
1462
1463
1464
1465
1466
1467
1468
1469
1470
1471
1472
1473
1474
1475
lemonldap-ng (1.2.2) stable; urgency=low

    * [LEMONLDAP-436] - LDAP Search error when authenticating and identifying
      on two LDAP (AD) with Multi modules
    * [LEMONLDAP-490] - bad error log when user sends wrong login
    * [LEMONLDAP-497] - CDA not working
    * [LEMONLDAP-498] - DBI config storage does not use transactions
    * [LEMONLDAP-506] - When working with 2 LDAP in Multi Mode, LDAP connexion
      not reinitialized on second LDAP if user not found in first LDAP
    * [LEMONLDAP-509] - regex for ldapServer on storing in Manager is too
      string/wrong
    * [LEMONLDAP-510] - javascript: $('...').attr('checked')==true never neems
      to evaluate to TRUE
    * [LEMONLDAP-515] - Parameter portalRequireOldPassword not checked in DBI
    * [LEMONLDAP-516] - date popup in notification manager
    * [LEMONLDAP-517] - typo in cookie name in portal WSDL
    * [LEMONLDAP-518] - SAML session purge
    * [LEMONLDAP-519] - SOAP webservice getCookies() should work with Auth
      Multi
    * [LEMONLDAP-522] - Cross-domain authentication and http cookies
    * [LEMONLDAP-523] - RelayState is not sent in SAML logout requests by POST
      method
    * [LEMONLDAP-527] - Error with CDA when redirecting to other domain with
      lemon cookie as a get parameter
    * [LEMONLDAP-528] - With CDA, even if service url is https, cookie secure
      flag is not set for the second domain
    * [LEMONLDAP-529] - getDisplayType not well called in Multi backend
    * [LEMONLDAP-530] - on androïd device, accept language misunderstood
    * [LEMONLDAP-491] - Don't import all functions of POSIX
    * [LEMONLDAP-494] - Lemonldap::NG::Portal::_DBI::hash_password and wrong
      log type
    * [LEMONLDAP-501] - All sessions browsed at SAML authentication
    * [LEMONLDAP-505] - Make portal W3C compliant for html validation
    * [LEMONLDAP-507] - It's better to "warn" the user when we create a fake
      jail
    * [LEMONLDAP-508] - Add armel architecture for debian repository
    * [LEMONLDAP-514] - Enable notifications by default
    * [LEMONLDAP-521] - arguments of custom functions
    * [LEMONLDAP-249] - Manage apply key with the manager
    * [LEMONLDAP-511] - A new SOAP webservice for deleting notifications
    * [LEMONLDAP-504] - CLONE - Verify that oldPassword is not empty

Clément OUDOT's avatar
Clément OUDOT committed
1476
1477
lemonldap-ng (1.2.1) stable; urgency=low

Clément OUDOT's avatar
Clément OUDOT committed
1478
1479
1480
1481
1482
1483
1484
1485
1486
1487
1488
1489
    * [LEMONLDAP-479] - LDAP groups are not stored in the session anymore
    * [LEMONLDAP-481] - option --latest doesn't work in script convertConfig
    * [LEMONLDAP-486] - X Forwarded For option is not used in login history
    * [LEMONLDAP-487] - lmMigrateConfFiles2ini do not support continuation
      lines in ini file
    * [LEMONLDAP-488] - Quote not escaped when converting old application list
      XML file
    * [LEMONLDAP-484] - Use CSS3 standard attribute for shadow and rounded
      corners
    * [LEMONLDAP-485] - Template inclusion error when sending an HTML mail
    * [LEMONLDAP-483] - Remove all defined() on @array or %hash of LL::NG code

1490
1491
lemonldap-ng (1.2.0) stable; urgency=low

Clément OUDOT's avatar
Clément OUDOT committed
1492
1493
1494
1495
1496
1497
1498
1499
1500
1501
1502
1503
1504
    * [LEMONLDAP-251] - Error on form based UserDB modules afeter an non
      formed based Auth module display the form
    * [LEMONLDAP-320] - Unprotect rule does not delete headers
    * [LEMONLDAP-367] - Debian package on a fresh install still need upgrade
      procedure
    * [LEMONLDAP-368] - user root can't have lmConfigEditor running because of
      wrong file permissions
    * [LEMONLDAP-369] - perl error reported in logs when HTTP header
      "Accept-Language" not defined
    * [LEMONLDAP-370] - behaviour of tree menu in manager
    * [LEMONLDAP-371] - custom function declaration doesn't work through
      management UI
    * [LEMONLDAP-373] - Field values lost in manager
Yadd's avatar
Yadd committed
1505
    * [LEMONLDAP-375] - empty query string in redirect url
Clément OUDOT's avatar
Clément OUDOT committed
1506
1507
1508
1509
1510
1511
1512
1513
1514
1515
1516
1517
1518
1519
1520
1521
1522
1523
1524
1525
1526
1527
1528
1529
1530
1531
1532
1533
1534
1535
1536
1537
1538
1539
1540
1541
1542
1543
1544
    * [LEMONLDAP-376] - wrong authentication mode stored in session with
      authMulti when SSLRequire set to 0
    * [LEMONLDAP-380] - Mail reset session not destroyed when password is
      changed
    * [LEMONLDAP-384] - When force password reset form is incomplete, user is
      redirected to main authentication screen
    * [LEMONLDAP-390] - Saml Attribute form not reset in Manager
    * [LEMONLDAP-391] - [Choice] No choice should return PE_FIRSTACCESS and
      not PE_FORMEMPTY
    * [LEMONLDAP-392] - Bad URL error when connected to the menu display the
      login form instead of the menu
    * [LEMONLDAP-393] - Can't create samlIDPMetaDataExportedAttributes or
      samlSPMetaDataExportedAttributes
    * [LEMONLDAP-394] - RelayState is sometimes not transferred by SAML IdP
    * [LEMONLDAP-397] - [SAML] server error when SOAP SLO request is sent by
      IDP, and SOAP access is not possible on SP
    * [LEMONLDAP-399] - invalid syntax of wsdl made by buildPortalWSDL
    * [LEMONLDAP-401] - SOAP method getMenuApplications lock the session
    * [LEMONLDAP-405] - No redirect with impact skin
    * [LEMONLDAP-407] - Missing dependency Crypt::OpenSSL::Bignum
    * [LEMONLDAP-410] - Manager should reject vhost value like
      test.example.com:8080
    * [LEMONLDAP-411] - LDAP change password as user and extended modify
      password change are not working
    * [LEMONLDAP-418] - Typo bug in Debian control file
    * [LEMONLDAP-420] - Unable to access to http virtualhosts
    * [LEMONLDAP-425] - Error code: 200, SyntaxError: JSON.parse in Manager
    * [LEMONLDAP-426] - Unused perl-Apache-AuthNetLDAP dependency in spec file
    * [LEMONLDAP-427] - _deleteSessionFromLocalStorage should exit directly if
      no $id given
    * [LEMONLDAP-429] - links to css and js in html broken if portal url is
      not a root url
    * [LEMONLDAP-437] - SAML: redirect binding not working
    * [LEMONLDAP-441] - Manager do not display a correct error when
      configuration store fails
    * [LEMONLDAP-445] - Portal personalized messages are UTF8 doubled encoded
    * [LEMONLDAP-446] - Server error when a password mail reset session is
      unavailable and the token is passed to mail.pl
    * [LEMONLDAP-447] - Bad identifier in grantSession logs
Yadd's avatar
Yadd committed
1545
    * [LEMONLDAP-448] - defined(%hash) is deprecated
Clément OUDOT's avatar
Clément OUDOT committed
1546
1547
1548
1549
1550
1551
1552
1553
1554
1555
1556
1557
1558
1559
1560
1561
1562
1563
1564
1565
1566
1567
1568
1569
1570
1571
1572
1573
1574
1575
1576
1577
1578
1579
1580
1581
1582
1583
1584
1585
1586
1587
1588
1589
1590
1591
1592
1593
1594
1595
1596
1597
1598
1599
1600
1601
1602
1603
1604
1605
1606
1607
1608
1609
1610
1611
1612
    * [LEMONLDAP-450] - SAML Authn not working with binding HTTP Redirect
    * [LEMONLDAP-454] - Replace $ip with client IP in forging HTTP headers
      doesn't work
    * [LEMONLDAP-455] - Notification error because text is not valid UTF-8
    * [LEMONLDAP-464] - LL::NG::Handler::AuthBasic displays login / password
      in error log
    * [LEMONLDAP-465] - Error messages with portal SOAP services
    * [LEMONLDAP-466] - SAML logout not working with js redirection
    * [LEMONLDAP-467] - SAML redirection seen as CDA requests
    * [LEMONLDAP-469] - No CAS authentication with CDA enabled
    * [LEMONLDAP-470] - Zimbra PreAuth Handler syntax error
    * [LEMONLDAP-472] - Debian package not signed
    * [LEMONLDAP-473] - SOAP items
    * [LEMONLDAP-478] - CAS Issuer do not work with CAS v1
    * [LEMONLDAP-276] - Parameters to specify sub directories for portal and
      manager URL
    * [LEMONLDAP-377] - Add error cases in mail reset by mail management
    * [LEMONLDAP-382] - Move session update on password change in the main
      modifyPassword method
    * [LEMONLDAP-383] - Update local cache when session is updated
    * [LEMONLDAP-387] - prompt custom messages when ungrant session
    * [LEMONLDAP-398] - Old value 'ldap' for authentication is not accepted in
      Manager
    * [LEMONLDAP-400] - Reload SAML server cache on new configuration
    * [LEMONLDAP-403] - Alphabetical order in authentication modules select
    * [LEMONLDAP-404] - Check only path in the URI instead of full URL to
      match an IssuerDB action path
    * [LEMONLDAP-408] - Allow CAS to be on other urls than /cas
    * [LEMONLDAP-421] - Double cookie but single session
    * [LEMONLDAP-422] - Telling the authenticated user that he will be
      redirected
    * [LEMONLDAP-432] - Check conditions in AuthSlave and UserDBSlave
    * [LEMONLDAP-438] - User is not informed of SAML single logout success
    * [LEMONLDAP-453] - Add authentication mode in auth log
    * [LEMONLDAP-458] - Force FollowSymLinks option in Apache configuration
    * [LEMONLDAP-468] - optimize default structure of notifications table and
      requests
    * [LEMONLDAP-474] - textarea instead of text input
    * [LEMONLDAP-475] - Text items for session display
    * [LEMONLDAP-476] - Allow execution of portal's and manager's CGI in shell
    * [LEMONLDAP-236] - SSO with public/auth Website
    * [LEMONLDAP-249] - Manage apply key with the manager
    * [LEMONLDAP-342] - Create a "maintenance" rule target to disallow an
      application
    * [LEMONLDAP-378] - Display confirmation mail creation date and expiration
      date in mail reset screens
    * [LEMONLDAP-379] - Use session attributes in templates
    * [LEMONLDAP-385] - Option to send a mail when the password is changed
    * [LEMONLDAP-389] - store and display login history
    * [LEMONLDAP-396] - Radius authentication module
    * [LEMONLDAP-416] - Create Auth/UserDB/PasswordDB Demo
    * [LEMONLDAP-417] - Apache Fitler to add application panel on protected
      pages
    * [LEMONLDAP-424] - keyword 'skip' in access rules, to skip access control
    * [LEMONLDAP-442] - Keep only current version documentation offline
    * [LEMONLDAP-443] - Option to bypass XSS checks on fields or URL
    * [LEMONLDAP-449] - Possibility to set custom template parameters
    * [LEMONLDAP-456] - Allow to set false value of a customized error message
      to test it in a template
    * [LEMONLDAP-459] - Translate cookie domain in internat proxy (lmProxy)
    * [LEMONLDAP-477] - Refuse authentication if 2 entries match the
      authentication filter
    * [LEMONLDAP-406] - missing dependency on a basic portal installation
    * [LEMONLDAP-413] - Verify that oldPassword is not empty
    * [LEMONLDAP-435] - Move contribs modules to github
    * [LEMONLDAP-444] - Reorganize files in SVN repository

