Skip to content
changelog 122 KiB
Newer Older
Clément OUDOT's avatar
Clément OUDOT committed
lemonldap-ng (2.0.7) stable; urgency=medium

  * Bugs:
    * #1893: Issuer urldc is lost after error in 2F flow
    * #1909: Reset password by email issue
    * #1943: [Security: medium, CVE-2019-19791] Apache access rules and SOAP/REST endpoints
    * #1945: passwordpolicy.tpl contains wrong tag
    * #1948: Tranlation menu does not work with Diff.html
    * #1949: Don't Store Password shows password in cleartext
    * #1952: "Attributes and macros" session keys should not be translated
Clément OUDOT's avatar
Clément OUDOT committed
    * #1953: Outgoing emails are missing a Date: field
Clément OUDOT's avatar
Clément OUDOT committed
    * #1954: zimbra preauth not working
    * #1955: Redirection lost after notification validation
    * #1960: REST config service not working
    * #1961: IDP selection rule regression in 2.0.0
    * #1963: Server Error with OpenID Connect register endpoint
    * #1964: Diff.html does not work with minified JS
    * #1966: Configuration reload does not apply changes to location rules
    * #1968: skippedUnitTests/skippedGlobalTests have no effect
    * #1969: Force password reset with LDAP password policy does not work if macro _whatToTrace is not defined
    * #1974: ServiceToken handler TTL value always set to default
Clément OUDOT's avatar
Clément OUDOT committed
    * #1984: Reset expired password doesn't trigger when using Combination
Clément OUDOT's avatar
Clément OUDOT committed
    * #2005: Error in portal "refresh my rights" feature when whatToTrace value is not equal to login
    * #2009: Display authentication error on login form with Combination Kerberos + LDAP
    * #2010: Kerberos not working with session upgrade
    * #2012: Several issues with notification system
    * #2013: Handler, yum install
    * #2018: After temporary ldap failure, ldap connections stop working forever
    * #2038: Missing type attribute in 2FA HTML inputs
    * #2045: Authenticating with external OpenID Connect Provider fails because of special chars in user name

  * New features:
Clément OUDOT's avatar
Clément OUDOT committed
    * #813: Provide refresh tokens in OpenID Connect
Clément OUDOT's avatar
Clément OUDOT committed
    * #1605: certificate reset by mail
    * #1956: DecryptValue plugin
    * #1999: Possibility to view/close other sessions opened for the same user
    * #2006: Create a web service for "refresh my rights"

  * Improvements:
    * #1590: Possibility to configure new plugins in Manager
    * #1905: Append overScheme for persistent sessions
    * #1941: After logged out from SP we are always redirected to IdP - Unable to go back to SP Portal
    * #1947: Highlight active module with Diff.html
    * #1967: allow differents type of managerDN
    * #1983: The script purgeCentralCache should be more fault tolerant
    * #1988: Append a requiredAuthenticationLevel option for each uri
    * #1989: Main logo and lang icons are missing with upgradesession template
    * #1991: Some user logs not using whatToTrace for username
    * #1993: Same issue like (#1884) occures with Issuer redirection
    * #1994: Append varInUri extended function
    * #1995: Add an option to force claims in ID token
    * #1996: REQUEST_URI env variable is not set by CheckUser plugin
    * #1997: Enable checkTime option by default
Clément OUDOT's avatar
Clément OUDOT committed
    * #1998: Misleading token ID format
Clément OUDOT's avatar
Clément OUDOT committed
    * #2003: Possibility to set attributes and extra claims in OIDC registration endpoints
    * #2007: Password change prompt displayed even if initial auth fails
    * #2008: Specific message and error code for 2F failure
    * #2011: Create a function to test if a value belongs to a list
    * #2012: Several issues with notification system
    * #2014: New script to convert sessions between backends
    * #2019: Renew Captcha button
    * #2024: Change default value for cspFormAction
    * #2042: Add per-service macros

Clément OUDOT's avatar
Clément OUDOT committed
 -- Clément <clem.oudot@gmail.com>  Sat, 21 Dec 2019 16:59:22 +0100
Clément OUDOT's avatar
Clément OUDOT committed

Clément OUDOT's avatar
Clément OUDOT committed
lemonldap-ng (2.0.6) stable; urgency=medium

  * Bugs:
    * #1834: Use base64 URL for JWT generation
    * #1838: Return claims from scope values in ID token if no access token requested
    * #1852: SAML request lost after notification
    * #1853: Adding a second notification with same reference is not refused
    * #1856: Unable to validate more than one notification (JSON format)
    * #1857: Message "session is expired" if a notification is  refused
    * #1861: Persistent data and notification validation
    * #1863: Duplicate Set-Cookie header when sending lemonldappdata and lemonldap cookies
    * #1864: incorrect loading of SAML metadata when entityID containts html-encoded characters
    * #1865: Dependencies missing in RPM
    * #1866: Skin parameter is lost in second factor choice
    * #1867: Bad error template with Combination and OTT timeout
    * #1868: Yubikey enrolment failed on Internet Explorer
    * #1869: [Security:low] psessions case sensitivity might impact security of 2FA when using case-insensitive auth backends
    * #1874: OTT not regenerated after submitting TOTP form with an expired OTT
    * #1875: Variables from Users module DBI is not used when Authentication module is LDAP (chain: [LDAP,DBI]
    * #1876: $_ no longer works in macros, rules and headers since 2.0
    * #1878: Pdata cookie not cleared after cross domain Auth request
    * #1880: [Security:low] Restricted users can edit conf by using default route
    * #1881: [Security:high] oidc authorization codes are not tied to their RP
    * #1883: Infinite loop when displaying sessions by IP address
    * #1889: No changes detected by Manager when removing CAS/OIDC attributes from a CAS application / OIDC RP or provider
    * #1890: LinkedIn v1 API is not available anymore
    * #1891: GET parameter "cancel" with Choice and CAS authentication
    * #1897: Emails are sometimes sent in the wrong language
    * #1898: Handler SecureToken is not working anymore
    * #1901: Handler error if a header definition is empty
    * #1903: Mail password reset and Combination with LDAP does not work
    * #1906: Missing MAIN_LOGO variable in redirect.tpl
    * #1910: Issue with "force password change on next login" feature with LDAP
    * #1915: Skin selected by rule is lost in 2FA process
    * #1922: Accentuated UTF-8 value of header is UTF-8 encoded again by handler
    * #1925: AuthBasic handler does not work with AuthChoice
    * #1933: [Security:low] nginx portal example file does not filter REST urls
    * #1935: [Security:medium] AuthSlave does not check credential headers

  * New features:
    * #993: Define a local password policy
    * #1783: ContextSwitching plugin
    * #1843: OAuth2 introspection endpoint
    * #1847: Radius 2F module
    * #1860: Multiple instances of 2F modules

