Newer
Older
lemonldap-ng (2.0.7) stable; urgency=medium
* Bugs:
* #1893: Issuer urldc is lost after error in 2F flow
* #1909: Reset password by email issue
* #1943: [Security: medium, CVE-2019-19791] Apache access rules and SOAP/REST endpoints
* #1945: passwordpolicy.tpl contains wrong tag
* #1948: Tranlation menu does not work with Diff.html
* #1949: Don't Store Password shows password in cleartext
* #1952: "Attributes and macros" session keys should not be translated
* #1954: zimbra preauth not working
* #1955: Redirection lost after notification validation
* #1960: REST config service not working
* #1961: IDP selection rule regression in 2.0.0
* #1963: Server Error with OpenID Connect register endpoint
* #1964: Diff.html does not work with minified JS
* #1966: Configuration reload does not apply changes to location rules
* #1968: skippedUnitTests/skippedGlobalTests have no effect
* #1969: Force password reset with LDAP password policy does not work if macro _whatToTrace is not defined
* #1974: ServiceToken handler TTL value always set to default
* #1984: Reset expired password doesn't trigger when using Combination
* #2005: Error in portal "refresh my rights" feature when whatToTrace value is not equal to login
* #2009: Display authentication error on login form with Combination Kerberos + LDAP
* #2010: Kerberos not working with session upgrade
* #2012: Several issues with notification system
* #2013: Handler, yum install
* #2018: After temporary ldap failure, ldap connections stop working forever
* #2038: Missing type attribute in 2FA HTML inputs
* #2045: Authenticating with external OpenID Connect Provider fails because of special chars in user name
* New features:
* #1605: certificate reset by mail
* #1956: DecryptValue plugin
* #1999: Possibility to view/close other sessions opened for the same user
* #2006: Create a web service for "refresh my rights"
* Improvements:
* #1590: Possibility to configure new plugins in Manager
* #1905: Append overScheme for persistent sessions
* #1941: After logged out from SP we are always redirected to IdP - Unable to go back to SP Portal
* #1947: Highlight active module with Diff.html
* #1967: allow differents type of managerDN
* #1983: The script purgeCentralCache should be more fault tolerant
* #1988: Append a requiredAuthenticationLevel option for each uri
* #1989: Main logo and lang icons are missing with upgradesession template
* #1991: Some user logs not using whatToTrace for username
* #1993: Same issue like (#1884) occures with Issuer redirection
* #1994: Append varInUri extended function
* #1995: Add an option to force claims in ID token
* #1996: REQUEST_URI env variable is not set by CheckUser plugin
* #1997: Enable checkTime option by default
* #2003: Possibility to set attributes and extra claims in OIDC registration endpoints
* #2007: Password change prompt displayed even if initial auth fails
* #2008: Specific message and error code for 2F failure
* #2011: Create a function to test if a value belongs to a list
* #2012: Several issues with notification system
* #2014: New script to convert sessions between backends
* #2019: Renew Captcha button
* #2024: Change default value for cspFormAction
* #2042: Add per-service macros
-- Clément <clem.oudot@gmail.com> Sat, 21 Dec 2019 16:59:22 +0100
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
lemonldap-ng (2.0.6) stable; urgency=medium
* Bugs:
* #1834: Use base64 URL for JWT generation
* #1838: Return claims from scope values in ID token if no access token requested
* #1852: SAML request lost after notification
* #1853: Adding a second notification with same reference is not refused
* #1856: Unable to validate more than one notification (JSON format)
* #1857: Message "session is expired" if a notification is refused
* #1861: Persistent data and notification validation
* #1863: Duplicate Set-Cookie header when sending lemonldappdata and lemonldap cookies
* #1864: incorrect loading of SAML metadata when entityID containts html-encoded characters
* #1865: Dependencies missing in RPM
* #1866: Skin parameter is lost in second factor choice
* #1867: Bad error template with Combination and OTT timeout
* #1868: Yubikey enrolment failed on Internet Explorer
* #1869: [Security:low] psessions case sensitivity might impact security of 2FA when using case-insensitive auth backends
* #1874: OTT not regenerated after submitting TOTP form with an expired OTT
* #1875: Variables from Users module DBI is not used when Authentication module is LDAP (chain: [LDAP,DBI]
* #1876: $_ no longer works in macros, rules and headers since 2.0
* #1878: Pdata cookie not cleared after cross domain Auth request
* #1880: [Security:low] Restricted users can edit conf by using default route
* #1881: [Security:high] oidc authorization codes are not tied to their RP
* #1883: Infinite loop when displaying sessions by IP address
* #1889: No changes detected by Manager when removing CAS/OIDC attributes from a CAS application / OIDC RP or provider
* #1890: LinkedIn v1 API is not available anymore
* #1891: GET parameter "cancel" with Choice and CAS authentication
* #1897: Emails are sometimes sent in the wrong language
* #1898: Handler SecureToken is not working anymore
* #1901: Handler error if a header definition is empty
* #1903: Mail password reset and Combination with LDAP does not work
* #1906: Missing MAIN_LOGO variable in redirect.tpl
* #1910: Issue with "force password change on next login" feature with LDAP
* #1915: Skin selected by rule is lost in 2FA process
* #1922: Accentuated UTF-8 value of header is UTF-8 encoded again by handler
* #1925: AuthBasic handler does not work with AuthChoice
* #1933: [Security:low] nginx portal example file does not filter REST urls
* #1935: [Security:medium] AuthSlave does not check credential headers
* New features:
* #993: Define a local password policy
* #1783: ContextSwitching plugin
* #1843: OAuth2 introspection endpoint
* #1847: Radius 2F module
* #1860: Multiple instances of 2F modules
* Improvements:
* #1619: Support IBM Tivoli Directory Server (ITDS)
* #1702: Improve log generated by lemonldap
* #1825: Possibility to disable persistent sessions
* #1829: Redirection lost between SSL/Ajax and SAML
* #1831: Warning in lemonldap-ng-cli
* #1832: Add save/restore in CLI help message and control restore parameters
* #1833: Show cli errors on file access
* #1835: [Security:improvement] Do not accept a "none" signature in JWT if we enforce signature verification
* #1842: Merge userLogger notice with logger debug
* #1844: CheckUser plugin does not compute real session attributes if Impersonation is enabled
* #1846: Adapt response_types_supported / grant_types_supported attributes in OpenID Connect metadata depending on configured flows
* #1849: CDA is not compatible with Handler::PSGI::Try
* #1850: No "Session granted" log if grantSession plugin not enabled
* #1851: Append notification REST services
* #1862: When displaying notifications, sort them by date and references
* #1870: REST Api endpoint "error"
* #1873: Labels for 2FA choices
* #1879: [security:low] Access token expiration time is not enforced on userinfo or OAuth handler