1613
1614
1615
1616
1617
1618
1619
1620
1621
1622
1623
1624
1625
1626
1627
1628
1629
1630
1631
1632
1633
1634
1635
1636
1637
1638
1639
lemonldap-ng (1.1.2) stable; urgency=low

    * [LEMONLDAP-355] - The "basic($uid,$_password)" extended function makes an
      error 500 in Apache
    * [LEMONLDAP-356] - Wrong language when user has already a session and gets
      redirected
    * [LEMONLDAP-357] - CPAN tester report: missing dependency for SecureToken
      Handler
    * [LEMONLDAP-358] - [SecureToken] Check if cached connection is alive before
      using it
    * [LEMONLDAP-359] - [SecureToken] Add an option to raise error if token
      could not be generated
    * [LEMONLDAP-360] - Fix Debian dependencies
    * [LEMONLDAP-361] - [CAS Issuer] check authorization on CAS service
    * [LEMONLDAP-362] - Portal grant function returns -1 on undefined vhost. It
      should return 0.
    * [LEMONLDAP-363] - Lasso Debian dependency need to be updated
    * [LEMONLDAP-364] - Configure httpOnly option in Manager
    * [LEMONLDAP-365] - Log sent headers in debug mode

lemonldap-ng (1.1.1) stable; urgency=low

    * [LEMONLDAP-350] - remote SOAP handlers errors on reload
    * [LEMONLDAP-351] - Cannot get LDAP groups for DN with '\' into it
    * [LEMONLDAP-352] - Notifications needs to be accepted twice
    * [LEMONLDAP-353] - Configure notification filename value separator

Clément OUDOT's avatar
Clément OUDOT committed
1640
1641
1642
1643
1644
1645
1646
1647
1648
1649
1650
1651
1652
1653
1654
1655
1656
1657
1658
1659
1660
1661
1662
1663
1664
1665
1666
1667
1668
1669
1670
1671
1672
1673
1674
1675
1676
1677
1678
1679
1680
1681
1682
1683
1684
1685
1686
1687
1688
1689
1690
1691
1692
1693
1694
1695
1696
1697
1698
1699
1700
1701
1702
1703
1704
1705
1706
1707
1708
1709
1710
1711
1712
1713
1714
1715
1716
1717
1718
lemonldap-ng (1.1.0) stable; urgency=low