  * Improvements:
    * #1619: Support IBM Tivoli Directory Server (ITDS)
    * #1702: Improve log generated by lemonldap
    * #1825: Possibility to disable persistent sessions
    * #1829: Redirection lost between SSL/Ajax and SAML
    * #1831: Warning in lemonldap-ng-cli
    * #1832: Add save/restore in CLI help message and control restore parameters
    * #1833: Show cli errors on file access
    * #1835: [Security:improvement] Do not accept a "none" signature in JWT if we enforce signature verification
    * #1842: Merge userLogger notice with logger debug
    * #1844: CheckUser plugin does not compute real session attributes if Impersonation is enabled
    * #1846: Adapt response_types_supported / grant_types_supported attributes in OpenID Connect metadata depending on configured flows
    * #1849: CDA is not compatible with Handler::PSGI::Try
    * #1850: No "Session granted" log if grantSession plugin not enabled
    * #1851: Append notification REST services
    * #1862: When displaying notifications, sort them by date and references
    * #1870: REST Api endpoint "error"
    * #1873: Labels for 2FA choices
    * #1879: [security:low] Access token expiration time is not enforced on userinfo or OAuth handler
    * #1882: Confusing default OIDC issuer setting
    * #1884: Force Upgrade tokens to be stored into global storage if auth and authssl are served by different load balancers
    * #1885: Append an option to log an extra parameter
    * #1888: Javascript error on textContent method with .Net framework and WPF
    * #1896: Add _session_kind to default SOAP/REST exported attributes
    * #1899: Fix portal and manager display for Internet Explorer
    * #1904: Append an option "don t compact conf" + debug log + compact CAS parameters if not enabled
    * #1908: Complete blackout probably due to uncontroled SQL connexion timeout
    * #1913: Append an option to allow / forbid browsers to store users password
    * #1916: Issuer OTT timeout
    * #1919: Customizable error message when a required SAML attribute is missing
    * #1923: REST ression server is too intolerant of clock drift
    * #1927: Implement  CORS preflight request
    * #1928: Option to hide password generation checkbox in mail password reset plugin
    * #1929: Custom functions are not imported into Safe Jail
    * #1930: Display password change form after a password policy error in mail reset password plugin
    * #1931: Disable password input field until font is fully downloaded by browser
    * #1932: REST session server should return both session and _httpSession id
    * #1936: Append an option to display Slave logo
    * #1938: CheckUser plugin : include search parameters

 -- Clément <clem.oudot@gmail.com>  Tue, 24 Sep 2019 11:13:39 +0200

lemonldap-ng (2.0.5) stable; urgency=medium

  * Bugs:
    * #1521: The manager renames the id of applications created by lemonldap-ng-cli
    * #1655: Can't delete notifications from the manager
    * #1717: Warnings "Devel::StackTrace" when using unnative Perl functions
    * #1746: Impersonation does not work with double cookies authentication
    * #1749: Authentication with "Double Cookies for a single session" (securedCookie==3) does not work
    * #1753: Logout with CASv2 is not working (Bad URL)
    * #1754: Configuration caching issue when overriding globalStorage in lemonldap-ng.ini
    * #1755: CheckUser plugin fails if OTT globalStrorage is enabled
    * #1759: Server Error when OpenID Connect provider enabled without any RP
    * #1762: CDA sessions are not removed when handler uses SOAP
    * #1775: Authentication with double cookies fails when uniq session is enabled
    * #1777: Server Error with SAML SLO and expired SSO session
    * #1779: Go to portal message not translated in register confirmation mail
    * #1795: [Security: low] CAS 3.0 Logout does not validate redirect URL
    * #1800: Auth::Slave is unusable with Choice
    * #1802: No error returned if no code provided on OpenID Connect token endpoint
    * #1805: Auth::LDAP unusable in combination if UserDB::LDAP isn't called
    * #1809: UserDB::DBI with Auth::LDAP seems to not work properly
    * #1810: [Security: low] llng-fastcgi-server could fail to setgid
    * #1811: Lua-headers file is missing
    * #1813: searchOn* does not work when a portal uses REST session backend
    * #1814: Local cache not fully purged
    * #1818: [Security:low] XXE vulnerability in SOAP notification server
    * #1819: Portal Notification server unusable with old XML format
    * #1821: Pdata not cleared after session upgrade
    * #1822: Session upgrade does not work with 2FA
    * #1824: lmConfigEditor does not work anymore
    * #1826: Race condition on SSL login form button

  * New features:
    * #1796: Display a message if an expired 2f device is removed

  * Improvements:
    * #1706: html not interpreted for translated messages
    * #1723: Real authentication is masked when using proxy authentication module
    * #1732: Sessions explorer and Browseable::Postgres
    * #1734: RPM version uses JSON::PP instead of JSON::XS
    * #1747: Logging out from portal cause an error with doubleCookie after refreshing rights
    * #1750: Wrong version / author / IP / log in lemonldap-ng-cli
    * #1758: Warnings in Viewer.pm when saving configuration
    * #1763: Transmission of Authorization header should probably be on by default
    * #1764: Set choosen language in user session
    * #1765: Better CORS handling
    * #1766: Warning in logs with SAML
    * #1767: Append startTime overScheme to display sessions to avoid browser crash
    * #1769: CSRF token is not automatically regenerated after a failed login with Auth::Choice
    * #1770: Add save/restore commands in cli
    * #1771: SSO sessions _updateTime value is not updated after a refresh request
    * #1773: Append option to modify service Token handler TTL
    * #1774: CheckUser plugin does not work with SAML
    * #1782: Append an option to set 2FA TTL
    * #1791: Append an option in Manager to merge only specified SSO groups with Impersonation
    * #1797: Allow ServiceToken to send service headers
    * #1799: StorePassword in session not working when using session REST server
    * #1827: Using lemonldap-ng-cli info gives warning with default configuration
    * #1828: 2F plugins and method loadTemplate are not using skin rules
    * #1830: [Security:improvement] Improved use of cryptography

 -- Clément <clem.oudot@gmail.com>  Sat, 29 Jun 2019 22:25:02 +0200

Yadd's avatar
Yadd committed
lemonldap-ng (2.0.4) stable; urgency=high

  * Bugs:
    * #1684: UI manager: boolean values do not appears in configuration forms with Yaml config format
    * #1709: ViewDiff template not displayed
    * #1710: Configuration keys not displayed in Viewer
    * #1716: [Security:minor] Update jQuery
    * #1720: Duplicate session opening when using multiple Kerberos instances in Combination
    * #1724: CAS 1.0 /validate endpoint does not return username
    * #1726: Deb package: missing dependency IO::String
    * #1733: Invalid default crontab in RPM
    * #1736: Configuration version in Manager is different from software version
    * #1738: Error not well catched with Ext2F
    * #1741: Deleted category is not detected as a change when saving conf.
    * #1742: [Security: high] Setting tokenUseGlobalStorage allows unauthenticated users to access the portal (and applications without rules)
    * #1743: [Security: low] register_token used for account creation can be used as a valid session identifier
    * #1746: Impersonation does not work with double cookies authentication

  * New features:
    * #1146: Allow Handler to read OAuth2 access token instead of browser cookie
    * #1722: [Security: improvement] PKCE to secure OIDC Authorization Code flow

  * Improvements:
    * #1703: Fix faulty headers on a null value
    * #1711: Return Session ID when authentication is done via REST
    * #1712: Display idpChoice cancel button only if AuthChoice is enabled
    * #1713: CAS : Allow per application CAS login override
    * #1714: Check logLevel value
    * #1725: Allow unauthenticated clients on OIDC token endpoint
    * #1728: Improve redirect page
    * #1729: Display error if SAML service is enabled without private and public keys signature
    * #1730: Sort real and spoofed attributes in CheckUser and Session explorer
    * #1735: Highlight valid SSO sessions in sessions explorer
    * #1739: Improve log in Grant Session plugin

 -- Clément <clem.oudot@gmail.com>  Sun, 12 May 2019 16:17:01 +0200

Yadd's avatar
Yadd committed
lemonldap-ng (2.0.3) stable; urgency=medium
Clément OUDOT's avatar
Clément OUDOT committed

  * Bugs:
    * #1543: Redirection lost with CAS RP -> Choice -> SAML Discovery Protocol -> SAML IDP
    * #1654: Password must change on AD still not fully working
    * #1656: No IP shown in history logon
    * #1667: [Security:medium] Option userControl is not applied anymore in standard login process
    * #1671: Error in SP-initiated saml logout with multiple SP
    * #1672: In SAML Issuer, environment variables to store current SP are not filled
    * #1673: Application list display and specific rules
    * #1675: [Security:minor] Using /logout instead of /?logout=1 does not work
    * #1676: Active Directory connection information not saved
    * #1679: Default jQuery URL in form replay has changed
    * #1680: In form replay, POST data keys are not URL encoded
    * #1682: LinkedIn OAuth2 authentication is not available in combination modules list
    * #1683: Changing configuration option cspScript has no effect
    * #1684: UI manager: boolean values do not appears in configuration forms with Yaml config format
    * #1686: SOAP Portal WSDL file is invalid
    * #1691: Password policy can't display messages
    * #1692: Parameter base64 is ignored in setHiddenFormValue
    * #1693: Information is not displayed in logout process
    * #1698: Invalid pdata causes SAML login to fail after logout
    * #1703: Fix faulty headers on a null value
    * #1708: lmerror page loops on url parameter