* #1882: Confusing default OIDC issuer setting
* #1884: Force Upgrade tokens to be stored into global storage if auth and authssl are served by different load balancers
* #1885: Append an option to log an extra parameter
* #1888: Javascript error on textContent method with .Net framework and WPF
* #1896: Add _session_kind to default SOAP/REST exported attributes
* #1899: Fix portal and manager display for Internet Explorer
* #1904: Append an option "don t compact conf" + debug log + compact CAS parameters if not enabled
* #1908: Complete blackout probably due to uncontroled SQL connexion timeout
* #1913: Append an option to allow / forbid browsers to store users password
* #1916: Issuer OTT timeout
* #1919: Customizable error message when a required SAML attribute is missing
* #1923: REST ression server is too intolerant of clock drift
* #1927: Implement CORS preflight request
* #1928: Option to hide password generation checkbox in mail password reset plugin
* #1929: Custom functions are not imported into Safe Jail
* #1930: Display password change form after a password policy error in mail reset password plugin
* #1931: Disable password input field until font is fully downloaded by browser
* #1932: REST session server should return both session and _httpSession id
* #1936: Append an option to display Slave logo
* #1938: CheckUser plugin : include search parameters
-- Clément <clem.oudot@gmail.com> Tue, 24 Sep 2019 11:13:39 +0200
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
lemonldap-ng (2.0.5) stable; urgency=medium
* Bugs:
* #1521: The manager renames the id of applications created by lemonldap-ng-cli
* #1655: Can't delete notifications from the manager
* #1717: Warnings "Devel::StackTrace" when using unnative Perl functions
* #1746: Impersonation does not work with double cookies authentication
* #1749: Authentication with "Double Cookies for a single session" (securedCookie==3) does not work
* #1753: Logout with CASv2 is not working (Bad URL)
* #1754: Configuration caching issue when overriding globalStorage in lemonldap-ng.ini
* #1755: CheckUser plugin fails if OTT globalStrorage is enabled
* #1759: Server Error when OpenID Connect provider enabled without any RP
* #1762: CDA sessions are not removed when handler uses SOAP
* #1775: Authentication with double cookies fails when uniq session is enabled
* #1777: Server Error with SAML SLO and expired SSO session
* #1779: Go to portal message not translated in register confirmation mail
* #1795: [Security: low] CAS 3.0 Logout does not validate redirect URL
* #1800: Auth::Slave is unusable with Choice
* #1802: No error returned if no code provided on OpenID Connect token endpoint
* #1805: Auth::LDAP unusable in combination if UserDB::LDAP isn't called
* #1809: UserDB::DBI with Auth::LDAP seems to not work properly
* #1810: [Security: low] llng-fastcgi-server could fail to setgid
* #1811: Lua-headers file is missing
* #1813: searchOn* does not work when a portal uses REST session backend
* #1814: Local cache not fully purged
* #1818: [Security:low] XXE vulnerability in SOAP notification server
* #1819: Portal Notification server unusable with old XML format
* #1821: Pdata not cleared after session upgrade
* #1822: Session upgrade does not work with 2FA
* #1824: lmConfigEditor does not work anymore
* #1826: Race condition on SSL login form button
* New features:
* #1796: Display a message if an expired 2f device is removed
* Improvements:
* #1706: html not interpreted for translated messages
* #1723: Real authentication is masked when using proxy authentication module
* #1732: Sessions explorer and Browseable::Postgres
* #1734: RPM version uses JSON::PP instead of JSON::XS
* #1747: Logging out from portal cause an error with doubleCookie after refreshing rights
* #1750: Wrong version / author / IP / log in lemonldap-ng-cli
* #1758: Warnings in Viewer.pm when saving configuration
* #1763: Transmission of Authorization header should probably be on by default
* #1764: Set choosen language in user session
* #1765: Better CORS handling
* #1766: Warning in logs with SAML
* #1767: Append startTime overScheme to display sessions to avoid browser crash
* #1769: CSRF token is not automatically regenerated after a failed login with Auth::Choice
* #1770: Add save/restore commands in cli
* #1771: SSO sessions _updateTime value is not updated after a refresh request
* #1773: Append option to modify service Token handler TTL
* #1774: CheckUser plugin does not work with SAML
* #1782: Append an option to set 2FA TTL
* #1791: Append an option in Manager to merge only specified SSO groups with Impersonation
* #1797: Allow ServiceToken to send service headers
* #1799: StorePassword in session not working when using session REST server
* #1827: Using lemonldap-ng-cli info gives warning with default configuration
* #1828: 2F plugins and method loadTemplate are not using skin rules
* #1830: [Security:improvement] Improved use of cryptography
-- Clément <clem.oudot@gmail.com> Sat, 29 Jun 2019 22:25:02 +0200
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
* Bugs:
* #1684: UI manager: boolean values do not appears in configuration forms with Yaml config format
* #1709: ViewDiff template not displayed
* #1710: Configuration keys not displayed in Viewer
* #1716: [Security:minor] Update jQuery
* #1720: Duplicate session opening when using multiple Kerberos instances in Combination
* #1724: CAS 1.0 /validate endpoint does not return username
* #1726: Deb package: missing dependency IO::String
* #1733: Invalid default crontab in RPM
* #1736: Configuration version in Manager is different from software version
* #1738: Error not well catched with Ext2F
* #1741: Deleted category is not detected as a change when saving conf.
* #1742: [Security: high] Setting tokenUseGlobalStorage allows unauthenticated users to access the portal (and applications without rules)
* #1743: [Security: low] register_token used for account creation can be used as a valid session identifier
* #1746: Impersonation does not work with double cookies authentication
* New features:
* #1146: Allow Handler to read OAuth2 access token instead of browser cookie
* #1722: [Security: improvement] PKCE to secure OIDC Authorization Code flow
* Improvements:
* #1703: Fix faulty headers on a null value
* #1711: Return Session ID when authentication is done via REST
* #1712: Display idpChoice cancel button only if AuthChoice is enabled
* #1713: CAS : Allow per application CAS login override
* #1714: Check logLevel value
* #1725: Allow unauthenticated clients on OIDC token endpoint
* #1728: Improve redirect page
* #1729: Display error if SAML service is enabled without private and public keys signature
* #1730: Sort real and spoofed attributes in CheckUser and Session explorer
* #1735: Highlight valid SSO sessions in sessions explorer
* #1739: Improve log in Grant Session plugin
-- Clément <clem.oudot@gmail.com> Sun, 12 May 2019 16:17:01 +0200
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
* Bugs:
* #1543: Redirection lost with CAS RP -> Choice -> SAML Discovery Protocol -> SAML IDP
* #1654: Password must change on AD still not fully working