    * [LEMONLDAP-303] - Form replay filter is not compatible with recent Safe
      module version
    * [LEMONLDAP-314] - [Password Reset] Manage special characters in mail
      subject
    * [LEMONLDAP-315] - No error is displayed if configuration is not stored
    * [LEMONLDAP-317] - Errors "setKeyToH... is not a reference" are not errors
      but debug information
    * [LEMONLDAP-318] - Do not toggle opacity between tabs
    * [LEMONLDAP-319] - Custom functions and SafeLib ignored if Safe jail is
      disabled
    * [LEMONLDAP-322] - notificationStorageOptions parameter is ignored
    * [LEMONLDAP-323] - Undefined subroutine
      Lemonldap::NG::Portal::SharedConf::newNotification
    * [LEMONLDAP-324] - SAML IDP does no with Google Apps and Lasso 2.3.5
    * [LEMONLDAP-325] - Persistent sessions are deleted by portal cron job
    * [LEMONLDAP-327] - Notifications retrieved from DBI backend are reencoded
      in UTF8
    * [LEMONLDAP-329] - Error " Day '00' out of range 1..31" with DBI
      notifications getDone subroutine
    * [LEMONLDAP-330] - Syntax check on managerDn is too restrictive
    * [LEMONLDAP-331] - Reference is not decoded in File notification backend,
      in function getAll
    * [LEMONLDAP-333] - Password policy reset password is not possible if
      password tab is not allowed
    * [LEMONLDAP-334] - Some LDAP directories do not return password policy
      control when bind failed
    * [LEMONLDAP-335] - MIME subject encoding does not work with every mailer
    * [LEMONLDAP-337] - Target URL is lost in password policy reset workflow
    * [LEMONLDAP-338] - Handler::Proxy raise error with POST request without
      content-length
    * [LEMONLDAP-344] - purgeCentralCache abort if session cannot be deleted
    * [LEMONLDAP-15] - Reload configuration tree after configuration save in
      Manager
    * [LEMONLDAP-203] - Persistent Storage configuration
    * [LEMONLDAP-222] - Replace old slavePortal.pl example by
      AuthSlave+UserDBSlave
    * [LEMONLDAP-238] - Comment in AuthChoice keys
    * [LEMONLDAP-295] - Add an option to support old application list objects in
      Menu
    * [LEMONLDAP-332] - Configure mailSessionKey in Manager
    * [LEMONLDAP-336] - Create an option to touch the pwdReset attribute if the
      password was generated on reset form
    * [LEMONLDAP-339] - Create a category in Sessions explorer for notifications
      done
    * [LEMONLDAP-340] - Store URL origin in session
    * [LEMONLDAP-349] - Specific error message when password form is empty in
      mail reset workflow
    * [LEMONLDAP-288] - Secure Token Handler
    * [LEMONLDAP-296] - Yubikey authentication module
    * [LEMONLDAP-299] - Default notification for all users
    * [LEMONLDAP-300] - [Password Reset] Allow other fields than email
    * [LEMONLDAP-301] - [Password Reset] Allow to resend a confirmation mail
    * [LEMONLDAP-302] - [Password Reset] Allow to change the password on the
      portal
    * [LEMONLDAP-306] - Add a customheader.tpl and customfooter.tpl in skins
    * [LEMONLDAP-308] - Remeber user password when password reset is required by
      LDAP server
    * [LEMONLDAP-309] - [Password Reset] Option to set password reset request
      timeout
    * [LEMONLDAP-310] - Test if mail templates are defined in the skin before
      using the common ones
    * [LEMONLDAP-311] - [Password Reset] Option to set HTML mail charset
    * [LEMONLDAP-312] - [Password Reset] Option to set reply to field
    * [LEMONLDAP-313] - [Password Reset] Include images and CSS in MIME mail
    * [LEMONLDAP-326] - Allow to set titles and subtitles in notification
      messages
    * [LEMONLDAP-328] - Notification explorer
    * [LEMONLDAP-341] - Notifications with conditions
    * [LEMONLDAP-343] - Delete session in local Handler cache in portal logout
      process
    * [LEMONLDAP-345] - Open SSO session after successful password reset from
      ppolicy
    * [LEMONLDAP-346] - Possibility to configure XSLT used to display
      notifications
    * [LEMONLDAP-347] - Possibility to customize messages from the portal
    * [LEMONLDAP-348] - Possibility to access menu tab with an URL

Clément OUDOT's avatar
Clément OUDOT committed
1719
lemonldap-ng (1.0.6) stable; urgency=low
Yadd's avatar
Yadd committed
1720

Clément OUDOT's avatar
Clément OUDOT committed
1721
1722
1723
1724
1725
1726
    * [LEMONLDAP-297] - LDAP attributes are not explicitely requested
    * [LEMONLDAP-298] - Multi option with # not accepted in Manager
    * [LEMONLDAP-304] - Cannot use spaces between values of Multi
      authentication
      parameter
    * [LEMONLDAP-305] - Parameters are not overriden in the first Multi module
Yadd's avatar
Yadd committed
1727
    * [LEMONLDAP-307] - Base64 encoded IDs can contain more than one "/", but
Clément OUDOT's avatar
Clément OUDOT committed
1728
1729
      only the first is escaped

Clément OUDOT's avatar
Clément OUDOT committed
1730
1731
1732
1733
1734
1735
1736
lemonldap-ng (1.0.5) stable; urgency=low

    * [LEMONLDAP-292] - Application menu is not well displayed with multiple
      users having differents rights
    * [LEMONLDAP-294] - Subroutines can not be overriden in lemonldap-ng.ini
    * [LEMONLDAP-293] - Password Manager - Sending Mail

Clément OUDOT's avatar
Clément OUDOT committed
1737
1738
1739
1740
1741
1742
lemonldap-ng (1.0.4) stable; urgency=low

    * [LEMONLDAP-285] - Macro are not always recalculated
    * [LEMONLDAP-286] - CPAN Testers report
    * [LEMONLDAP-289] - Dark skin seems broken, but it is just "art"

1743
1744
1745
1746
1747
1748
1749
lemonldap-ng (1.0.3) stable; urgency=low

    * [LEMONLDAP-282] - Class::Inspector is needed to build RPM
    * [LEMONLDAP-283] - CPAN Testers report
    * [LEMONLDAP-284] - Applications with 'display auto' are always hidden in
      Menu

Clément OUDOT's avatar
Clément OUDOT committed
1750
1751
1752
1753
1754
1755
1756
1757
1758
1759
1760
1761
1762
1763
1764
1765
1766
1767
1768
1769
1770
1771
1772
1773
1774
1775
lemonldap-ng (1.0.2) stable; urgency=low

    * [LEMONLDAP-263] - Common::Apache::Session uses wrong serialization
      algorithm with Postgres
    * [LEMONLDAP-264] - sessions explorer is not protected by LemonLDAP
    * [LEMONLDAP-265] - authenticationLevel not honored
    * [LEMONLDAP-266] - logout_app in rules break the manager
    * [LEMONLDAP-267] - portalOpenLinkInNewWindow has no effect
    * [LEMONLDAP-268] - logout_app and logout_app_sso does not work with
      Lemonldap::NG::Handler::Proxy
    * [LEMONLDAP-269] - Reset password feature does not work with AuthChoice
    * [LEMONLDAP-270] - Safe.pm 2.27 restrict the usage of custom functions
    * [LEMONLDAP-271] - Portal configuration cache not reset after
      configuration change in Manager
    * [LEMONLDAP-272] - DBI authentication level not honored
    * [LEMONLDAP-274] - Redirection URL is not good in Handler::CGI::_uri
      function
    * [LEMONLDAP-277] - Debian packaging requires libnet-ldap-perl >=1:0.38
    * [LEMONLDAP-278] - Pb in Debian package liblemonldap-ng-conf-perl
    * [LEMONLDAP-279] - handler-apache2.conf not shipped with Debian
    * [LEMONLDAP-280] - Empty menu categories are not hidden
    * [LEMONLDAP-281] - [Debian bug #612719] Package description outdated
    * [LEMONLDAP-273] - Require jQuery 1.4+ in Debian packaging
    * [LEMONLDAP-275] - use $ENV{SCRIPT_FILENAME} instead of
      $ENV{DOCUMENT_ROOT} to referer to different htdocs directories

Yadd's avatar
Yadd committed
1776
1777
lemonldap-ng (1.0.1) stable; urgency=low

Yadd's avatar
Yadd committed
1778
1779
1780
1781
1782
1783
1784
    * [LEMONLDAP-258] - Portal with $vhost in Handler does not work
    * [LEMONLDAP-261] - Session explorer does not work with LDAP backend
    * [LEMONLDAP-262] - Sessions not purged with Apache::Session::File
    * [LEMONLDAP-263] - Common::Apache::Session uses wrong serialization
      algorithm with Postgres
    * [LEMONLDAP-257] - Integrate manager access directly in portal
    * [LEMONLDAP-240] - Translation framework for doc
Yadd's avatar
Yadd committed
1785

1786
1787
1788
1789
1790
1791
1792
1793
1794
1795
1796
1797
1798
1799
1800
1801
1802
1803
1804
1805
1806
1807
1808
1809
1810
1811
1812
1813
1814
1815
1816
1817
1818
1819
1820
1821
1822
1823
1824
1825
1826
1827
1828
1829
1830
1831
1832
1833
1834
1835
1836
1837
1838
1839
1840
1841
1842
1843
1844
1845
1846
1847
1848
1849
1850
1851
1852
1853
1854
1855
1856
1857
1858
1859
1860
1861
1862
1863
1864
1865
1866
1867
1868
1869
1870
1871
1872
1873
1874
1875
1876
1877
1878
lemonldap-ng (1.0) stable; urgency=low