  * New features:
    * #1632: Optionally let Ext2F module handle code generation
    * #1658: CheckUser plugin
    * #1661: Configuration viewer module
    * #1664: Impersonation plugin
    * #1697: Command-line tool to delete session for specific user(s)

  * Improvements:
    * #1549: Option to override IDP entityID
    * #1595: Possibility to override message with a custom JSON file in template
    * #1651: Disable cache on portal page
    * #1653: Allow failback to default skin when a template is not found in custom theme
    * #1660: Restore possibility to hide message in portal template
    * #1666: Display errors on login form
    * #1668: As IDP SAML, do not try to send SLO response if no SLO endpoint defined in SP metadata
    * #1670: Display "authentication in progress" when using Ajax with Kerberos
    * #1681: Change behavior with SAML mandatory/optional attributes in SAML Issuer
    * #1687: Add granted log for user and connexion informations
    * #1694: Disable CSRF token with AuthBasic
    * #1696: Remove unnecessary antiframe protection in portal javascript
    * #1699: Authentication level for REST and GPG authentication
    * #1700: Update AuthBasic handler doc : REST server is required
    * #1704: Append parameter to sort IDP, OP and CAS servers in Auth menu loop

 -- Clément <clem.oudot@gmail.com>  Thu, 11 Apr 2019 10:09:35 +0200

Yadd's avatar
Yadd committed
lemonldap-ng (2.0.2) stable; urgency=medium

  * Bugs:
    * #1574: "Manager is unprotected" message when whatToTrace value is not the default
    * #1603: Warnings with confirmation required don't work
    * #1604: Manager unit tests randomly failed
    * #1607: Safe errors when saving configuration with lmConfigEditor
    * #1610: Unable to save empty value for cookie expiration time in Manager
    * #1613: handler https redirection does not work
    * #1614: Accents not well displayed in Portal
    * #1618: Version in server signature is wrong
    * #1623: ADPwdExpireWarning and ADPwdMaxAge parameters are missing in Manager
    * #1627: Display issue with GrantSession plugin
Yadd's avatar
Yadd committed
    * #1628: [Security:minor] GrantSession plugin discloses its message to unlogged users
    * #1630: [Security:minor] SSO cookie is sent to protected applications with Nginx-based ReverseProxy
    * #1636: SSL and Kerberos Auth Modules don t work with choice
    * #1639: User must change password on AD is broken
    * #1642: Unable to select skin from URL
    * #1643: Portal CSS is sent with empty background when portalSkinBackground is not defined
    * #1644: error while reseting password with ppolicy enabled
    * #1648: ldapAuthnLevel and dbiAuthnLevel are ignored
    * #1649: Error about Handler when saving configuration in lmConfigEditor

  * New features:
    * #1569: GPG authentication module
    * #1629: Email-based two-factor module
    * #1631: Allow to display "env" as template variables

  * Improvements:
    * #1486: Portal starts even if init() has failed
    * #1600: Improve e2e tests
    * #1601: Create LDAP option to decode DN value
    * #1608: Date and comment not updated with lemonldap-ng-cli
    * #1609: add autocomplete="off" to 2F form fields
    * #1611: Improve apache configuration
    * #1622: Display delete button in 2FAManager only if action is allowed
    * #1625: "Use rule" option in issuer modules seem not to be used anymore
    * #1633: Better random generation
    * #1634: Improve management of template parameters
    * #1635: SAML attribut default value is not set
    * #1637: Add display options for SAML IDP like OIDC and CAS providers

 -- Clément <clem.oudot@gmail.com>  Tue, 12 Feb 2019 08:57:14 +0100
Yadd's avatar
Yadd committed
lemonldap-ng (2.0.1) stable; urgency=medium

  * Bugs:
    * #1564: Function authLogout is missing in package "Lemonldap::NG::Portal::Auth::SSL"
    * #1572: Error when saving in manager (mongoDB as ConfigurationBackend)
    * #1576: Browser doesn t select Portal appropriate language
    * #1579: SOAP Backend error for empty collection
    * #1582: MongoDB Conf backend looses sub hash keys
    * #1586: Portal message override do not work on plugins and mails templates
    * #1587: Captcha is not displayed in Register form if mail already exists
    * #1588: Captcha is validated with additional letters
    * #1589: Error in MailReset when asking to resend confirmation mail
    * #1592: Cannot select a menu tab with ?tab=<tab id> in URL
    * #1594: Cannot select oidcConsents tab in menu

  * Improvements:
    * #1565: OpenId - Default CSP value cause breakdown in OpenId authentification form
    * #1578: Fix fcgi/psgi extensions in documentation
    * #1583: Append parameter to configure number of allowed failed logins before brute force protection activation
    * #1584: Browser doesn t select Manager appropriate language
    * #1585: Fix main logo and langs icons display & double slash in lmerror 403 error URL
    * #1591: $req->user not available in plugins authenticated routes
    * #1593: Bad userinfo response: Unauthorized
    * #1596: Possibility to define new tabs in Menu
    * #1599: Usage of OpenID Connect with bad scope value result in unlimited session grow

 -- Clément <clem.oudot@gmail.com>  Fri, 21 Dec 2018 15:12:13 +0100

Yadd's avatar
Yadd committed
lemonldap-ng (2.0.0) stable; urgency=medium
Clément OUDOT's avatar
Clément OUDOT committed

  * Bugs:
    * #757: "Attempt to free unreferenced scalar" in Lemonldap::NG::Common::Session
    * #789: Apache reloading breaks SAML authentication
    * #804: Uncomplete logout in Issuer modules
    * #856: LemonLDAP loses exportedVars conf randomly
    * #863: get_url function builds wrong Portal URL
    * #918: Env variables are searched in backends
    * #998: encode_base64 can be udefined after a reload by URL
    * #1061: Multiple segfault using ModPerl::Registry with Apache2.4
    * #1113: OIDC Provider to SAML SP does not work
    * #1150: Can't get captcha to work with LDAP as backend
    * #1171: Session explorer freezes when session number is high
    * #1327: Facebook module not working due to API changes in Facebook
    * #1420: Answering to CAS proxy requests as CAS Provider
    * #1468: Enabling both Auth::SAML and Issuer::SAML breaks SLO

  * New features:
    * #575: Display differences between 2 conf
    * #782: Node.js handler
    * #819: Support of FIDO Alliance (multi-factor authentication)
    * #826: Tab in portal to manage OpenID Connect consent
    * #852: Possibility to reload/refresh his session without logout and relogin
    * #970: REST API for Portal
    * #971: Server-to-Server Handler
    * #1015: Two-Factor Authentication with OTP for portal user logins
    * #1019: Evaluate custom template parameters
    * #1091: Handler for DevOps (SSOaaS)
    * #1131: Portal plugin to "Stay connected on this device"
    * #1138: Generate Content-Security-Policy headers and related
    * #1148: U2F - Universal 2nd Factor Authentication
    * #1151: Replace Multi by a Combination parser
    * #1161: Manage access rules for CAS, SAML and OpenID Connect clients
    * #1162: Capability to use Log4Perl (and other log backends)
    * #1174: Auth and UserDB REST (delegation by web-service)
    * #1188: Custom auth/userDB/password/register modules
    * #1196: Auth::PAM module
    * #1204: Propose reauthentication if higher access level is requested
    * #1206: TLS support for mails
    * #1208: YAML configuration backend
    * #1212: Propose SSL authentication by Ajax
    * #1318: Auto-Signin based on $env rules
    * #1330: Menu rules for applications using SAML/CAS/OIDC
    * #1359: TOTP plugin
    * #1379: Feature: External Second Factor over REST API
    * #1391: Mixed TOTP/U2F second factor plugin
    * #1397: Plack servers support
    * #1399: Yubikey as second factor
    * #1419: Dispatch logger
    * #1427: Alternative FastCGI-Client handler for Apache2
    * #1438: Build trunk debian repository (nightly build)
    * #1458: Local conf backend
    * #1478: SAML Discovery Protocol (WAYF)
    * #1500: Possibility to override parameters in Choice modules
    * #1503: RENATER metadata download script
    * #1512: Option to choose which SAML attribute will be used as "user" key
    * #1535: Append Portal parameter to modify Handler Internal Cache
    * #1539: Option to enable / disable languages choice display