* #1656: No IP shown in history logon
* #1667: [Security:medium] Option userControl is not applied anymore in standard login process
* #1671: Error in SP-initiated saml logout with multiple SP
* #1672: In SAML Issuer, environment variables to store current SP are not filled
* #1673: Application list display and specific rules
* #1675: [Security:minor] Using /logout instead of /?logout=1 does not work
* #1676: Active Directory connection information not saved
* #1679: Default jQuery URL in form replay has changed
* #1680: In form replay, POST data keys are not URL encoded
* #1682: LinkedIn OAuth2 authentication is not available in combination modules list
* #1683: Changing configuration option cspScript has no effect
* #1684: UI manager: boolean values do not appears in configuration forms with Yaml config format
* #1686: SOAP Portal WSDL file is invalid
* #1691: Password policy can't display messages
* #1692: Parameter base64 is ignored in setHiddenFormValue
* #1693: Information is not displayed in logout process
* #1698: Invalid pdata causes SAML login to fail after logout
* #1703: Fix faulty headers on a null value
* #1708: lmerror page loops on url parameter
* New features:
* #1632: Optionally let Ext2F module handle code generation
* #1658: CheckUser plugin
* #1661: Configuration viewer module
* #1664: Impersonation plugin
* #1697: Command-line tool to delete session for specific user(s)
* Improvements:
* #1549: Option to override IDP entityID
* #1595: Possibility to override message with a custom JSON file in template
* #1651: Disable cache on portal page
* #1653: Allow failback to default skin when a template is not found in custom theme
* #1660: Restore possibility to hide message in portal template
* #1666: Display errors on login form
* #1668: As IDP SAML, do not try to send SLO response if no SLO endpoint defined in SP metadata
* #1670: Display "authentication in progress" when using Ajax with Kerberos
* #1681: Change behavior with SAML mandatory/optional attributes in SAML Issuer
* #1687: Add granted log for user and connexion informations
* #1694: Disable CSRF token with AuthBasic
* #1696: Remove unnecessary antiframe protection in portal javascript
* #1699: Authentication level for REST and GPG authentication
* #1700: Update AuthBasic handler doc : REST server is required
* #1704: Append parameter to sort IDP, OP and CAS servers in Auth menu loop
-- Clément <clem.oudot@gmail.com> Thu, 11 Apr 2019 10:09:35 +0200
* Bugs:
* #1574: "Manager is unprotected" message when whatToTrace value is not the default
* #1603: Warnings with confirmation required don't work
* #1604: Manager unit tests randomly failed
* #1607: Safe errors when saving configuration with lmConfigEditor
* #1610: Unable to save empty value for cookie expiration time in Manager
* #1613: handler https redirection does not work
* #1614: Accents not well displayed in Portal
* #1618: Version in server signature is wrong
* #1623: ADPwdExpireWarning and ADPwdMaxAge parameters are missing in Manager
* #1627: Display issue with GrantSession plugin
* #1628: [Security:minor] GrantSession plugin discloses its message to unlogged users
* #1630: [Security:minor] SSO cookie is sent to protected applications with Nginx-based ReverseProxy
* #1636: SSL and Kerberos Auth Modules don t work with choice
* #1639: User must change password on AD is broken
* #1642: Unable to select skin from URL
* #1643: Portal CSS is sent with empty background when portalSkinBackground is not defined
* #1644: error while reseting password with ppolicy enabled
* #1648: ldapAuthnLevel and dbiAuthnLevel are ignored
* #1649: Error about Handler when saving configuration in lmConfigEditor
* New features:
* #1569: GPG authentication module
* #1629: Email-based two-factor module
* #1631: Allow to display "env" as template variables
* Improvements:
* #1486: Portal starts even if init() has failed
* #1600: Improve e2e tests
* #1601: Create LDAP option to decode DN value
* #1608: Date and comment not updated with lemonldap-ng-cli
* #1609: add autocomplete="off" to 2F form fields
* #1611: Improve apache configuration
* #1622: Display delete button in 2FAManager only if action is allowed
* #1625: "Use rule" option in issuer modules seem not to be used anymore
* #1633: Better random generation
* #1634: Improve management of template parameters
* #1635: SAML attribut default value is not set
* #1637: Add display options for SAML IDP like OIDC and CAS providers
-- Clément <clem.oudot@gmail.com> Tue, 12 Feb 2019 08:57:14 +0100
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
367
368
369
370
371
372
373
374
375
376
377
* Bugs:
* #1564: Function authLogout is missing in package "Lemonldap::NG::Portal::Auth::SSL"
* #1572: Error when saving in manager (mongoDB as ConfigurationBackend)
* #1576: Browser doesn t select Portal appropriate language
* #1579: SOAP Backend error for empty collection
* #1582: MongoDB Conf backend looses sub hash keys
* #1586: Portal message override do not work on plugins and mails templates
* #1587: Captcha is not displayed in Register form if mail already exists
* #1588: Captcha is validated with additional letters
* #1589: Error in MailReset when asking to resend confirmation mail
* #1592: Cannot select a menu tab with ?tab=<tab id> in URL
* #1594: Cannot select oidcConsents tab in menu
* Improvements:
* #1565: OpenId - Default CSP value cause breakdown in OpenId authentification form
* #1578: Fix fcgi/psgi extensions in documentation
* #1583: Append parameter to configure number of allowed failed logins before brute force protection activation
* #1584: Browser doesn t select Manager appropriate language
* #1585: Fix main logo and langs icons display & double slash in lmerror 403 error URL
* #1591: $req->user not available in plugins authenticated routes
* #1593: Bad userinfo response: Unauthorized
* #1596: Possibility to define new tabs in Menu
* #1599: Usage of OpenID Connect with bad scope value result in unlimited session grow
-- Clément <clem.oudot@gmail.com> Fri, 21 Dec 2018 15:12:13 +0100
379
380
381
382
383
384
385
386
387
388
389
390
391
392
393
394
395
396
397
398
399
400
401
402
403
404
405
406
407
408
409
410
411
412
413
414
415
416
417
418
419
420
421
422
423
424
425
426
427
428
429
430
431
432
433
434
435
436
437
438
439
440
441
442
443
444
445
446
447
448
449
450
451
452
453
454
455
456
457
458
459
460
461
462
463
464
465
466
467
468
469
470
471
472
473
474
475
476
477
478
479
480
481
482
483
484
485
486
487
488
489
490
* Bugs:
* #757: "Attempt to free unreferenced scalar" in Lemonldap::NG::Common::Session
* #789: Apache reloading breaks SAML authentication
* #804: Uncomplete logout in Issuer modules
* #856: LemonLDAP loses exportedVars conf randomly
* #863: get_url function builds wrong Portal URL
* #918: Env variables are searched in backends
* #998: encode_base64 can be udefined after a reload by URL
* #1061: Multiple segfault using ModPerl::Registry with Apache2.4
* #1113: OIDC Provider to SAML SP does not work
* #1150: Can't get captcha to work with LDAP as backend
* #1171: Session explorer freezes when session number is high