    * [LEMONLDAP-1] - ldapGroupAttributeNameSearch not well Serialized by
      Manager
    * [LEMONLDAP-11] - Manager is not working with jQuery 1.4
    * [LEMONLDAP-17] - reloadAuthParams function can destroy configuration
      values
    * [LEMONLDAP-45] - logout_app_sso not accepted by Manager
    * [LEMONLDAP-63] - Error when selecting a deleted session in Sessions
      Explorer
    * [LEMONLDAP-65] - Cannot set empty values in textarea in Manager
    * [LEMONLDAP-92] - Cannot change password from menu
    * [LEMONLDAP-93] - LDAP connection error on high load
    * [LEMONLDAP-99] - Special UTF-8 characters cannot be sent in HTTP-BASIC
    * [LEMONLDAP-117] - Invalid use of Safe to access APR::Table module
      (LL::NG not working on RHEL5.5)
    * [LEMONLDAP-118] - Cannot store configuration in Postgresql DB
    * [LEMONLDAP-125] - SAML request is lost in portal user interaction
      (remove other sessions for example)
    * [LEMONLDAP-127] - Can not set samlStorageOptions from Manager
    * [LEMONLDAP-128] - LemonLDAP::NG not compatible with perl-LDAP 0.4001
    * [LEMONLDAP-132] - Can't refuse SAML federation
    * [LEMONLDAP-133] - SAML sessions are displayed as "other sessions"
    * [LEMONLDAP-134] - Sessions created by AuthSAML are not displayed in
      sessions explorer
    * [LEMONLDAP-136] - Metadatas bad displayed in manager
    * [LEMONLDAP-137] - Portal value is not used to fill default values in
      Manager
    * [LEMONLDAP-138] - Password of a private key is not erased when
      generating a new key without password
    * [LEMONLDAP-142] - Sessions explorer hides password value stored in
      sessions datas
    * [LEMONLDAP-143] - Invalid message with artefact POST from SP to IDP
    * [LEMONLDAP-144] - Signature verification fail on SP side received
      artifact message
    * [LEMONLDAP-145] - Double utf-8 encoding in SOAP requests
    * [LEMONLDAP-150] - Error code: 200, SyntaxError: JSON.parse with value
      with spaces
    * [LEMONLDAP-156] - confirm parameter is not secured
    * [LEMONLDAP-161] - RelayState value given by SP is HTML reencoded
    * [LEMONLDAP-167] - Bug with trunk installed from scratch
    * [LEMONLDAP-169] - IssuerDB CAS : ticket is added 2 times in URL with a
      service URL containing parameters
    * [LEMONLDAP-170] - SAML: artifact resolution URL is not in authForce
      method
    * [LEMONLDAP-172] - Google Apps SSO not working with Lasso 2.3.2
    * [LEMONLDAP-177] - OpenID provider cache login/password information:
      cannot login after bad password
    * [LEMONLDAP-179] - OpenID provider does not honor SREG request if only
      optional attributes
    * [LEMONLDAP-182] - Pages displayed by confirm return a 500 error under
      cgi-script
    * [LEMONLDAP-187] - lmAttrOrMacro test in Manager is not suitable for
      OpenID SREG attributes
    * [LEMONLDAP-189] - Cleanup process slows down considerably the Apache
      server
    * [LEMONLDAP-190] - Display must display the menu when process() returns
      an eror but user is authenticated
    * [LEMONLDAP-198] - Cross domain does not work anymore
    * [LEMONLDAP-200] - Restore persistent session does not work if
      whatToTrace is a macro
    * [LEMONLDAP-201] - OpenID tests are not correctly skipped if no OpenID
      module
    * [LEMONLDAP-202] - searchOn no working with SAML and
      Apache::Session::File
    * [LEMONLDAP-207] - Confirm stamp is not used everywhere in SAML IDP
      selection
    * [LEMONLDAP-214] - Auth choice is not working with several authentication
      forms
    * [LEMONLDAP-215] - DBI authentication not working with prepared
      statements
    * [LEMONLDAP-216] - getLocalConf called without 2nd argument
    * [LEMONLDAP-223] - Offline doc css referer to unexistant directory /lib/
    * [LEMONLDAP-224] - Manager window size is bigger than screen
    * [LEMONLDAP-228] - Apache::Session::Browseable searchOn functions broken
      by new Apache::Session wrapper
    * [LEMONLDAP-229] - Multi not useable on Manager
    * [LEMONLDAP-230] - SOAP config backend broken
    * [LEMONLDAP-232] - Cannot configure several LDAP servers in Manager
    * [LEMONLDAP-233] - Debian manager broken with jquery-ui 1.8.6
    * [LEMONLDAP-235] - Session creation test in Manager does not work with
      SOAP session backend
    * [LEMONLDAP-237] - Single logout broken by AuthChoice
    * [LEMONLDAP-239] - key type of portalDisplayAppList must be boolean
    * [LEMONLDAP-242] - CAS proxy ticket is always asked with CAS
      authentication
    * [LEMONLDAP-16] - Use parameterized statements in DBI to prevent SQL
      injection
    * [LEMONLDAP-58] - Catch ENV variables to fill session for all UserDB
      modules
    * [LEMONLDAP-97] - Add configuration parameters for private keys passwords
    * [LEMONLDAP-103] - String encoding in sessions
    * [LEMONLDAP-120] - Force UTF-8 in File backend
Yadd's avatar
Yadd committed
1879
    * [LEMONLDAP-130] - Create a "reload" vhost independent from test
1880
1881
1882
1883
1884
1885
1886
1887
1888
1889
1890
1891
1892
1893
1894
1895
1896
1897
1898
1899
1900
1901
1902
1903
1904
1905
1906
1907
1908
1909
1910
1911
1912
1913
1914
1915
1916
1917
1918
1919
1920
1921
1922
1923
1924
1925
1926
1927
1928
1929
1930
1931
1932
1933
1934
1935
1936
1937
1938
1939
1940
1941
1942
1943
1944
1945
1946
1947
1948
1949
1950
1951
1952
1953
1954
      applications
    * [LEMONLDAP-131] - SAML documentation
    * [LEMONLDAP-147] - Add an activation parameter for each IssuerDB
    * [LEMONLDAP-148] - Register SSO session_id in SAML sessions
    * [LEMONLDAP-149] - Add auhtForce, authFinish and authLogout methods in
      all authentication modules
    * [LEMONLDAP-152] - Configure authenticationLevel for authentication
      backends
    * [LEMONLDAP-154] - Work on session manager eyecandy
    * [LEMONLDAP-157] - Warning messages in make test
    * [LEMONLDAP-160] - Display lib for portal
    * [LEMONLDAP-168] - Delete local session when logout URL is cached
    * [LEMONLDAP-178] - Use same Apache conf files for default and Debian
      install
    * [LEMONLDAP-180] - Explain messages displayed in error.log (except debug)
    * [LEMONLDAP-181] - Manager must warn when portal is not in "domain"
    * [LEMONLDAP-186] - CAS Issuer parameters in Manager
    * [LEMONLDAP-188] - Use autoloader to reduce handler size
    * [LEMONLDAP-191] - Use persistent storage for SAML persistent NameID
    * [LEMONLDAP-194] - Delete AuthLA
    * [LEMONLDAP-195] - Anti-frame
    * [LEMONLDAP-196] - Remove .sql files for Conf::DBI
    * [LEMONLDAP-199] - Require Lasso 2.3.0 for SAML
    * [LEMONLDAP-204] - abort() instead of die in handlers
    * [LEMONLDAP-211] - Debian : use packaged jquery-ui
    * [LEMONLDAP-212] - Use jquery-ui style popup to display errors and upload
      result
    * [LEMONLDAP-213] - Network errors are not catched by "error" target oj
      jQuery.ajax() function
    * [LEMONLDAP-218] - Upgrade to jquery-ui 1.8 and use dialog for Manager
      popup
    * [LEMONLDAP-221] - Allow to set a custom portal skin from Manager
    * [LEMONLDAP-225] - /favicon.ico is missing for new web site
    * [LEMONLDAP-234] - Tree style image transparency problem with obsur theme
    * [LEMONLDAP-5] - Configure use of HTTPS and redirection port per virtual
      host
    * [LEMONLDAP-6] - Change 403 error into 302 error for ungranted access
    * [LEMONLDAP-12] - Zimbra authentication
    * [LEMONLDAP-18] - [SAML] Common domain cookie support
    * [LEMONLDAP-19] - Select authentication module on authentication portal
    * [LEMONLDAP-22] - Session explorer should use the new Manager elements
      (i18n, templates, etc.)
    * [LEMONLDAP-25] - Provide authorized application trough SOAP
    * [LEMONLDAP-27] - OpenID provider
    * [LEMONLDAP-28] - Read user information from OpenID provider
    * [LEMONLDAP-29] - Improve application menu configuration
    * [LEMONLDAP-57] - Local Handler macros
    * [LEMONLDAP-101] - CAS Provider (IssuerDBCAS)
    * [LEMONLDAP-102] - IssuerDB contextual selection
    * [LEMONLDAP-121] - Fake SLO process for standard applications
    * [LEMONLDAP-123] - Store Lasso Identity Dump in UserDB
    * [LEMONLDAP-129] - LDAP timeout configuration
    * [LEMONLDAP-135] - Propagate domain change to all keys
    * [LEMONLDAP-139] - Use default values for SAML URL if they are not
      defined in configuration
    * [LEMONLDAP-141] - Disable timer on IDP list
    * [LEMONLDAP-146] - Request PGT in AuthCAS
    * [LEMONLDAP-159] - Manage comment in rule regexp
    * [LEMONLDAP-174] - Configure auto POST in Manager
    * [LEMONLDAP-210] - Ajax request in menu to check if session is always
      available
    * [LEMONLDAP-4] - Documentation for POST Handler functionnality
    * [LEMONLDAP-7] - Doxygen Portal/MailReset.pm
    * [LEMONLDAP-13] - Check that authLogout is well managed in AuthMulti
    * [LEMONLDAP-30] - [SAML] Unit tests
    * [LEMONLDAP-162] - Replace help system by offline doc
    * [LEMONLDAP-171] - Documentation for version 1.0 on new wiki
    * [LEMONLDAP-192] - Use the new wiki to generate offline documentation
    * [LEMONLDAP-206] - Upgrade spec file to build RPMs for 1.00
    * [LEMONLDAP-209] - Update copyright and URLs in PODs
    * [LEMONLDAP-231] - Tidy Manager skin directory
    * [LEMONLDAP-164] - Trusted domains for OpenID
    * [LEMONLDAP-165] - Manage extensions in is_trusted hook
    * [LEMONLDAP-166] - Create a storage for agreements