  * Improvements:
    * #354: Session Explorer: possibility to order sessions by date
    * #587: Selecting language while connecting to LemonLDAP
    * #595: Portal powered by FastCGI (using Plack)
    * #651: Common::CGI::abort should return 500 as HTTP status code
    * #673: Split conf/session/flags management from the Portal $self object
    * #713: Request management to handle sessions
    * #803: AuthSSL : Ability to choose SSLvar or UserDB depending of the CA
    * #868: Replace XML format by JSON for notifications
    * #1033: Translate mail subject - forgotten password
    * #1044: Adapt FastCGI server to be able to use an event Plack engine
    * #1065: Provide SSL options for AuthBasic
    * #1118: Manage unicode in session and configuration backends
    * #1133: Translation system for mails
    * #1137: Avoid using inline Javascript and CSS
    * #1140: Add CSRF protection to login and password change forms
    * #1160: Reorganize handler architecture
    * #1173: Performance: minimize Apache::Session access
    * #1181: Make Debian packages autopkgtestable
    * #1183: Rewrite CAS authentication module
    * #1201: IPv6 support
    * #1220: Vietnamese translation
    * #1222: Arabic translation
    * #1232: Italian translation
    * #1247: Support RSA SHA256 signature in SAML
    * #1267: Allow custom regexp for vhost display
    * #1302: Move all HTML fragments into templates
    * #1317: Wildcard in virtualhost names
    * #1322: Get user attributes in Auth module for external authentication
    * #1388: Auto-generation of parameters list in doc
    * #1400: CLUSTER - Status page who check the working state of LLNG
    * #1418: Sentry Logger (experimental)
    * #1427: Alternative FastCGI-Client handler for Apache2
    * #1428: Provide better logs with Nginx
    * #1429: Use cached configuration when configuration database isn't available
    * #1442: Last logins not shown when second factors are enabled
    * #1443: Hide countdown block when stopped
    * #1445: Let's stop french manager doc translation
    * #1448: Full status for Nginx
    * #1461: Remember Choice and other context settings before redirecting user to an external service
    * #1473: Complex nodes  not well displayed in manager
    * #1488: Be tolerant with whitespaces in ini file
    * #1490: Be able to use DBD::MariaDB
    * #1499: CSP prevents to submit OIDC consents form
    * #1501: Improve Login history module
    * #1504: Upgrade to bootstrap 4
    * #1515: Possibility to configure main logo on portal page
    * #1522: Notifications with checkbox does not work
    * #1526: Portal menu application and categorie logos not displayed
    * #1542: Provide sessions attributes in template
    * #1546: Configuration comparator does not work
    * #1550: Error when enables "SSL, Custom " Auth modules with Choice

lemonldap-ng (2.0.0~beta1) testing; urgency=low

Clément OUDOT's avatar
Clément OUDOT committed
lemonldap-ng (2.0.0~alpha3) testing; urgency=low

Clément OUDOT's avatar
Clément OUDOT committed
lemonldap-ng (2.0.0~alpha2) testing; urgency=low

lemonldap-ng (2.0.0~alpha1) testing; urgency=low
lemonldap-ng (1.9.19) oldstable; urgency=high

  * Bugs:
    * #1509: InactivityTimeout for applications don't work
    * #1520: lemonldap-ng-cli adds a new item when deleting an item that does not exist.
    * #1567: Captcha session id is too weak
    * #1580: Error when saving in manager (mongoDB as ConfigurationBackend)
    * #1662: id_token validity not correctly evaluated
    * #1744: [Security: low] register_token used for account creation can be used as a valid session identifier

  * Improvements:
    * #1516: All IDP conf not usable if only one IDP misconfigured
    * #1519: Cross domain authentication, ajax request and same origin policy

lemonldap-ng (1.9.18) stable; urgency=high

    * #1479: App Category order - Cannot save
    * #1476: Unescaped left brace generates a warning with Perl-5.28
    * #1474: OAuth2 token_type is case insensitive
    * #1514: Aliases not respecting redirect settings
    * #1494: Manage applications with the lemonldap-ng-cli
    * #1470: Warning when using CLI to set value which does not exists before
    * #1469: SMTP timeout breaks Manager configuration save

lemonldap-ng (1.9.17) stable; urgency=high

    * #1416: Attribute encoding in CAS responses
    * #1426: Error with mod_auth_openidc when kid is set in JWKS
    * #1423: "samlServicePrivateKeySig: Bad PEM encoding" on manager when
      saving config with some valid certificates
    * #1415: Improve test pages
    * #1413: Possibility to add conditions to display Choice tabs
    * #1407: Remote MYSQL - mysql_enable_utf8 not applied?
    * #1403: Parameter to ignore some tests during saving

lemonldap-ng (1.9.16) stable; urgency=high

    * #1390: Choice module allows XSS attack
    * #1389: Kerberos ticket revalidated in Multi mode
    * #1382: Kerberos - Username / Session uncorrectly set
    * #1378: lemonldap-ng-doc unable to install on Debian 7
    * #1372: Action "update-cache" in lemonldap-ng-cli does not work
    * #1371: incompatibility between 1.4 portal and 1.9/2.0 handler : _utime
      not defined
    * #1368: Impossible to configure IssuerDB Get Parameters with RDBI backend
    * #1366: Problem with kerberos and ajax and ldap ...
    * #1363: Bad equality operator in Handler::Main::Jail
    * #1362: Allow CAS 3.0 endpoints (/p3/serviceValidate and
      /p3/proxyValidate)
    * #1360: Using "force" and "cfgNum" with lemonldap-ng-cli does not work
    * #1063: lemonldap-ng-fastcgi-server has a hard dependency on nginx
    * #1253: Default values not saved by Manager (complex nodes)

Clément OUDOT's avatar
Clément OUDOT committed
lemonldap-ng (1.9.15) stable; urgency=high

    * #1358: Encoding issues with LDAP configuration backend
    * #1357: Wrong return status for processLogoutRequestMsg in SAML module
    * #1356: Prevent infinite loop in LDAP group recursive search
    * #1355: local session storage not being cleaned up
    * #1352: Encoding issues with MySQL configuration backend
    * #1351: missing dependency LWP::Protocol::https on CentOS 7 packaging
    * #1349: Initial url lost during reset password workflow
    * #1347: Do not allow "/" or ".." in skin parameter to avoid directory
      traversal attack
    * #1346: Check that skin directory exists before trying to open it
    * #1345: Autoredirect does not work after session expiration
    * #1343: Captcha code not removed after successful verification
    * #1341: llng-fastcgi-server: Allow to listen on TCP
    * #1337: mailFrom and mailReplyTo directives : bad default address
    * #1281: purgeLocalCache should use conf from manager