* #1327: Facebook module not working due to API changes in Facebook
* #1420: Answering to CAS proxy requests as CAS Provider
* #1468: Enabling both Auth::SAML and Issuer::SAML breaks SLO
* New features:
* #575: Display differences between 2 conf
* #782: Node.js handler
* #819: Support of FIDO Alliance (multi-factor authentication)
* #826: Tab in portal to manage OpenID Connect consent
* #852: Possibility to reload/refresh his session without logout and relogin
* #970: REST API for Portal
* #971: Server-to-Server Handler
* #1015: Two-Factor Authentication with OTP for portal user logins
* #1019: Evaluate custom template parameters
* #1091: Handler for DevOps (SSOaaS)
* #1131: Portal plugin to "Stay connected on this device"
* #1138: Generate Content-Security-Policy headers and related
* #1148: U2F - Universal 2nd Factor Authentication
* #1151: Replace Multi by a Combination parser
* #1161: Manage access rules for CAS, SAML and OpenID Connect clients
* #1162: Capability to use Log4Perl (and other log backends)
* #1174: Auth and UserDB REST (delegation by web-service)
* #1188: Custom auth/userDB/password/register modules
* #1196: Auth::PAM module
* #1204: Propose reauthentication if higher access level is requested
* #1206: TLS support for mails
* #1208: YAML configuration backend
* #1212: Propose SSL authentication by Ajax
* #1318: Auto-Signin based on $env rules
* #1330: Menu rules for applications using SAML/CAS/OIDC
* #1359: TOTP plugin
* #1379: Feature: External Second Factor over REST API
* #1391: Mixed TOTP/U2F second factor plugin
* #1397: Plack servers support
* #1399: Yubikey as second factor
* #1419: Dispatch logger
* #1427: Alternative FastCGI-Client handler for Apache2
* #1438: Build trunk debian repository (nightly build)
* #1458: Local conf backend
* #1478: SAML Discovery Protocol (WAYF)
* #1500: Possibility to override parameters in Choice modules
* #1503: RENATER metadata download script
* #1512: Option to choose which SAML attribute will be used as "user" key
* #1535: Append Portal parameter to modify Handler Internal Cache
* #1539: Option to enable / disable languages choice display
* Improvements:
* #354: Session Explorer: possibility to order sessions by date
* #587: Selecting language while connecting to LemonLDAP
* #595: Portal powered by FastCGI (using Plack)
* #651: Common::CGI::abort should return 500 as HTTP status code
* #673: Split conf/session/flags management from the Portal $self object
* #713: Request management to handle sessions
* #803: AuthSSL : Ability to choose SSLvar or UserDB depending of the CA
* #868: Replace XML format by JSON for notifications
* #1033: Translate mail subject - forgotten password
* #1044: Adapt FastCGI server to be able to use an event Plack engine
* #1065: Provide SSL options for AuthBasic
* #1118: Manage unicode in session and configuration backends
* #1133: Translation system for mails
* #1137: Avoid using inline Javascript and CSS
* #1140: Add CSRF protection to login and password change forms
* #1160: Reorganize handler architecture
* #1173: Performance: minimize Apache::Session access
* #1181: Make Debian packages autopkgtestable
* #1183: Rewrite CAS authentication module
* #1201: IPv6 support
* #1220: Vietnamese translation
* #1222: Arabic translation
* #1232: Italian translation
* #1247: Support RSA SHA256 signature in SAML
* #1267: Allow custom regexp for vhost display
* #1302: Move all HTML fragments into templates
* #1317: Wildcard in virtualhost names
* #1322: Get user attributes in Auth module for external authentication
* #1388: Auto-generation of parameters list in doc
* #1400: CLUSTER - Status page who check the working state of LLNG
* #1418: Sentry Logger (experimental)
* #1427: Alternative FastCGI-Client handler for Apache2
* #1428: Provide better logs with Nginx
* #1429: Use cached configuration when configuration database isn't available
* #1442: Last logins not shown when second factors are enabled
* #1443: Hide countdown block when stopped
* #1445: Let's stop french manager doc translation
* #1448: Full status for Nginx
* #1461: Remember Choice and other context settings before redirecting user to an external service
* #1473: Complex nodes not well displayed in manager
* #1488: Be tolerant with whitespaces in ini file
* #1490: Be able to use DBD::MariaDB
* #1499: CSP prevents to submit OIDC consents form
* #1501: Improve Login history module
* #1504: Upgrade to bootstrap 4
* #1515: Possibility to configure main logo on portal page
* #1522: Notifications with checkbox does not work
* #1526: Portal menu application and categorie logos not displayed
* #1542: Provide sessions attributes in template
* #1546: Configuration comparator does not work
* #1550: Error when enables "SSL, Custom " Auth modules with Choice
lemonldap-ng (2.0.0~beta1) testing; urgency=low
lemonldap-ng (2.0.0~alpha3) testing; urgency=low
lemonldap-ng (2.0.0~alpha2) testing; urgency=low
lemonldap-ng (2.0.0~alpha1) testing; urgency=low
lemonldap-ng (1.9.19) oldstable; urgency=high
* Bugs:
* #1509: InactivityTimeout for applications don't work
* #1520: lemonldap-ng-cli adds a new item when deleting an item that does not exist.
* #1567: Captcha session id is too weak
* #1580: Error when saving in manager (mongoDB as ConfigurationBackend)
* #1662: id_token validity not correctly evaluated
* #1744: [Security: low] register_token used for account creation can be used as a valid session identifier
* Improvements:
* #1516: All IDP conf not usable if only one IDP misconfigured
* #1519: Cross domain authentication, ajax request and same origin policy
513
514
515
516
517
518
519
520
521
522
523
524
525
526
527
528
529
530
531
532
533
534
535
536
537
538
539
540
541
542
543
544
545
546
547
548
549
550
551
lemonldap-ng (1.9.18) stable; urgency=high
* #1479: App Category order - Cannot save
* #1476: Unescaped left brace generates a warning with Perl-5.28
* #1474: OAuth2 token_type is case insensitive
* #1514: Aliases not respecting redirect settings
* #1494: Manage applications with the lemonldap-ng-cli
* #1470: Warning when using CLI to set value which does not exists before
* #1469: SMTP timeout breaks Manager configuration save
lemonldap-ng (1.9.17) stable; urgency=high
* #1416: Attribute encoding in CAS responses
* #1426: Error with mod_auth_openidc when kid is set in JWKS
* #1423: "samlServicePrivateKeySig: Bad PEM encoding" on manager when
saving config with some valid certificates
* #1415: Improve test pages
* #1413: Possibility to add conditions to display Choice tabs
* #1407: Remote MYSQL - mysql_enable_utf8 not applied?
* #1403: Parameter to ignore some tests during saving
lemonldap-ng (1.9.16) stable; urgency=high
* #1390: Choice module allows XSS attack
* #1389: Kerberos ticket revalidated in Multi mode
* #1382: Kerberos - Username / Session uncorrectly set
* #1378: lemonldap-ng-doc unable to install on Debian 7
* #1372: Action "update-cache" in lemonldap-ng-cli does not work
* #1371: incompatibility between 1.4 portal and 1.9/2.0 handler : _utime
not defined
* #1368: Impossible to configure IssuerDB Get Parameters with RDBI backend
* #1366: Problem with kerberos and ajax and ldap ...