1955
1956
lemonldap-ng (1.0rc2) unstable; urgency=low

Yadd's avatar
Yadd committed
1957
    * Debian policy 3.9.1
1958
1959
1960
1961
1962
1963
1964
1965
1966
1967
1968
1969
1970
1971
1972
1973
1974
1975
1976
1977
1978
1979
1980
1981
1982
1983
1984
1985
1986
1987
1988
1989
1990
1991
1992
1993
1994
1995
1996
1997
1998
1999
2000
2001
2002
2003
2004
2005
2006
2007
2008
2009
2010
2011
2012
2013
2014
2015
2016
2017
2018
2019
2020
2021
2022
2023
2024
2025
2026
2027
2028
2029
2030
2031
2032
2033
2034
2035
2036
2037
2038
2039
2040
2041
2042
2043
2044
2045
2046
2047
2048
2049
2050
2051
2052
2053
2054
2055
2056
2057
    * [LEMONLDAP-20] - Parameter remoteCookieName is not available in
        Manager
    * [LEMONLDAP-21] - Special characters from SAML attribute statement are
      not well encoded
    * [LEMONLDAP-41] - Lasso CRITICAL error in AuthSAML logout process
    * [LEMONLDAP-42] - [SAML][SP] Attrubtes sent trought IDP initiated SSO are
      not registered into session
    * [LEMONLDAP-43] - [SAML][SP] IDP should not be read from IDP cookie, but
      from SAML request or response
    * [LEMONLDAP-50] - [SAML][SP] OneTimeUse flag should not reduce session
      duration
    * [LEMONLDAP-53] - [SAML][IDP] sendLogoutResponseAfterLogoutRequest method
      does not exists
    * [LEMONLDAP-54] - Handler parameters (https, port, etc.) are not taken
      into account if only defined in Manager, and not in ini file
    * [LEMONLDAP-62] - [SAML] samldate2timestamp is not returning correct
      timestamp
    * [LEMONLDAP-64] - SLO error with simpleSAMLphp
    * [LEMONLDAP-68] - Failed to load signing key for
      http://urlIDP/saml/metadata
    * [LEMONLDAP-69] - domain cannot contain "-" in Manager
    * [LEMONLDAP-71] - samlIDPSSODescriptorArtifactResolutionServiceArtifact
      wrong binding in Manager
    * [LEMONLDAP-72] - [SAML] UTF-8 encoded attributes are reencoded
    * [LEMONLDAP-73] - [SAML] Initial URL is not kept when IDP is choosen in
      AuthSAML
    * [LEMONLDAP-74] - [error] Unable to open relaystate session
    * [LEMONLDAP-75] - SSO HTTP-POST profile not declared in IDP metadata
    * [LEMONLDAP-76] - [SAML] SOAP SLO denied on IDP
    * [LEMONLDAP-77] - Error when no SessionNotOnOrAfter value in authn
      statement
    * [LEMONLDAP-78] - Request Denied on SOAP SLO request on IDP
    * [LEMONLDAP-79] - Mandatory attributes are not requested
    * [LEMONLDAP-81] - SessionNotOnOrAfter should be set explicitely
    * [LEMONLDAP-82] - CDA always use secured cookie even if requested site is
      a http one
    * [LEMONLDAP-100] - Secondary SAML session should be destroyed when
      primary session is deleted
    * [LEMONLDAP-105] - Error on SLO request for already closed session
    * [LEMONLDAP-109] - Do not send AttributeStatement when no attribute
      should be sent
    * [LEMONLDAP-112] - Handler/AuthBasic does not use local cache
    * [LEMONLDAP-113] - Lemonldap::NG is not compatible with the use of a LDAP
      server using a different encoding than UTF-8 for storing passwords
    * [LEMONLDAP-114] - Bad usage of Apache::Session::searchOn() on portal
    * [LEMONLDAP-115] - In info page, when clicking on "Continue", we are not
      redirected to urldc
    * [LEMONLDAP-119] - Special UTF-8 characters raise error in metadata
    * [LEMONLDAP-122] - Secondary SAML session are not deleted on local IDP
      logout
    * [LEMONLDAP-124] - Stop info/confirm timer at 0
    * [LEMONLDAP-37] - [SAML] Proxy restriction should include all known IDP,
      and not only target IDP
    * [LEMONLDAP-44] - [SAML][SP] IDP list when unknown IDP in IDP cookie
    * [LEMONLDAP-46] - [logout] verify referer into logout process
    * [LEMONLDAP-47] - [SAML] RequestedAuthnContext should always be
      translated into authenticationLevel
    * [LEMONLDAP-51] - [SAML][IDP] SAML sessionIndex value should be a crypted
      value of LL::NG session_id
    * [LEMONLDAP-55] - Distribute SympaAutoLogin Handler
    * [LEMONLDAP-70] - Do not throw error if no SP or no IDP configured
    * [LEMONLDAP-80] - POST fields should be hidden
    * [LEMONLDAP-87] - Attribute format selection in Manager
    * [LEMONLDAP-89] - Security keys in service metadata
    * [LEMONLDAP-90] - Group IDP and SP options
    * [LEMONLDAP-91] - SOAP configuration parameter is not needed in SAML
    * [LEMONLDAP-98] - Add option to disable SAML conditions checks
    * [LEMONLDAP-104] - Store entities metadata in raw format
    * [LEMONLDAP-106] - Display OK or ERROR icons on HTTP REDIRECT and HTTP
      POST SLO iframes
    * [LEMONLDAP-107] - Manage asynchronous SLO request on closed SSO session
      (SAML IDP)
    * [LEMONLDAP-126] - Put SAML parameters in Manager
    * [LEMONLDAP-2] - [SAML] Attribute authority
    * [LEMONLDAP-10] - [SAML] Manage certificate in service metadata
    * [LEMONLDAP-31] - [SAML] Proxy IDP
    * [LEMONLDAP-32] - [SAML] Manage Artifact methods for SAML messages
      emission in SP
    * [LEMONLDAP-33] - [SAML] Check "Destination" attribute
    * [LEMONLDAP-35] - [SAML] Manage SLO trough SOAP
    * [LEMONLDAP-36] - [SAML] Check dates and other conditions in SLO requests
    * [LEMONLDAP-40] - [SAML] Dedicated portal errors code for SAML errors
    * [LEMONLDAP-49] - [SAML][IDP] Manage encrypted NameID
    * [LEMONLDAP-52] - IssuerDB activation rule
    * [LEMONLDAP-56] - [SAML][IDP] SLO trough HTTP-POST
    * [LEMONLDAP-66] - [SAMl][IDP] Options to check message signatures
    * [LEMONLDAP-67] - [SAML][IDP] Map NameID Format to local session keys
    * [LEMONLDAP-86] - Do not parse metadata on each authentication
    * [LEMONLDAP-88] - Better signature management
    * [LEMONLDAP-108] - NameID unspecified format should use the default
      NameID format
    * [LEMONLDAP-110] - Store SAML token in session
    * [LEMONLDAP-111] - Build SLO response request with other SLO request
      status
    * [LEMONLDAP-116] - Allow metadata edition in Manager
    * [LEMONLDAP-3] - [SAML] Attribute authority declaration in metadata
    * [LEMONLDAP-83] - Set NameID in attribute request
    * [LEMONLDAP-84] - Check format and friendly name of requested attribute
    * [LEMONLDAP-85] - Check requested attribute values
    * [LEMONLDAP-96] - Add encryptionkey in Attribute Authority metadata
Yadd's avatar
Yadd committed
2058
    * Upgrade to JQuery-1.4.2
2059