Yadd's avatar
Yadd committed
lemonldap-ng (1.9.14) stable; urgency=high

    * #707: Kerberos authentication module
    * #1308: make saml work with POST sso binding and multiple authentication
    * #1310: Form replay javascript generates error for fields with a dot
    * #1315: Missing Mouse dependency in Debian packages
    * #1316: In docs, for Alfresco, said they need to add an exclusion for
      ressources path
    * #1324: Allow SAML with Office365 multidomains
    * #1326: SessionIndex should not be mandatory in SAML SingleLogoutRequest
    * #1328: Value 0 can not be set in hidden field
    * #1329: No need to 'warn' if no IDP or SP is present in configuration
    * #1331: Manage UTF-8 values in HTTP headers

Clément OUDOT's avatar
Clément OUDOT committed
lemonldap-ng (1.9.13) stable; urgency=high

    * [LEMONLDAP-1209] - [UTF8-Enconding] Issues with mysql backend and saml attributes
    * [LEMONLDAP-1303] - Debian 9 and JSON parsing error - OpenID Connect
    * [LEMONLDAP-1304] - make saml tolerant to issuerDBSAMLPath

lemonldap-ng (1.9.12) stable; urgency=high

    * [LEMONLDAP-1293] - Unable to delete "Exported Attributes" in SAML SP
    * [LEMONLDAP-1294] - Debian - JSON - Apache::Session module failed
    * [LEMONLDAP-1295] - Bad UserInfo response wihen attribute values are Perl references
    * [LEMONLDAP-1297] - Restrict reload url to the localhost
    * [LEMONLDAP-1299] - Unable to use LemonLDAP on Debian Stretch - Portal issue
    * [LEMONLDAP-1298] - CAS logout redirect service

lemonldap-ng (1.9.11) stable; urgency=high

    * [LEMONLDAP-1244] - CGIPassAuth not usable in CentOS 7.3.1611 because of old Apache version
    * [LEMONLDAP-1255] - Issue with openid-configuration.pl when updating Perl
    * [LEMONLDAP-1262] - Session expired on Handler
    * [LEMONLDAP-1277] - Missing screen shot in documentation
    * [LEMONLDAP-1288] - Empty hash configuration parameters are converted to empty scalar trough SOAP
    * [LEMONLDAP-1289] - Proxy authentication module does not catch authentication error
    * [LEMONLDAP-1245] - adding salt feature for database backend
    * [LEMONLDAP-1254] - APT warning on weak digest algo on lemonldap repository
    * [LEMONLDAP-1256] - Avoid 'forcedSAML' in Choice module
    * [LEMONLDAP-1261] - SAML SessionIndex may leak SSO data and cause interoperability issues
    * [LEMONLDAP-1263] - No error message when backend is in ReadOnly
    * [LEMONLDAP-1270] - Logout_*
    * [LEMONLDAP-1243] - LinkedIn authentication module
    * [LEMONLDAP-1286] - httpd dependency

lemonldap-ng (1.9.10) stable; urgency=high

    * [LEMONLDAP-1202] - CSS an JS not correctly loaded in FR offline doc
    * [LEMONLDAP-1203] - NginX handler and CDA does not work
    * [LEMONLDAP-1207] - GUI Error (HTTP 500) on Issuer module "GET"
    * [LEMONLDAP-1214] - No display type selected when session expired and authentication done via Mutli or Choice
    * [LEMONLDAP-1218] - Warning on expired session can break transparent authentication
    * [LEMONLDAP-1231] - debian wheezy doc package not working
    * [LEMONLDAP-1233] - redirect_uri parameter validity should be checked first to avoid unwanted redirections
    * [LEMONLDAP-1211] - Provide error page / error message for error 404 and 502
    * [LEMONLDAP-1219] - Reject same SAML EntityID for Service Providers
    * [LEMONLDAP-1225] - Lost Password error message

lemonldap-ng (1.9.9) stable; urgency=high

    * [LEMONLDAP-1081] - SAML artifact server double encode UTF-8 characters
    * [LEMONLDAP-1193] - entityID not found in metadata if value is between simple quotes instead of double quotes
    * [LEMONLDAP-1195] - JS error when clicking on export configuration
    * [LEMONLDAP-1197] - CSP errors in Manager
    * [LEMONLDAP-1199] - Compilation error in IssuerDBOpenIDConnect.pm
    * [LEMONLDAP-1187] - Make crypto functions available in safe jail
    * [LEMONLDAP-1191] - Brute force protection for OIDC
    * [LEMONLDAP-1200] - Force AllowCreate in NameIDPolicy for broken SAML clients

Clément OUDOT's avatar
Clément OUDOT committed
lemonldap-ng (1.9.8) stable; urgency=high

    * [LEMONLDAP-1121] - Fail to require customNginxHandler
    * [LEMONLDAP-1130] - SOAP request fail (FCGI) - missing path info
    * [LEMONLDAP-1136] - Mail reset form allows email enumaration
    * [LEMONLDAP-1139] - Errors "Session cannot be tied"
    * [LEMONLDAP-1141] - Bad encoding in reset password emails
    * [LEMONLDAP-1145] - Missing user identifier in mail reset log messages
    * [LEMONLDAP-1147] - SAML session ID
    * [LEMONLDAP-1149] - lemonldap-ng-fastcgi-server not working on CentOS7
    * [LEMONLDAP-1152] - jquery-ui.min.js not found
    * [LEMONLDAP-1155] - Typo in OIDC OP for keeping acr_values parameter
    * [LEMONLDAP-1159] - Session concurrency issue with SAML + OpenID Connect flow
    * [LEMONLDAP-1166] - Typo in bootstrap footer.tpl
    * [LEMONLDAP-1170] - Browse sessions by ip address duplicates entries
    * [LEMONLDAP-1179] - Bad session count in sessions explorer multi IP tab
    * [LEMONLDAP-1086] - Make Debian packages autopkgtestable
    * [LEMONLDAP-1120] - Add public pages concept in LemonLDAP::Portal
    * [LEMONLDAP-1122] - Enclose expressions
    * [LEMONLDAP-1125] - Avoid using unsafe eval Javascript
    * [LEMONLDAP-1127] - SAML: Reject same entityID on different Metadata
    * [LEMONLDAP-1132] - Warn users about session expired in portal
    * [LEMONLDAP-1135] - Warnings in unit tests
    * [LEMONLDAP-1143] - Manage doc indexing using robots.txt to avoid indexing old doc
    * [LEMONLDAP-1144] - Add vhost in reject log message
    * [LEMONLDAP-1156] - Export OpenIDConnect request parameters in %ENV
    * [LEMONLDAP-1158] - Export CAS request parameters in %ENV
    * [LEMONLDAP-1129] - Extract CN field from SSL certificate (authSSL)
    * [LEMONLDAP-1177] - Custom skin lost when submitting login form

lemonldap-ng (1.9.7) stable; urgency=high

    * [LEMONLDAP-1097] - invalid base64 encoding on openidconnect key2jwks
    * [LEMONLDAP-1099] - FCGI: reload method return Internal Server Error
    * [LEMONLDAP-1101] - SAML IDP-initiated : Federation not found on login
    * [LEMONLDAP-1102] - Random access denied
    * [LEMONLDAP-1105] - Broken openidconect oidcRPMetaDataOptionsExtraClaims parsing (or saving) when using sql datastore
    * [LEMONLDAP-1107] - Use of uninitialized value in pattern match...Simple.pm line 1561
    * [LEMONLDAP-1109] - Notification DBI backend has compilation error
    * [LEMONLDAP-1117] - Corrupted persistent session when value has accentued characters and storage is LDAP
    * [LEMONLDAP-1096] - Use manager libraries for doc with "external" hook
    * [LEMONLDAP-1098] - Allow access tokens to be gathered as parameters too
    * [LEMONLDAP-1100] - Create custom lltype for custom handler
    * [LEMONLDAP-1104] - Allow the parameters for the reload url to contain basic credentials
    * [LEMONLDAP-1106] - returnJSONError on _OpenIDConnect.pm should return a 400 status not a 200
    * [LEMONLDAP-1108] - caFile/caPathc options should be available for LDAPS, not only for LDAP+TLS
    * [LEMONLDAP-1110] - Provide autopkgtest tests
    * [LEMONLDAP-1114] - Missing DirectoryIndex in offline documentation
    * [LEMONLDAP-1116] - Change how we check signatures on SAML messages
    * [LEMONLDAP-173]  - Token for cross domain authentication
    * [LEMONLDAP-1115] - Documentation error