* #1363: Bad equality operator in Handler::Main::Jail
* #1362: Allow CAS 3.0 endpoints (/p3/serviceValidate and
/p3/proxyValidate)
* #1360: Using "force" and "cfgNum" with lemonldap-ng-cli does not work
* #1063: lemonldap-ng-fastcgi-server has a hard dependency on nginx
* #1253: Default values not saved by Manager (complex nodes)
lemonldap-ng (1.9.15) stable; urgency=high
* #1358: Encoding issues with LDAP configuration backend
* #1357: Wrong return status for processLogoutRequestMsg in SAML module
* #1356: Prevent infinite loop in LDAP group recursive search
* #1355: local session storage not being cleaned up
* #1352: Encoding issues with MySQL configuration backend
* #1351: missing dependency LWP::Protocol::https on CentOS 7 packaging
* #1349: Initial url lost during reset password workflow
* #1347: Do not allow "/" or ".." in skin parameter to avoid directory
traversal attack
* #1346: Check that skin directory exists before trying to open it
* #1345: Autoredirect does not work after session expiration
* #1343: Captcha code not removed after successful verification
* #1341: llng-fastcgi-server: Allow to listen on TCP
* #1337: mailFrom and mailReplyTo directives : bad default address
* #1281: purgeLocalCache should use conf from manager
lemonldap-ng (1.9.14) stable; urgency=high
* #707: Kerberos authentication module
* #1308: make saml work with POST sso binding and multiple authentication
* #1310: Form replay javascript generates error for fields with a dot
* #1315: Missing Mouse dependency in Debian packages
* #1316: In docs, for Alfresco, said they need to add an exclusion for
ressources path
* #1324: Allow SAML with Office365 multidomains
* #1326: SessionIndex should not be mandatory in SAML SingleLogoutRequest
* #1328: Value 0 can not be set in hidden field
* #1329: No need to 'warn' if no IDP or SP is present in configuration
* #1331: Manage UTF-8 values in HTTP headers
lemonldap-ng (1.9.13) stable; urgency=high
* [LEMONLDAP-1209] - [UTF8-Enconding] Issues with mysql backend and saml attributes
* [LEMONLDAP-1303] - Debian 9 and JSON parsing error - OpenID Connect
* [LEMONLDAP-1304] - make saml tolerant to issuerDBSAMLPath
lemonldap-ng (1.9.12) stable; urgency=high
* [LEMONLDAP-1293] - Unable to delete "Exported Attributes" in SAML SP
* [LEMONLDAP-1294] - Debian - JSON - Apache::Session module failed
* [LEMONLDAP-1295] - Bad UserInfo response wihen attribute values are Perl references
* [LEMONLDAP-1297] - Restrict reload url to the localhost
* [LEMONLDAP-1299] - Unable to use LemonLDAP on Debian Stretch - Portal issue
* [LEMONLDAP-1298] - CAS logout redirect service
lemonldap-ng (1.9.11) stable; urgency=high
* [LEMONLDAP-1244] - CGIPassAuth not usable in CentOS 7.3.1611 because of old Apache version
* [LEMONLDAP-1255] - Issue with openid-configuration.pl when updating Perl
* [LEMONLDAP-1262] - Session expired on Handler
* [LEMONLDAP-1277] - Missing screen shot in documentation
* [LEMONLDAP-1288] - Empty hash configuration parameters are converted to empty scalar trough SOAP
* [LEMONLDAP-1289] - Proxy authentication module does not catch authentication error
* [LEMONLDAP-1245] - adding salt feature for database backend
* [LEMONLDAP-1254] - APT warning on weak digest algo on lemonldap repository
* [LEMONLDAP-1256] - Avoid 'forcedSAML' in Choice module
* [LEMONLDAP-1261] - SAML SessionIndex may leak SSO data and cause interoperability issues
* [LEMONLDAP-1263] - No error message when backend is in ReadOnly
* [LEMONLDAP-1270] - Logout_*
* [LEMONLDAP-1243] - LinkedIn authentication module
* [LEMONLDAP-1286] - httpd dependency
lemonldap-ng (1.9.10) stable; urgency=high
* [LEMONLDAP-1202] - CSS an JS not correctly loaded in FR offline doc
* [LEMONLDAP-1203] - NginX handler and CDA does not work
* [LEMONLDAP-1207] - GUI Error (HTTP 500) on Issuer module "GET"
* [LEMONLDAP-1214] - No display type selected when session expired and authentication done via Mutli or Choice
* [LEMONLDAP-1218] - Warning on expired session can break transparent authentication
* [LEMONLDAP-1231] - debian wheezy doc package not working
* [LEMONLDAP-1233] - redirect_uri parameter validity should be checked first to avoid unwanted redirections
* [LEMONLDAP-1211] - Provide error page / error message for error 404 and 502
* [LEMONLDAP-1219] - Reject same SAML EntityID for Service Providers
* [LEMONLDAP-1225] - Lost Password error message
lemonldap-ng (1.9.9) stable; urgency=high
* [LEMONLDAP-1081] - SAML artifact server double encode UTF-8 characters
* [LEMONLDAP-1193] - entityID not found in metadata if value is between simple quotes instead of double quotes
* [LEMONLDAP-1195] - JS error when clicking on export configuration
* [LEMONLDAP-1197] - CSP errors in Manager
* [LEMONLDAP-1199] - Compilation error in IssuerDBOpenIDConnect.pm
* [LEMONLDAP-1187] - Make crypto functions available in safe jail
* [LEMONLDAP-1191] - Brute force protection for OIDC
* [LEMONLDAP-1200] - Force AllowCreate in NameIDPolicy for broken SAML clients
640
641
642
643
644
645
646
647
648
649
650
651
652
653
654
655
656
657
658
659
660
661
662
663
664
665
666
667
668
669
lemonldap-ng (1.9.8) stable; urgency=high
* [LEMONLDAP-1121] - Fail to require customNginxHandler
* [LEMONLDAP-1130] - SOAP request fail (FCGI) - missing path info
* [LEMONLDAP-1136] - Mail reset form allows email enumaration
* [LEMONLDAP-1139] - Errors "Session cannot be tied"
* [LEMONLDAP-1141] - Bad encoding in reset password emails
* [LEMONLDAP-1145] - Missing user identifier in mail reset log messages
* [LEMONLDAP-1147] - SAML session ID
* [LEMONLDAP-1149] - lemonldap-ng-fastcgi-server not working on CentOS7
* [LEMONLDAP-1152] - jquery-ui.min.js not found
* [LEMONLDAP-1155] - Typo in OIDC OP for keeping acr_values parameter
* [LEMONLDAP-1159] - Session concurrency issue with SAML + OpenID Connect flow
* [LEMONLDAP-1166] - Typo in bootstrap footer.tpl
* [LEMONLDAP-1170] - Browse sessions by ip address duplicates entries
* [LEMONLDAP-1179] - Bad session count in sessions explorer multi IP tab
* [LEMONLDAP-1086] - Make Debian packages autopkgtestable
* [LEMONLDAP-1120] - Add public pages concept in LemonLDAP::Portal
* [LEMONLDAP-1122] - Enclose expressions
* [LEMONLDAP-1125] - Avoid using unsafe eval Javascript
* [LEMONLDAP-1127] - SAML: Reject same entityID on different Metadata
* [LEMONLDAP-1132] - Warn users about session expired in portal
* [LEMONLDAP-1135] - Warnings in unit tests
* [LEMONLDAP-1143] - Manage doc indexing using robots.txt to avoid indexing old doc
* [LEMONLDAP-1144] - Add vhost in reject log message
* [LEMONLDAP-1156] - Export OpenIDConnect request parameters in %ENV
* [LEMONLDAP-1158] - Export CAS request parameters in %ENV
* [LEMONLDAP-1129] - Extract CN field from SSL certificate (authSSL)
* [LEMONLDAP-1177] - Custom skin lost when submitting login form
lemonldap-ng (1.9.7) stable; urgency=high
* [LEMONLDAP-1097] - invalid base64 encoding on openidconnect key2jwks
* [LEMONLDAP-1099] - FCGI: reload method return Internal Server Error
* [LEMONLDAP-1101] - SAML IDP-initiated : Federation not found on login
* [LEMONLDAP-1102] - Random access denied
* [LEMONLDAP-1105] - Broken openidconect oidcRPMetaDataOptionsExtraClaims parsing (or saving) when using sql datastore
* [LEMONLDAP-1107] - Use of uninitialized value in pattern match...Simple.pm line 1561
* [LEMONLDAP-1109] - Notification DBI backend has compilation error
* [LEMONLDAP-1117] - Corrupted persistent session when value has accentued characters and storage is LDAP
* [LEMONLDAP-1096] - Use manager libraries for doc with "external" hook
* [LEMONLDAP-1098] - Allow access tokens to be gathered as parameters too
* [LEMONLDAP-1100] - Create custom lltype for custom handler
* [LEMONLDAP-1104] - Allow the parameters for the reload url to contain basic credentials
* [LEMONLDAP-1106] - returnJSONError on _OpenIDConnect.pm should return a 400 status not a 200
* [LEMONLDAP-1108] - caFile/caPathc options should be available for LDAPS, not only for LDAP+TLS