2060
lemonldap-ng (1.0rc1) unstable; urgency=low
Yadd's avatar
Bugs :    
Yadd committed
2061

Yadd's avatar
Lintian    
Yadd committed
2062
  * Little Debian changes (see 0.9.4.1-2 Debian changelog)
2063
  * AuthCAS: URL redirection and module load test
Yadd's avatar
Yadd committed
2064
2065
2066
2067
2068
2069
  * Change multiple configuration files into lemonldap-ng.ini
  * New manager
  * New conf storage modules : CDBI and RDBI
  * DBI conf storage module is deprecated
  * convertConfig and lmMigrateConfFiles2ini tools
  * childInit() is called only 1 time
2070
  * Update JQuery to 1.3 and JQueri-UI 1.7.2 (Closes: #314394)
Yadd's avatar
Yadd committed
2071
2072
2073
2074
  * New authentication and userDB modules :
    - DBI
    - Proxy
    - Env (UserDB only)
2075
    - SAML
Clément OUDOT's avatar
Clément OUDOT committed
2076
2077
    - OpenID
    - Twitter
Yadd's avatar
Yadd committed
2078
2079
  * Portal index.pl use lemonldap-ng.ini to get parameters
  * CSS and Javascript minification capability
2080
  * Apache configuration splitted into portal/manager/handler
2081
  * XML Menu is deprecated
Clément OUDOT's avatar
Clément OUDOT committed
2082
  * LDAP: recursive groups
2083
2084
2085
  * unprotect target in rules
  * Force authentication parameter
  * Store in user session Auth/UserDB/PasswordDB/IssuerDB used module
Clément OUDOT's avatar
Clément OUDOT committed
2086
  * Use a confirmation token and HTML templates for password reset by mail
2087
2088
2089
2090
2091
  * SOAP: isAuthorizedUri Web Service
  * Confirm and Info stages in Portal
  * Possibility to define a rule to grant session
  * Configuration parameters for portal customization (skin, ...)
  * Possibility to set cookie expiration
Clément OUDOT's avatar
Clément OUDOT committed
2092
2093
2094
  * LDAP: option to modify password as user
  * Correct bugs in Handler::Proxy
  * New portal skin: impact
Yadd's avatar
Bugs :    
Yadd committed
2095

Clément OUDOT's avatar
Clément OUDOT committed
2096
 -- Xavier Guimard <x.guimard@free.fr>  Wed, 24 Mar 2010 23:00:00 +0100
Yadd's avatar
Yadd committed
2097
2098
2099
2100
2101
2102
2103
2104
2105

lemonldap-ng (0.9.4.1) unstable; urgency=low

  * Safe jail update
  * Many little bugs in Handler/CGI.pm
  * Apache::Session::LDAP was not usable with session explorer
  * syslog facility was not taken in account in Common/CGI.pm
  * require failed in _Multi.pm
  * doc update
Yadd's avatar
Yadd committed
2106
  * russian debconf translation (Closes: #550552 / bugs.debian.org)
Yadd's avatar
Yadd committed
2107
2108

 -- Xavier Guimard <x.guimard@free.fr>  Sun, 11 Oct 2009 09:36:35 +0200
Yadd's avatar
Bugs :    
Yadd committed
2109

Yadd's avatar
Yadd committed
2110
2111
lemonldap-ng (0.9.4) unstable; urgency=low

Yadd's avatar
Yadd committed
2112
2113
2114
2115
2116
2117
2118
2119
2120
2121
2122
2123
2124
2125
2126
2127
2128
2129
2130
2131
2132
2133
2134
2135
2136
2137
2138
2139
2140
2141
2142
  * Bugs :
    - ldap+tls uri was not working (Closes: #312418)
    - Session timeout is in seconds and not in minutes in Manager/Help.pm
      (Closes: #312339)
    - Missing dependency in Debian package (Closes: #521959 / bugs.debian.org)
  * Logs :
    - CGI's log subroutine : now if a CGI runs under ModPerl::Registry, it
      stores it's log using Apache2::Log
    - handler logs written in PerlLogHandler
  * SOAP :
    - New SOAP architecture : the portal serves now all webservices and the
      security is based on Apache system (different locations)
    - WSDL generation
  * New features :
    - LDAP backend for configuration and sessions storage
    - portal can be a Perl expression in handlers
    - POST requests generation in handler (used to post login/password in non
      compatible applications)
    - Sympa auto login handler
    - New auth and userDB modules for the portal : Multi, Remote, Null (for
      UserDB only)
    - New module system for passwords
    - Notification system
    - Double session mechanism (1 secured and the other not)
    - New fonctions for rules (stored in
      lemonldap-ng-common/lib/Lemonldap/NG/Common/Safelib.pm) :
       * checkLogonHours
       * checkDate
  * Other :
    - Pre-compilation in Apache's configuration files
    - Cross-domain now included in core
Yadd's avatar
Yadd committed
2143
    - handler AuthBasic now uses SOAP
Yadd's avatar
Yadd committed
2144
2145

 -- Xavier Guimard <x.guimard@free.fr>  Mon, 29 Jun 2009 10:28:09 +0200
Yadd's avatar
Yadd committed
2146
2147
2148
2149
2150
2151
2152
2153
2154
2155
2156
2157
2158
2159

lemonldap-ng (0.9.3.4) unstable; urgency=low

  * Security bug fix (macros and groups can be evaluated for an other user in
    multi-thread environment). Closes: #312627
  * XSS filter can now accept URL with a port. Closes: #312625

 -- Xavier Guimard <x.guimard@free.fr>  Thu, 05 Feb 2009 16:12:55 +0100

lemonldap-ng (0.9.3.3) unstable; urgency=low

  * ldap+tls uri was not working (Closes: #312418)
  * Session timeout is in seconds and not in minutes in Manager/Help.pm
    (Closes: #312339)
Yadd's avatar
Yadd committed
2160
2161
2162

 -- Xavier Guimard <x.guimard@free.fr>  Thu, 22 Jan 2009 11:00:10 +0100

2163
2164
2165
2166
2167
2168
lemonldap-ng (0.9.3.2) unstable; urgency=low

  * Debian install failed (Closes: #510562, Closes: #510563 / bugs.debian.org)