Clément OUDOT's avatar
Clément OUDOT committed
lemonldap-ng (1.9.6) stable; urgency=high

    * [LEMONLDAP-1058] - Timeout on save conf
    * [LEMONLDAP-1060] - Missing reload target for nginx
    * [LEMONLDAP-1064] - getApacheSession not working with id
    * [LEMONLDAP-1068] - Error in logout request
    * [LEMONLDAP-1069] - start-stop-daemon warning in lemonldap-ng-fastcgi-server init script
    * [LEMONLDAP-1071] - OpenID Connect discovery: LLNG does not use booleans
    * [LEMONLDAP-1075] - Unable to add rule or header in a vhost using lemonldap-ng-cli
    * [LEMONLDAP-1076] - IDP resolution rule is no more available in Manager
    * [LEMONLDAP-1078] - CryptoJS URL have changed
    * [LEMONLDAP-1079] - Security options for SAML are set to Off by default
    * [LEMONLDAP-1080] - Typo is URL matching for Auth OpenID
    * [LEMONLDAP-1093] - /run/llng-fastcgi-server is deleted on reboot
    * [LEMONLDAP-1094] - typo in error_pt.al
    * [LEMONLDAP-1001] - Possibility to configure the update interval used for timeout activity
    * [LEMONLDAP-1065] - Provide SSL options for AuthBasic
    * [LEMONLDAP-1082] - Return explicit error if no token endpoint auth method is set
    * [LEMONLDAP-1083] - Create an option to not store SAML/OIDC tokens in session
    * [LEMONLDAP-1084] - Disable SAML SLO request when LL::NG configured as SP and IDP does not support SLO
    * [LEMONLDAP-1087] - Allow to check audience and time conditions separately in SAML flow
    * [LEMONLDAP-1088] - Allow relayState to be a redirection URI
    * [LEMONLDAP-1089] - Option to bypass consent in OpenID Connect Issuer
    * [LEMONLDAP-1067] - Authbasic handler for Nginx

Clément OUDOT's avatar
Clément OUDOT committed
lemonldap-ng (1.9.5) stable; urgency=high

    * [LEMONLDAP-966] - RSA Keys generated from Manager are incomplete
    * [LEMONLDAP-1028] - SAML SP SOAP logout does not happen
    * [LEMONLDAP-1046] - Default value for samlIDPMetaDataOptionsSSOBinding should be undef
    * [LEMONLDAP-1047] - SAML SLO from IDP does not work when SP is LL::NG
    * [LEMONLDAP-1048] - Unable to upgrade a configuration from 1.4 to 1.9 using lmConfigEditor
    * [LEMONLDAP-1049] - Unable to read LDAP session in 1.4 format with 1.9 version
    * [LEMONLDAP-1050] - signing in to chrome devices via sso is broken
    * [LEMONLDAP-1054] - test_config not found in lemonldap-ng-fastcgi-server init script
    * [LEMONLDAP-1059] - Portal disconnection warning
    * [LEMONLDAP-1043] - Display total number of sessions
    * [LEMONLDAP-1045] - Wrong SAML attributes encoding issued by IDP
    * [LEMONLDAP-1052] - Use Lasso 'thin-sessions'
    * [LEMONLDAP-1055] - Remove network access attempts during tests
    * [LEMONLDAP-1057] - Change displayed message when sending confirmation mail after password reset
    * [LEMONLDAP-1056] - SAML SLO relay URL not catched

lemonldap-ng (1.9.4) stable; urgency=high

    * [LEMONLDAP-1034] - Missing dependencies in documentation
    * [LEMONLDAP-1036] - LDAP sessions are not purged
    * [LEMONLDAP-1037] - Using LDAP as conf backend, IssuerDBGetParameters with wrong value inserted after conf save
    * [LEMONLDAP-1038] - All information is lost when vhost or SAML/OIDC partner is renamed in Manager
    * [LEMONLDAP-1039] - Error not displayed correctly for notification browsing
    * [LEMONLDAP-1040] - Session browsing not working if _whatToTrace is missing
    * [LEMONLDAP-1041] - ldapAttributeId not used everywhere in _LDAPGKFAS
    * [LEMONLDAP-1035] - Manage Plack engines in FastCGI server
    * [LEMONLDAP-1042] - Some information are lost when renaming OIDC/SAML partner

Clément OUDOT's avatar
Clément OUDOT committed
lemonldap-ng (1.9.3) stable; urgency=low

    * [LEMONLDAP-985] - authForce is not well called trough AuthMulti
    * [LEMONLDAP-997] - Circular dependency for liblemonldap-ng-handler-perl package
    * [LEMONLDAP-1003] - Replace Mouse by Moose if ModPerl::Registry is used with Perl 5.22
    * [LEMONLDAP-1006] - Typo in Common/Apache/Session.pm on LDAP disconnect
    * [LEMONLDAP-1008] - Bad comment in lemonldap-ng.ini
    * [LEMONLDAP-1009] - Version shown in Manager is not the one of the main module
    * [LEMONLDAP-1010] - Problem with persistent sessions and MongoDB backend
    * [LEMONLDAP-1012] - AuthTwitter is not working anymore
    * [LEMONLDAP-1013] - AuthFacebook is not working anymore
    * [LEMONLDAP-1014] - Example values for LDAP backend configuration are wrong
    * [LEMONLDAP-1016] - Can't configure OpenID Connect RP Extra claims in lemonldap web manager
    * [LEMONLDAP-1018] - Slave authentication error (Can't locate object method "checkHeader")
    * [LEMONLDAP-1020] - Can't define SMTP server with port
    * [LEMONLDAP-1022] - The path of the request is lost when using the url parameter of a Choice module
    * [LEMONLDAP-1026] - lemonldap-ng-fastcgi-server is missing libfcgi-procmanager-perl as a dependency
    * [LEMONLDAP-1029] - Missing images in Debian packaging
    * [LEMONLDAP-1030] - Cannot start Manager with zero conf in LDAP backend
    * [LEMONLDAP-983] - Import encrypt in functions
    * [LEMONLDAP-1004] - Es, it, pt, ne and de translations
    * [LEMONLDAP-1011] - Option to allow a user to reset an expired password
    * [LEMONLDAP-1023] - Add documentation to nginx handler
    * [LEMONLDAP-1025] - provide additional GET parameters while redirecting to handler
    * [LEMONLDAP-1031] - Be less restrictive on service parameter check in CAS issuer

Clément OUDOT's avatar
Clément OUDOT committed
lemonldap-ng (1.9.2) stable; urgency=low