* [LEMONLDAP-1110] - Provide autopkgtest tests
* [LEMONLDAP-1114] - Missing DirectoryIndex in offline documentation
* [LEMONLDAP-1116] - Change how we check signatures on SAML messages
* [LEMONLDAP-173] - Token for cross domain authentication
* [LEMONLDAP-1115] - Documentation error
lemonldap-ng (1.9.6) stable; urgency=high
* [LEMONLDAP-1058] - Timeout on save conf
* [LEMONLDAP-1060] - Missing reload target for nginx
* [LEMONLDAP-1064] - getApacheSession not working with id
* [LEMONLDAP-1068] - Error in logout request
* [LEMONLDAP-1069] - start-stop-daemon warning in lemonldap-ng-fastcgi-server init script
* [LEMONLDAP-1071] - OpenID Connect discovery: LLNG does not use booleans
* [LEMONLDAP-1075] - Unable to add rule or header in a vhost using lemonldap-ng-cli
* [LEMONLDAP-1076] - IDP resolution rule is no more available in Manager
* [LEMONLDAP-1078] - CryptoJS URL have changed
* [LEMONLDAP-1079] - Security options for SAML are set to Off by default
* [LEMONLDAP-1080] - Typo is URL matching for Auth OpenID
* [LEMONLDAP-1093] - /run/llng-fastcgi-server is deleted on reboot
* [LEMONLDAP-1094] - typo in error_pt.al
* [LEMONLDAP-1001] - Possibility to configure the update interval used for timeout activity
* [LEMONLDAP-1065] - Provide SSL options for AuthBasic
* [LEMONLDAP-1082] - Return explicit error if no token endpoint auth method is set
* [LEMONLDAP-1083] - Create an option to not store SAML/OIDC tokens in session
* [LEMONLDAP-1084] - Disable SAML SLO request when LL::NG configured as SP and IDP does not support SLO
* [LEMONLDAP-1087] - Allow to check audience and time conditions separately in SAML flow
* [LEMONLDAP-1088] - Allow relayState to be a redirection URI
* [LEMONLDAP-1089] - Option to bypass consent in OpenID Connect Issuer
* [LEMONLDAP-1067] - Authbasic handler for Nginx
lemonldap-ng (1.9.5) stable; urgency=high
* [LEMONLDAP-966] - RSA Keys generated from Manager are incomplete
* [LEMONLDAP-1028] - SAML SP SOAP logout does not happen
* [LEMONLDAP-1046] - Default value for samlIDPMetaDataOptionsSSOBinding should be undef
* [LEMONLDAP-1047] - SAML SLO from IDP does not work when SP is LL::NG
* [LEMONLDAP-1048] - Unable to upgrade a configuration from 1.4 to 1.9 using lmConfigEditor
* [LEMONLDAP-1049] - Unable to read LDAP session in 1.4 format with 1.9 version
* [LEMONLDAP-1050] - signing in to chrome devices via sso is broken
* [LEMONLDAP-1054] - test_config not found in lemonldap-ng-fastcgi-server init script
* [LEMONLDAP-1059] - Portal disconnection warning
* [LEMONLDAP-1043] - Display total number of sessions
* [LEMONLDAP-1045] - Wrong SAML attributes encoding issued by IDP
* [LEMONLDAP-1052] - Use Lasso 'thin-sessions'
* [LEMONLDAP-1055] - Remove network access attempts during tests
* [LEMONLDAP-1057] - Change displayed message when sending confirmation mail after password reset
* [LEMONLDAP-1056] - SAML SLO relay URL not catched
lemonldap-ng (1.9.4) stable; urgency=high
* [LEMONLDAP-1034] - Missing dependencies in documentation
* [LEMONLDAP-1036] - LDAP sessions are not purged
* [LEMONLDAP-1037] - Using LDAP as conf backend, IssuerDBGetParameters with wrong value inserted after conf save
* [LEMONLDAP-1038] - All information is lost when vhost or SAML/OIDC partner is renamed in Manager
* [LEMONLDAP-1039] - Error not displayed correctly for notification browsing
* [LEMONLDAP-1040] - Session browsing not working if _whatToTrace is missing
* [LEMONLDAP-1041] - ldapAttributeId not used everywhere in _LDAPGKFAS
* [LEMONLDAP-1035] - Manage Plack engines in FastCGI server
* [LEMONLDAP-1042] - Some information are lost when renaming OIDC/SAML partner
747
748
749
750
751
752
753
754
755
756
757
758
759
760
761
762
763
764
765
766
767
768
769
770
771
772
lemonldap-ng (1.9.3) stable; urgency=low
* [LEMONLDAP-985] - authForce is not well called trough AuthMulti
* [LEMONLDAP-997] - Circular dependency for liblemonldap-ng-handler-perl package
* [LEMONLDAP-1003] - Replace Mouse by Moose if ModPerl::Registry is used with Perl 5.22
* [LEMONLDAP-1006] - Typo in Common/Apache/Session.pm on LDAP disconnect
* [LEMONLDAP-1008] - Bad comment in lemonldap-ng.ini
* [LEMONLDAP-1009] - Version shown in Manager is not the one of the main module
* [LEMONLDAP-1010] - Problem with persistent sessions and MongoDB backend
* [LEMONLDAP-1012] - AuthTwitter is not working anymore
* [LEMONLDAP-1013] - AuthFacebook is not working anymore
* [LEMONLDAP-1014] - Example values for LDAP backend configuration are wrong
* [LEMONLDAP-1016] - Can't configure OpenID Connect RP Extra claims in lemonldap web manager
* [LEMONLDAP-1018] - Slave authentication error (Can't locate object method "checkHeader")
* [LEMONLDAP-1020] - Can't define SMTP server with port
* [LEMONLDAP-1022] - The path of the request is lost when using the url parameter of a Choice module
* [LEMONLDAP-1026] - lemonldap-ng-fastcgi-server is missing libfcgi-procmanager-perl as a dependency
* [LEMONLDAP-1029] - Missing images in Debian packaging
* [LEMONLDAP-1030] - Cannot start Manager with zero conf in LDAP backend
* [LEMONLDAP-983] - Import encrypt in functions
* [LEMONLDAP-1004] - Es, it, pt, ne and de translations
* [LEMONLDAP-1011] - Option to allow a user to reset an expired password
* [LEMONLDAP-1023] - Add documentation to nginx handler
* [LEMONLDAP-1025] - provide additional GET parameters while redirecting to handler
* [LEMONLDAP-1031] - Be less restrictive on service parameter check in CAS issuer
lemonldap-ng (1.9.2) stable; urgency=low
* [LEMONLDAP-985] - authForce is not well called trough AuthMulti
* [LEMONLDAP-988] - CPAN Tests fails for Lemonldap-NG-Common
* [LEMONLDAP-989] - CPAN Tests fails for Lemonldap-NG-Portal
* [LEMONLDAP-991] - LDAP TCP connections is still not closed
* [LEMONLDAP-992] - LL:NG use wrong variables with Multi auth
* [LEMONLDAP-994] - Can't call method "add_output_filter" on an undefined value when I logout
* [LEMONLDAP-995] - Encoding problem in menu categories and applications
* [LEMONLDAP-996] - logout_app_sso URL rejected
* [LEMONLDAP-1000] - Session errors with persistent sessions
* [LEMONLDAP-1002] - Show sent headers in debug mode
* [LEMONLDAP-986] - Propose packages for SLES 12 SP1
lemonldap-ng (1.9.1) stable; urgency=low
* [LEMONLDAP-961] - PAUSE indexer report
* [LEMONLDAP-962] - Applications logos and portal background not displayed in Manager
* [LEMONLDAP-964] - Links to change
* [LEMONLDAP-965] - Syntax checking on certificate must be more tolerant
* [LEMONLDAP-968] - Headers corrupted when authenticating with HTTP basic authentication on a protected application
* [LEMONLDAP-969] - /var/run is a tmpfs so FastCGI pid can't be written after reboot
* [LEMONLDAP-972] - Missing test for exportedHeaders
* [LEMONLDAP-974] - keyMsgFail are missing in Manager/Attributes.pm
* [LEMONLDAP-976] - $ENV is replaced by $datas->{ENV}
* [LEMONLDAP-978] - CPAN Tests fails for Lemonldap-NG-Common
* [LEMONLDAP-980] - Error "password must be changed" when user not found in AD
* [LEMONLDAP-984] - Allow to set replica for MongoDB configuration backend
* [LEMONLDAP-973] - Activate maintenance mode if reval() fails
* [LEMONLDAP-185] - Check configuration uploaded by lmConfigEditor
806
807
808
809
810
811
812
813
814
815
816
817
818
819
820
821
822
823
824
825
826
827
828
829
830
831
832
833
834
835
836
837
838
839
840
841
842
843
844
845
846
847
* [LEMONLDAP-176] - POST Handler feature does not work with mod_proxy
* [LEMONLDAP-395] - LL::NG::Handler::CGI ignores some config parameters
* [LEMONLDAP-729] - Handler Jail may be inconsistent with its attributes
* [LEMONLDAP-759] - Cannot store Conf or Sessions in AD (was Storable appears to not work on 64-bit OS)
* [LEMONLDAP-767] - future deprecated dependency
* [LEMONLDAP-777] - Password fiedls in Manager
* [LEMONLDAP-802] - Apache2::Connection remote_ip not supported in Apache 2.4
* [LEMONLDAP-825] - Error when session is not in backend but only in cookie
* [LEMONLDAP-827] - Error encoding of passwords when using special characters in file lmconf.