 -- Xavier Guimard <x.guimard@free.fr>  Sat, 03 Jan 2009 09:47:21 +0100

2169
2170
2171
2172
2173
2174
lemonldap-ng (0.9.3.1) unstable; urgency=low

  * Bug in Debian build

 -- Xavier Guimard <x.guimard@free.fr>  Wed, 31 Dec 2008 14:16:06 +0100

2175
2176
lemonldap-ng (0.9.3) unstable; urgency=low

2177
2178
2179
  [ Security ]
  * XSS protection

2180
  [ Clement Oudot ]
2181
  * New menu and skin (pastel). Menu calculates rights before displaying URL
2182
2183

  [ Xavier Guimard ]
2184
  * Authentication and UserDB separation
2185
  * New session explorer system
2186
2187
2188
2189
2190
2191
  * Backport of debian storage.conf file to normal installation
  * Errors are now displayed in the browser for portal and manager
  * Custom functions for rules, macros, headers and groups
  * Manager protection
  * New configuration access with local cache system
  * AuthBasic handler
Yadd's avatar
Yadd committed
2192
2193
2194
  * MRTG scripts to read LmNG status
  * UserDB mechanism : LDAP is not required now
  * Portal SOAP functions
2195

2196
 -- Xavier Guimard <x.guimard@free.fr>  Wed, 31 Dec 2008 11:55:57 +0100
2197

Yadd's avatar
Yadd committed
2198
2199
2200
2201
2202
2203
lemonldap-ng (0.9.2.2) unstable; urgency=low

  * Bug in default rule (Closes: #310938)

 -- Xavier Guimard <x.guimard@free.fr>  Mon, 25 Aug 2008 22:08:58 +0200

Yadd's avatar
Yadd committed
2204
2205
2206
2207
2208
2209
lemonldap-ng (0.9.2.1) unstable; urgency=low

  * New documentation page on advanced access rules

 -- Xavier Guimard <x.guimard@free.fr>  Fri, 04 Jul 2008 11:54:57 +0200

Yadd's avatar
Yadd committed
2210
2211
2212
2213
lemonldap-ng (0.9.2) unstable; urgency=low

  * New css in manager
  * cleaning Handler code
2214
2215
  * Status system for Lemonldap::NG::Handler and for the portal
  * Debian Czech translation for debconf (Closes: #483301 / bugs.debian.org)
Yadd's avatar
Yadd committed
2216
  * Debian Swedish translation for debconf (Closes: #487713 / bugs.debian.org)
Yadd's avatar
Yadd committed
2217
2218
2219
2220
2221
2222
2223
2224
  * Romanian translation for portal
  * Distinct Liberty-Alliance SP installation
  * Password policy included now
  * Bugs in redirections
  * Perl 5.10 check-in
  * More tests in "test" target
  * Bug in purgeCentralCache (DBI only): datas where never purged

Yadd's avatar
Yadd committed
2225
 -- Xavier Guimard <x.guimard@free.fr>  Tue, 24 Jun 2008 15:07:04 +0200
Yadd's avatar
Yadd committed
2226

2227
2228
2229
2230
2231
2232
2233
2234
2235
2236
2237
2238
lemonldap-ng (0.9.1) unstable; urgency=low

  * logout bug : logout_sso target was not running (Closes: #308856)
  * javascript update : the manager was not running with MSIE7 (Closes:
    #308775)
  * Debian corrections issued from lintian (full)
  * 2 Net::LDAP password policy controls in the portal:
    - account locked
    - password expired

 -- Xavier Guimard <x.guimard@free.fr>  Mon, 07 Apr 2008 11:13:06 +0200

2239
2240
2241
2242
lemonldap-ng (0.9) unstable; urgency=low

  * Liberty Alliance module issued of the FederID project is now included.

2243
 -- Xavier Guimard <x.guimard@free.fr>  Mon, 25 Feb 2008 15:05:08 +0100
2244

2245
2246
2247
2248
2249
2250
2251
2252
2253
2254
2255
2256
2257
2258
2259
2260
2261
lemonldap-ng (0.8.3.2) unstable; urgency=low

  * purgeCentralCache was not correctly installed in Debian (Closes: #461572 /
    bugs.debian.org)
  * debconf translation for german and portuguese (Closes: #451820 and #462807
    bugs.debian.org)
  * HTML documentation update
  * Option +ExecCGI was missing in
    lemonldap-ng-handler/example/lmH-apache2.conf (Closes: #307891)
  * Local overload was not taken in account in handlers
  * Sessions could not be stored in SOAPServer (Closes: #308181)
  * Attributes could not be deleted in SOAP session client (Closes: #308214)
  * Sessions timeout can now be managed by the Manager
  * AuthSSL doesn't work without SSLvar parameter

 -- Xavier Guimard <x.guimard@free.fr>  Fri, 08 Feb 2008 17:27:15 +0100

2262
2263
2264
2265
2266
2267
lemonldap-ng (0.8.3.1) unstable; urgency=low

  * New feature: LDAP groups are now available in $groups

 -- Xavier Guimard <x.guimard@free.fr>  Wed, 07 Nov 2007 16:41:07 +0100

2268
lemonldap-ng (0.8.3) unstable; urgency=high
2269
2270

  * Syntax errors in configuration are now displayed
2271
  * Security fix: authentication could be replayed with another uid
2272
  * Debian package uses po-debconf
Yadd's avatar
Yadd committed
2273
2274
  * TLS is now supported in LDAP connections (thanks to Baptiste Grenier)
  * New logout system: logout urls can be now intercepted in Manager
Yadd's avatar
Yadd committed
2275
  * Documentation
2276

Yadd's avatar
Yadd committed
2277
 -- Xavier Guimard <x.guimard@free.fr>  Fri, 07 Sep 2007 07:14:35 +0200
2278

2279
2280
2281
2282
lemonldap-ng (0.8.2.4) unstable; urgency=low

  * Bug in manager javascript.

2283
 -- Xavier Guimard <x.guimard@free.fr>  Tue, 19 Jun 2007 22:25:10 +0200
2284

2285
2286
2287
2288
lemonldap-ng (0.8.2.3) unstable; urgency=low

  * Change configuration storage format (Storable bug).
    Closes: #307173/objectweb.org
2289
2290
  * CDA little bug correction
  * Documentation update
2291

2292
 -- Xavier Guimard <x.guimard@free.fr>  Wed, 13 Jun 2007 15:33:56 +0200
2293

2294
2295
2296
2297
lemonldap-ng (0.8.2.2) unstable; urgency=low

  * Debian packages modifications due to Lintian control.
  * New Debian package: lemonldap-ng-doc
2298
  * Little bug correction in Portal/CDA.pm
Yadd's avatar
Yadd committed
2299
2300
2301
  * Bug between Handler dependencies and Debian organization:
    Lemonldap::NG::Handler::SharedConf must not depend from
    Lemonldap::NG::Manager but Lemonldap::NG::Manager::Conf
2302

Yadd's avatar
Yadd committed
2303
 -- Xavier Guimard <x.guimard@free.fr>  Tue, 01 June 2007 07:18:43 +0200
2304

2305
2306
2307
2308
lemonldap-ng (0.8.2.1) unstable; urgency=low

  * More documentation
  * Virtual host names control
2309
  * Portal can now use more than one LDAP server
2310

2311
 -- Xavier Guimard <x.guimard@free.fr>  Mon, 14 May 2007 07:14:10 +0200
2312

Yadd's avatar
Yadd committed
2313
lemonldap-ng (0.8.2) unstable; urgency=low
2314
2315
2316

  * Little bug fix if whatToTrace parameter is not defined and display it in
    Manager interface
2317
  * New: port is now checked in portal redirection
2318
2319
  * Different configurations can now be used on the same server at the same
    time
2320
  * Help in english
2321
2322
2323
  * New debian structure: lemonldap-ng is splitted in 5 packages, default
    configuration file has moved to /var/lib/lemonldap-ng/conf/ and first
    configuration file is managed by debconf
Yadd's avatar
Yadd committed
2324
2325
  * Buttons to manage configurations in manager (next, previous, last,
    delete). Closes: #306566 / forge.lemonldap.org.
2326
2327
  * SOAP: HTTP basic authentication and little bug correction in 'sessions'
    mode
2328