    * [LEMONLDAP-985] - authForce is not well called trough AuthMulti
    * [LEMONLDAP-988] - CPAN Tests fails for Lemonldap-NG-Common
    * [LEMONLDAP-989] - CPAN Tests fails for Lemonldap-NG-Portal
    * [LEMONLDAP-991] - LDAP TCP connections is still not closed
    * [LEMONLDAP-992] - LL:NG use wrong variables with Multi auth
    * [LEMONLDAP-994] - Can't call method "add_output_filter" on an undefined value when I logout
    * [LEMONLDAP-995] - Encoding problem in menu categories and applications
    * [LEMONLDAP-996] - logout_app_sso URL rejected
    * [LEMONLDAP-1000] - Session errors with persistent sessions
    * [LEMONLDAP-1002] - Show sent headers in debug mode
    * [LEMONLDAP-986] - Propose packages for SLES 12 SP1

lemonldap-ng (1.9.1) stable; urgency=low

    * [LEMONLDAP-961] - PAUSE indexer report
    * [LEMONLDAP-962] - Applications logos and portal background not displayed in Manager
    * [LEMONLDAP-964] - Links to change
    * [LEMONLDAP-965] - Syntax checking on certificate must be more tolerant
    * [LEMONLDAP-968] - Headers corrupted when authenticating with HTTP basic authentication on a protected application
    * [LEMONLDAP-969] - /var/run is a tmpfs so FastCGI pid can't be written after reboot
    * [LEMONLDAP-972] - Missing test for exportedHeaders
    * [LEMONLDAP-974] - keyMsgFail are missing in Manager/Attributes.pm
    * [LEMONLDAP-976] - $ENV is replaced by $datas->{ENV}
    * [LEMONLDAP-978] - CPAN Tests fails for Lemonldap-NG-Common
    * [LEMONLDAP-980] - Error "password must be changed" when user not found in AD
    * [LEMONLDAP-984] - Allow to set replica for MongoDB configuration backend
    * [LEMONLDAP-973] - Activate maintenance mode if reval() fails
    * [LEMONLDAP-185] - Check configuration uploaded by lmConfigEditor

lemonldap-ng (1.9.0) stable; urgency=low
Clément OUDOT's avatar
Clément OUDOT committed

Clément OUDOT's avatar
Clément OUDOT committed
    * [LEMONLDAP-176] - POST Handler feature does not work with mod_proxy
    * [LEMONLDAP-395] - LL::NG::Handler::CGI ignores some config parameters
    * [LEMONLDAP-729] - Handler Jail may be inconsistent with its attributes
    * [LEMONLDAP-759] - Cannot store Conf or Sessions in AD (was Storable appears to not work on 64-bit OS)
    * [LEMONLDAP-767] - future deprecated dependency
    * [LEMONLDAP-777] - Password fiedls in Manager
    * [LEMONLDAP-802] - Apache2::Connection remote_ip not supported in Apache 2.4
    * [LEMONLDAP-825] - Error when session is not in backend but only in cookie
    * [LEMONLDAP-827] - Error encoding of passwords when using special characters in file lmconf.
    * [LEMONLDAP-828] - wrong Makefile target for translation
    * [LEMONLDAP-835] - Interface with unicode
    * [LEMONLDAP-840] - Auth-User HTTP Header appears even if no HTTP Headers defined on VHost
    * [LEMONLDAP-854] - Manager returns "Not authorized" with Apache 2.4 and fr-doc not installed
    * [LEMONLDAP-858] - Error 500 at Save (on virtualHost Rules), when the displayName of one Category Portal Menu contains accentuated Character
    * [LEMONLDAP-866] - Configuration deletion does not work
    * [LEMONLDAP-867] - 404 errors in documentation
    * [LEMONLDAP-870] - _lastSeen should be updated when a issuer module (ex: CAS) is called
    * [LEMONLDAP-872] - Omegat does not end
    * [LEMONLDAP-914] - Password expiration interception in Multi mode
    * [LEMONLDAP-922] - SAML Error on update session
    * [LEMONLDAP-923] - Error save conf SlaveMasterIp
    * [LEMONLDAP-948] - openid userinfo endpoints need Authorization header
    * [LEMONLDAP-954] - GLPI link is broken
    * [LEMONLDAP-955] - GRR link is broken
    * [LEMONLDAP-958] - Infinite redirection loop when redirected from Handler for an error (403/500/503)
    * [LEMONLDAP-428] - Ergonomic items
    * [LEMONLDAP-534] - splice not necessary to parse @_ in subroutines
    * [LEMONLDAP-633] - unify var substitution in locationRules and exportedHeaders
    * [LEMONLDAP-717] - Handler init management
    * [LEMONLDAP-733] - Form replay refactoring
    * [LEMONLDAP-776] - Use Bootstrap for Manager
    * [LEMONLDAP-787] - [UserDB][LDAP] Allow alias dereferencing in search
    * [LEMONLDAP-790] - Portal should not return HTML for AJAX requests
    * [LEMONLDAP-794] - Default values must be set before storing in local cache
    * [LEMONLDAP-795] - Propose JSON serialization in Apache::Session to be able to access to sessions with other languages
    * [LEMONLDAP-796] - Replace our own serializer by JSON in Conf/File.pm
    * [LEMONLDAP-798] - Avoid opening local cache when root
    * [LEMONLDAP-815] - Improve the cookie name regexp
    * [LEMONLDAP-821] - JSON File as new default configuration backend
    * [LEMONLDAP-824] - autocomplete=off does not prevent anymore password manager use
    * [LEMONLDAP-833] - Manager - Multi : display only the selected modules
    * [LEMONLDAP-865] - Check conditions in AuthSlave and UserDBSlave
Yadd's avatar
Yadd committed
    * [LEMONLDAP-877] - Replace Storable by JSON to be arch independent
Clément OUDOT's avatar
Clément OUDOT committed
    * [LEMONLDAP-908] - Replace own minifier by external
    * [LEMONLDAP-911] - Possibility to set a specific logo for a choice module
    * [LEMONLDAP-917] - Possibility to define finely sessions timeout activity
    * [LEMONLDAP-924] - Manager not checking regex before saving
    * [LEMONLDAP-930] - Scripts must have POD
    * [LEMONLDAP-946] - Set cfgAuthor to lmConfigEditor
    * [LEMONLDAP-24] - Browse configuration versions and apply them
    * [LEMONLDAP-183] - OAuth 2.0 / OpenID Connect authentication module
    * [LEMONLDAP-184] - OAuth 2.0 / OpenID Connect provider module
    * [LEMONLDAP-227] - VirtualHost Copy/paste functions in Manager
    * [LEMONLDAP-287] - Implement HTTP Strict Transport Security
    * [LEMONLDAP-495] - Persistent sessions Explorer
    * [LEMONLDAP-583] - Nginx handler
    * [LEMONLDAP-630] - Modularization of Handler code
    * [LEMONLDAP-770] - Configuration of portal background
    * [LEMONLDAP-773] - Implement CAS 3.0 Protocol (attributes exchange)
    * [LEMONLDAP-800] - MongoDB configuration and session backend
    * [LEMONLDAP-820] - New Manager interface with AngularJS
    * [LEMONLDAP-836] - Add Choice to included X509 certificate in Signature of SAML Messages, when LL::NG acts as IDP
    * [LEMONLDAP-915] - Portal message customization
    * [LEMONLDAP-925] - New Notification Explorer
    * [LEMONLDAP-935] - Capability to duplicate virtualhost
    * [LEMONLDAP-864] - SAML and manager translations(utf8)
    * [LEMONLDAP-859] - Perl-Digest-SHA is not listed at dependencies documentation
    * [LEMONLDAP-873] - Change screenshots in doc
    * [LEMONLDAP-891] - Remove "return to SP link"
    * [LEMONLDAP-909] - Push French translation into sources
    * [LEMONLDAP-932] - Packages for RHEL / CentOS
    * [LEMONLDAP-871] - Manager protection
    * [LEMONLDAP-874] - Add portal and logout links, add current version
    * [LEMONLDAP-878] - Button to download file
    * [LEMONLDAP-879] - Possibility to have a certificate instead of a public key
    * [LEMONLDAP-880] - Bug in Logs node
    * [LEMONLDAP-881] - Load metadata from file
    * [LEMONLDAP-882] - Problem with radio buttons in samlAttributeContainer component
    * [LEMONLDAP-883] - Bug with choices modules confguration
    * [LEMONLDAP-884] - Optional URL in AuthChoices module
    * [LEMONLDAP-885] - Unable to register OpenID Connect metadata
    * [LEMONLDAP-886] - favicon disappear when using configuration tab
    * [LEMONLDAP-888] - SAML attributes and other options not saved
    * [LEMONLDAP-889] - Saving an old configuration leads to "No such file or directory"
    * [LEMONLDAP-892] - Set OpenID Connect standard attributes in default values
    * [LEMONLDAP-893] - Unable to download configuration
    * [LEMONLDAP-894] - Get another default component for nodes
    * [LEMONLDAP-895] - Associated help is not displayed in SAML SP/IDP
    * [LEMONLDAP-896] - Labels for samlSP and samlSPName not displayed
    * [LEMONLDAP-897] - Handler Status does not work
    * [LEMONLDAP-898] - Handler Menu does not work
    * [LEMONLDAP-899] - Button to show/hide documentation panel
    * [LEMONLDAP-900] - Fill the domain when creating a new virtual host
    * [LEMONLDAP-901] - Propose default names for IDP/SP/OP/RP
    * [LEMONLDAP-902] - Replace javascript prompts by dialogs/modals
    * [LEMONLDAP-903] - ZeroConf
    * [LEMONLDAP-904] - Open IDP/SP node after its creation
    * [LEMONLDAP-905] - Login is displayed in errors
    * [LEMONLDAP-906] - Hide inaccessible modules in manager interface
    * [LEMONLDAP-907] - Deleting a menu entry isn't detected
    * [LEMONLDAP-913] - XS mode: menu never visible when tree is displayed
    * [LEMONLDAP-916] - missing semicolons in Makefile
    * [LEMONLDAP-919] - Choosing Multi module should not lock passwordDB configuration
    * [LEMONLDAP-920] - Clear cfgLog when using lmConfigEditor
    * [LEMONLDAP-921] - Implement lemonldap-ng-cli wth new configuration code
    * [LEMONLDAP-926] - Error is not displayed to user
    * [LEMONLDAP-927] - Use modal instead of alert
    * [LEMONLDAP-928] - Bad notification encoding
    * [LEMONLDAP-929] - Manage other portal CGIs
    * [LEMONLDAP-934] - LLNG status for Nginx
    * [LEMONLDAP-936] - Extra headers sent to protected applications
    * [LEMONLDAP-938] - Can't save conf due to bad custom function name
    * [LEMONLDAP-940] - Timout for reloadUrls
    * [LEMONLDAP-941] - Aliases not taken into account
    * [LEMONLDAP-942] - Session explorer not usable with Apache::Session::Browseable::MySQL
    * [LEMONLDAP-943] - Zimbra Handler
    * [LEMONLDAP-944] - Notifications - invalid date
    * [LEMONLDAP-945] - Auto-protected CGI not working
    * [LEMONLDAP-947] - Notifications cannot be purged for DBI and LDAP
    * [LEMONLDAP-949] - Handler PSGI should set LMREMOTE_USER
    * [LEMONLDAP-950] - spelling
    * [LEMONLDAP-952] - Errors not displayed in Notifications Explorer
    * [LEMONLDAP-953] - Notifications are mixed under the same letter
    * [LEMONLDAP-956] - Custom functions don't work with useSafeJail
    * [LEMONLDAP-957] - Replace $http.success() by .then()