* [LEMONLDAP-828] - wrong Makefile target for translation
* [LEMONLDAP-835] - Interface with unicode
* [LEMONLDAP-840] - Auth-User HTTP Header appears even if no HTTP Headers defined on VHost
* [LEMONLDAP-854] - Manager returns "Not authorized" with Apache 2.4 and fr-doc not installed
* [LEMONLDAP-858] - Error 500 at Save (on virtualHost Rules), when the displayName of one Category Portal Menu contains accentuated Character
* [LEMONLDAP-866] - Configuration deletion does not work
* [LEMONLDAP-867] - 404 errors in documentation
* [LEMONLDAP-870] - _lastSeen should be updated when a issuer module (ex: CAS) is called
* [LEMONLDAP-872] - Omegat does not end
* [LEMONLDAP-914] - Password expiration interception in Multi mode
* [LEMONLDAP-922] - SAML Error on update session
* [LEMONLDAP-923] - Error save conf SlaveMasterIp
* [LEMONLDAP-948] - openid userinfo endpoints need Authorization header
* [LEMONLDAP-954] - GLPI link is broken
* [LEMONLDAP-955] - GRR link is broken
* [LEMONLDAP-958] - Infinite redirection loop when redirected from Handler for an error (403/500/503)
* [LEMONLDAP-428] - Ergonomic items
* [LEMONLDAP-534] - splice not necessary to parse @_ in subroutines
* [LEMONLDAP-633] - unify var substitution in locationRules and exportedHeaders
* [LEMONLDAP-717] - Handler init management
* [LEMONLDAP-733] - Form replay refactoring
* [LEMONLDAP-776] - Use Bootstrap for Manager
* [LEMONLDAP-787] - [UserDB][LDAP] Allow alias dereferencing in search
* [LEMONLDAP-790] - Portal should not return HTML for AJAX requests
* [LEMONLDAP-794] - Default values must be set before storing in local cache
* [LEMONLDAP-795] - Propose JSON serialization in Apache::Session to be able to access to sessions with other languages
* [LEMONLDAP-796] - Replace our own serializer by JSON in Conf/File.pm
* [LEMONLDAP-798] - Avoid opening local cache when root
* [LEMONLDAP-815] - Improve the cookie name regexp
* [LEMONLDAP-821] - JSON File as new default configuration backend
* [LEMONLDAP-824] - autocomplete=off does not prevent anymore password manager use
* [LEMONLDAP-833] - Manager - Multi : display only the selected modules
* [LEMONLDAP-865] - Check conditions in AuthSlave and UserDBSlave
* [LEMONLDAP-877] - Replace Storable by JSON to be arch independent
849
850
851
852
853
854
855
856
857
858
859
860
861
862
863
864
865
866
867
868
869
870
871
872
873
874
875
876
877
878
879
880
881
882
883
884
885
886
887
888
889
890
891
892
893
894
895
896
897
898
899
900
901
902
903
904
905
906
907
908
909
910
911
912
913
914
915
916
917
918
919
920
921
922
923
924
925
926
927
928
929
930
931
* [LEMONLDAP-908] - Replace own minifier by external
* [LEMONLDAP-911] - Possibility to set a specific logo for a choice module
* [LEMONLDAP-917] - Possibility to define finely sessions timeout activity
* [LEMONLDAP-924] - Manager not checking regex before saving
* [LEMONLDAP-930] - Scripts must have POD
* [LEMONLDAP-946] - Set cfgAuthor to lmConfigEditor
* [LEMONLDAP-24] - Browse configuration versions and apply them
* [LEMONLDAP-183] - OAuth 2.0 / OpenID Connect authentication module
* [LEMONLDAP-184] - OAuth 2.0 / OpenID Connect provider module
* [LEMONLDAP-227] - VirtualHost Copy/paste functions in Manager
* [LEMONLDAP-287] - Implement HTTP Strict Transport Security
* [LEMONLDAP-495] - Persistent sessions Explorer
* [LEMONLDAP-583] - Nginx handler
* [LEMONLDAP-630] - Modularization of Handler code
* [LEMONLDAP-770] - Configuration of portal background
* [LEMONLDAP-773] - Implement CAS 3.0 Protocol (attributes exchange)
* [LEMONLDAP-800] - MongoDB configuration and session backend
* [LEMONLDAP-820] - New Manager interface with AngularJS
* [LEMONLDAP-836] - Add Choice to included X509 certificate in Signature of SAML Messages, when LL::NG acts as IDP
* [LEMONLDAP-915] - Portal message customization
* [LEMONLDAP-925] - New Notification Explorer
* [LEMONLDAP-935] - Capability to duplicate virtualhost
* [LEMONLDAP-864] - SAML and manager translations(utf8)
* [LEMONLDAP-859] - Perl-Digest-SHA is not listed at dependencies documentation
* [LEMONLDAP-873] - Change screenshots in doc
* [LEMONLDAP-891] - Remove "return to SP link"
* [LEMONLDAP-909] - Push French translation into sources
* [LEMONLDAP-932] - Packages for RHEL / CentOS
* [LEMONLDAP-871] - Manager protection
* [LEMONLDAP-874] - Add portal and logout links, add current version
* [LEMONLDAP-878] - Button to download file
* [LEMONLDAP-879] - Possibility to have a certificate instead of a public key
* [LEMONLDAP-880] - Bug in Logs node
* [LEMONLDAP-881] - Load metadata from file
* [LEMONLDAP-882] - Problem with radio buttons in samlAttributeContainer component
* [LEMONLDAP-883] - Bug with choices modules confguration
* [LEMONLDAP-884] - Optional URL in AuthChoices module
* [LEMONLDAP-885] - Unable to register OpenID Connect metadata
* [LEMONLDAP-886] - favicon disappear when using configuration tab
* [LEMONLDAP-888] - SAML attributes and other options not saved
* [LEMONLDAP-889] - Saving an old configuration leads to "No such file or directory"
* [LEMONLDAP-892] - Set OpenID Connect standard attributes in default values
* [LEMONLDAP-893] - Unable to download configuration
* [LEMONLDAP-894] - Get another default component for nodes
* [LEMONLDAP-895] - Associated help is not displayed in SAML SP/IDP
* [LEMONLDAP-896] - Labels for samlSP and samlSPName not displayed
* [LEMONLDAP-897] - Handler Status does not work
* [LEMONLDAP-898] - Handler Menu does not work
* [LEMONLDAP-899] - Button to show/hide documentation panel