Yadd's avatar
Yadd committed
2329
 -- Xavier Guimard <x.guimard@free.fr>  Mon, 07 May 2007 19:06:52 +0200
2330
2331
2332
2333
2334
2335
2336

lemonldap-ng (0.8.1.1) unstable; urgency=low

  * Little bug fix in test

 -- Xavier Guimard <x.guimard@free.fr>  Fri, 20 Apr 2007 08:57:40 +0200

2337
2338
2339
2340
2341
2342
2343
2344
2345
2346
2347
2348
2349
2350
2351
2352
2353
2354
2355
2356
2357
2358
2359
2360
2361
2362
2363
2364
2365
2366
2367
2368
2369
2370
2371
2372
2373
2374
2375
2376
2377
2378
2379
2380
2381
2382
2383
2384
2385
2386
2387
2388
2389
2390
2391
2392
2393
2394
2395
2396
2397
2398
2399
2400
2401
2402
2403
2404
2405
2406
2407
2408
2409
2410
2411
2412
2413
2414
2415
2416
2417
2418
2419
2420
2421
2422
lemonldap-ng (0.8.1) unstable; urgency=low

  * New features :
    - Logout system
    - Configuration check before saving in Manager

 -- Xavier Guimard <x.guimard@free.fr>  Sun, 15 Apr 2007 19:18:29 +0200

lemonldap-ng (0.8.0.7) unstable; urgency=low

  * Bug fix in manager javascript (Closes: #306776 ?)
  * Display bug fix in manager

 -- Xavier Guimard <x.guimard@free.fr>  Sun, 15 Apr 2007 13:21:43 +0200

lemonldap-ng (0.8.0.6) unstable; urgency=low

  * Little bug fix in unprotect function
  * Bug fix in authentication scheme different than default

 -- Xavier Guimard <x.guimard@free.fr>  Thu, 12 Apr 2007 07:03:51 +0200

lemonldap-ng (0.8.0.5) unstable; urgency=low

  * i18n bug: Lemonldap::NG works does not fall in english but creates a bug

 -- Xavier Guimard <x.guimard@free.fr>  Wed, 28 Mar 2007 21:26:16 +0200

lemonldap-ng (0.8.0.4) unstable; urgency=low

  * Multi-valued attributes in HTTP headers (Closes: #306792 /
    forge.objectweb.org)
  * Warning in Manager/Conf.pm: the same type of storage has to be used for
    all Lemonldap::NG parts in a same server.
  * Apache-1.3 configuration reload (Closes: #306761 / forge.objectweb.org)

 -- Xavier Guimard <x.guimard@free.fr>  Thu, 22 Mar 2007 22:42:23 +0100

lemonldap-ng (0.8.0.3) unstable; urgency=low

  * New feature in Manager : "Delete VHost" button (Closes: #306761)
  * Typo correction in Makefile : (Closes: #306775)
  * Correction of build-depends : (Closes: #306773)
  * Bug correction : existingSessions was not called in Portal.pm

 -- Xavier Guimard <x.guimard@free.fr>  Tue, 13 Mar 2007 07:55:42 +0100

lemonldap-ng (0.8.0.2) unstable; urgency=low

  * Bug correction: lock doesn't work with File.pm (Closes: #306760 /
    forge.objectweb.org)

 -- Xavier Guimard <x.guimard@free.fr>  Sun, 11 Mar 2007 21:08:38 +0100

lemonldap-ng (0.8.0.1) unstable; urgency=medium

  * Closes: #306756 / forge.objectweb.org

 -- Xavier Guimard <x.guimard@free.fr>  Fri,  10 Mar 2007 08:49:01 +0100

lemonldap-ng (0.8) unstable; urgency=low

  * Release 0.8:
    - corrects differents little bugs issued from test in real life.
    - on line documentation in english

 -- Xavier Guimard <x.guimard@free.fr>  Fri,  9 Mar 2007 20:29:01 +0100

lemonldap-ng (0.7b12) unstable; urgency=low

  * New features:
    - session access via SOAP
    - authentication via CAS
    - 'apply changes' button in Manager used to reload configuration in
      handlers (by calling reload sub via HTTP) (Closes: #306565 /
      forge.objectweb.org)
    - i18n module in portal (for displaying errors)
    - lock in DBI configuration system (NOT YET TESTED)

 -- Xavier Guimard <x.guimard@free.fr>  Sun,  4 Mar 2007 15:50:38 +0100

lemonldap-ng (0.7b11) unstable; urgency=low

  * New features:
    - Cross Domain Authentication
    - SOAP configuration access
Yadd's avatar
Yadd committed
2423
    - READMEs and documentation update
2424
2425
2426
2427
2428
2429
2430
2431
2432
2433
2434
2435
2436
2437
2438
2439
2440
2441
2442
2443
2444
2445
2446
2447
2448
2449
2450
2451
2452
2453
2454
2455
2456
2457
2458
2459
2460
2461
2462
2463
2464
2465
2466
2467
2468
2469
2470
2471
2472
2473
2474
2475
2476
2477
2478
2479
2480
2481
2482
2483
2484
2485
2486
2487
2488
2489
2490
2491
2492
2493
2494
2495
2496
2497
2498
2499

 -- Xavier Guimard <x.guimard@free.fr>  Tue, 27 Feb 2007 15:01:09 +0100

lemonldap-ng (0.7b10) unstable; urgency=low

  * Corrections in Manager issued from the first test in real life:
    - Close #306573 / forge.objectweb.org
    - Close #306574 / forge.objectweb.org

 -- Xavier Guimard <x.guimard@free.fr>  Wed, 17 Jan 2007 20:57:33 +0100

lemonldap-ng (0.7b9) unstable; urgency=low

  * Internationalization of javascripts (close #306564 / forge.objectweb.org)
  * Help in "General Parameters"

 -- Xavier Guimard <x.guimard@free.fr>  Sun, 14 Jan 2007 21:50:39 +0100

lemonldap-ng (0.7b8) unstable; urgency=low

  * Correction of the use of Safe in portal: &share doesn't work with a
    variable declared with my.
  * New system in the configuration: 'macro' section can be used to add
    custom exported variables. So configuration is more simple in heavy case.

 -- Xavier Guimard <x.guimard@free.fr>  Sat, 13 Jan 2007 20:19:19 +0100

lemonldap-ng (0.7b7) unstable; urgency=low

  * Correction of a bug in internal redirections: now internal
    redirections are not examined: for example,http://test.example.com/ is
    internaly redirected to /index.pl, but only the first request (/) is
    tested.
  * Help in french

 -- Xavier Guimard <x.guimard@free.fr>  Fri,  5 Jan 2007 18:22:32 +0100

lemonldap-ng (0.7b6) unstable; urgency=low

  * Help system skeleton

 -- Xavier Guimard <x.guimard@free.fr>  Thu,  4 Jan 2007 09:04:05 +0100

lemonldap-ng (0.7b5) unstable; urgency=low

  * Localization in Manager interface (only fr and en)

 -- Xavier Guimard <x.guimard@free.fr>  Sun, 31 Dec 2006 16:39:06 +0100

lemonldap-ng (0.7b4) unstable; urgency=low

  * Safe jail runs now
  * example runs now

 -- Xavier Guimard <x.guimard@free.fr>  Sun, 31 Dec 2006 14:00:08 +0100

lemonldap-ng (0.7b3) unstable; urgency=low

  * Replacement of eval by Safe for external expressions

 -- Xavier Guimard <x.guimard@free.fr>  Sat, 30 Dec 2006 22:23:22 +0100

lemonldap-ng (0.7b) unstable; urgency=low

  * Corrections in example
  * Example installation in debian
  * Revision in documentation

 -- Xavier Guimard <x.guimard@free.fr>  Sun, 17 Dec 2006 18:37:39 +0100

lemonldap-ng (0.6) unstable; urgency=low

  * Initial release built starting from the three modules of the CPAN.

 -- Xavier Guimard <x.guimard@free.fr>  Sun, 17 Dec 2006 17:46:47 +0100