lemonldap-ng (1.4.11) stable; urgency=low

    * [LEMONLDAP-1068] - Error in logout request
    * [LEMONLDAP-1080] - Typo is URL matching for Auth OpenID
    * [LEMONLDAP-1092] - Net::LDAP does not have an uri method in el5
    * [LEMONLDAP-1001] - Possibility to configure the update interval used for timeout activity
    * [LEMONLDAP-1052] - Use Lasso 'thin-sessions'
    * [LEMONLDAP-1083] - Create an option to not store SAML/OIDC tokens in session
    * [LEMONLDAP-1084] - Disable SAML SLO request when LL::NG configured as SP and IDP does not support SLO

Clément OUDOT's avatar
Clément OUDOT committed
lemonldap-ng (1.4.10) stable; urgency=low

    * [LEMONLDAP-985] - authForce is not well called trough AuthMulti
    * [LEMONLDAP-1034] - Missing dependencies in documentation
    * [LEMONLDAP-1047] - SAML SLO from IDP does not work when SP is LL::NG
    * [LEMONLDAP-1050] - signing in to chrome devices via sso is broken
    * [LEMONLDAP-1059] - Portal disconnection warning
    * [LEMONLDAP-1057] - Change displayed message when sending confirmation mail after password reset

Clément OUDOT's avatar
Clément OUDOT committed
lemonldap-ng (1.4.9) stable; urgency=low

    * [LEMONLDAP-1003] - Replace Mouse by Moose if ModPerl::Registry is used with Perl 5.22
    * [LEMONLDAP-1006] - Typo in Common/Apache/Session.pm on LDAP disconnect
    * [LEMONLDAP-1022] - The path of the request is lost when using the url parameter of a Choice module
    * [LEMONLDAP-1027] - Can't locate object method "client_ip" via package "Apache2::Connection"
    * [LEMONLDAP-1004] - Es, it, pt, ne and de translations
    * [LEMONLDAP-1031] - Be less restrictive on service parameter check in CAS issuer

Clément OUDOT's avatar
Clément OUDOT committed
lemonldap-ng (1.4.8) stable; urgency=low

    * [LEMONLDAP-985] - authForce is not well called trough AuthMulti
    * [LEMONLDAP-991] - LDAP TCP connections is still not closed
    * [LEMONLDAP-992] - LL:NG use wrong variables with Multi auth
    * [LEMONLDAP-1000] - Session errors with persistent sessions
    * [LEMONLDAP-986] - Propose packages for SLES 12 SP1

lemonldap-ng (1.4.7) stable; urgency=low

    * [LEMONLDAP-802] - Apache2::Connection remote_ip not supported in Apache 2.4
    * [LEMONLDAP-842] - manager configuration tree does not display correctly
    * [LEMONLDAP-866] - Configuration deletion does not work
    * [LEMONLDAP-958] - Infinite redirection loop when redirected from Handler for an error (403/500/503)
    * [LEMONLDAP-964] - Links to change
    * [LEMONLDAP-968] - Headers corrupted when authenticating with HTTP basic authentication on a protected application
    * [LEMONLDAP-976] - $ENV is replaced by $datas->{ENV}
    * [LEMONLDAP-980] - Error "password must be changed" when user not found in AD

lemonldap-ng (1.4.6) stable; urgency=low

    * [LEMONLDAP-705] - SAML with Signature Method rsa-sha256
    * [LEMONLDAP-715] - Multi with # in the module name: error while calling authLogout
    * [LEMONLDAP-720] - Error with CPAN tests
    * [LEMONLDAP-823] - duplicated groups when recursive groups enabled
    * [LEMONLDAP-841] - Error in extract_lang with a value with *
    * [LEMONLDAP-843] - localStorage replaced by localSessionStorage
    * [LEMONLDAP-845] - Session activity not updated
    * [LEMONLDAP-846] - Session cache not purged
    * [LEMONLDAP-848] - Do not call 'perl' directly (see RT#107205)
    * [LEMONLDAP-849] - Syntax checking on domain name is too restrictive
    * [LEMONLDAP-850] - SOAP data not well formatted
    * [LEMONLDAP-768] - Fixed with for application boxes in menu in bootstrap skin
    * [LEMONLDAP-771] - Adapt foot size in mobile mode for Bootstrap skin
Clément OUDOT's avatar
Clément OUDOT committed
    * [LEMONLDAP-822] - checking pwdLastSet in AD is not sufficient
    * [LEMONLDAP-781] - Lasso package
Clément OUDOT's avatar
Clément OUDOT committed
    * [LEMONLDAP-785] - Display  password expiration management with Active Directory
    * [LEMONLDAP-792] - Support for multivaluated attributes in LDAP for groups

lemonldap-ng (1.4.5) stable; urgency=low