* [LEMONLDAP-900] - Fill the domain when creating a new virtual host
* [LEMONLDAP-901] - Propose default names for IDP/SP/OP/RP
* [LEMONLDAP-902] - Replace javascript prompts by dialogs/modals
* [LEMONLDAP-903] - ZeroConf
* [LEMONLDAP-904] - Open IDP/SP node after its creation
* [LEMONLDAP-905] - Login is displayed in errors
* [LEMONLDAP-906] - Hide inaccessible modules in manager interface
* [LEMONLDAP-907] - Deleting a menu entry isn't detected
* [LEMONLDAP-913] - XS mode: menu never visible when tree is displayed
* [LEMONLDAP-916] - missing semicolons in Makefile
* [LEMONLDAP-919] - Choosing Multi module should not lock passwordDB configuration
* [LEMONLDAP-920] - Clear cfgLog when using lmConfigEditor
* [LEMONLDAP-921] - Implement lemonldap-ng-cli wth new configuration code
* [LEMONLDAP-926] - Error is not displayed to user
* [LEMONLDAP-927] - Use modal instead of alert
* [LEMONLDAP-928] - Bad notification encoding
* [LEMONLDAP-929] - Manage other portal CGIs
* [LEMONLDAP-934] - LLNG status for Nginx
* [LEMONLDAP-936] - Extra headers sent to protected applications
* [LEMONLDAP-938] - Can't save conf due to bad custom function name
* [LEMONLDAP-940] - Timout for reloadUrls
* [LEMONLDAP-941] - Aliases not taken into account
* [LEMONLDAP-942] - Session explorer not usable with Apache::Session::Browseable::MySQL
* [LEMONLDAP-943] - Zimbra Handler
* [LEMONLDAP-944] - Notifications - invalid date
* [LEMONLDAP-945] - Auto-protected CGI not working
* [LEMONLDAP-947] - Notifications cannot be purged for DBI and LDAP
* [LEMONLDAP-949] - Handler PSGI should set LMREMOTE_USER
* [LEMONLDAP-950] - spelling
* [LEMONLDAP-952] - Errors not displayed in Notifications Explorer
* [LEMONLDAP-953] - Notifications are mixed under the same letter
* [LEMONLDAP-956] - Custom functions don't work with useSafeJail
* [LEMONLDAP-957] - Replace $http.success() by .then()
lemonldap-ng (1.4.11) stable; urgency=low
* [LEMONLDAP-1068] - Error in logout request
* [LEMONLDAP-1080] - Typo is URL matching for Auth OpenID
* [LEMONLDAP-1092] - Net::LDAP does not have an uri method in el5
* [LEMONLDAP-1001] - Possibility to configure the update interval used for timeout activity
* [LEMONLDAP-1052] - Use Lasso 'thin-sessions'
* [LEMONLDAP-1083] - Create an option to not store SAML/OIDC tokens in session
* [LEMONLDAP-1084] - Disable SAML SLO request when LL::NG configured as SP and IDP does not support SLO
lemonldap-ng (1.4.10) stable; urgency=low
* [LEMONLDAP-985] - authForce is not well called trough AuthMulti
* [LEMONLDAP-1034] - Missing dependencies in documentation
* [LEMONLDAP-1047] - SAML SLO from IDP does not work when SP is LL::NG
* [LEMONLDAP-1050] - signing in to chrome devices via sso is broken
* [LEMONLDAP-1059] - Portal disconnection warning
* [LEMONLDAP-1057] - Change displayed message when sending confirmation mail after password reset
lemonldap-ng (1.4.9) stable; urgency=low
* [LEMONLDAP-1003] - Replace Mouse by Moose if ModPerl::Registry is used with Perl 5.22
* [LEMONLDAP-1006] - Typo in Common/Apache/Session.pm on LDAP disconnect
* [LEMONLDAP-1022] - The path of the request is lost when using the url parameter of a Choice module
* [LEMONLDAP-1027] - Can't locate object method "client_ip" via package "Apache2::Connection"
* [LEMONLDAP-1004] - Es, it, pt, ne and de translations
* [LEMONLDAP-1031] - Be less restrictive on service parameter check in CAS issuer
lemonldap-ng (1.4.8) stable; urgency=low
* [LEMONLDAP-985] - authForce is not well called trough AuthMulti
* [LEMONLDAP-991] - LDAP TCP connections is still not closed
* [LEMONLDAP-992] - LL:NG use wrong variables with Multi auth
* [LEMONLDAP-1000] - Session errors with persistent sessions
* [LEMONLDAP-986] - Propose packages for SLES 12 SP1
lemonldap-ng (1.4.7) stable; urgency=low
* [LEMONLDAP-802] - Apache2::Connection remote_ip not supported in Apache 2.4
* [LEMONLDAP-842] - manager configuration tree does not display correctly
* [LEMONLDAP-866] - Configuration deletion does not work
* [LEMONLDAP-958] - Infinite redirection loop when redirected from Handler for an error (403/500/503)
* [LEMONLDAP-964] - Links to change
* [LEMONLDAP-968] - Headers corrupted when authenticating with HTTP basic authentication on a protected application
* [LEMONLDAP-976] - $ENV is replaced by $datas->{ENV}
* [LEMONLDAP-980] - Error "password must be changed" when user not found in AD
lemonldap-ng (1.4.6) stable; urgency=low
* [LEMONLDAP-705] - SAML with Signature Method rsa-sha256
* [LEMONLDAP-715] - Multi with # in the module name: error while calling authLogout
* [LEMONLDAP-720] - Error with CPAN tests
* [LEMONLDAP-823] - duplicated groups when recursive groups enabled
* [LEMONLDAP-841] - Error in extract_lang with a value with *
* [LEMONLDAP-843] - localStorage replaced by localSessionStorage
* [LEMONLDAP-845] - Session activity not updated
* [LEMONLDAP-846] - Session cache not purged
* [LEMONLDAP-848] - Do not call 'perl' directly (see RT#107205)
* [LEMONLDAP-849] - Syntax checking on domain name is too restrictive
* [LEMONLDAP-850] - SOAP data not well formatted
* [LEMONLDAP-768] - Fixed with for application boxes in menu in bootstrap skin
* [LEMONLDAP-771] - Adapt foot size in mobile mode for Bootstrap skin
* [LEMONLDAP-822] - checking pwdLastSet in AD is not sufficient
* [LEMONLDAP-785] - Display password expiration management with Active Directory
* [LEMONLDAP-792] - Support for multivaluated attributes in LDAP for groups
lemonldap-ng (1.4.5) stable; urgency=low