diff --git a/_service b/_service
index 73bc92e..2b2b64b 100644
--- a/_service
+++ b/_service
@@ -3,7 +3,7 @@
https://github.com/kanidm/kanidm.git
@PARENT_TAG@~git@TAG_OFFSET@.%h
git
- 1.4.0
+ 1.5.0
v*
v(\d+\.\d+\.\d+)
\1
diff --git a/_servicedata b/_servicedata
index 1ed8927..2090144 100644
--- a/_servicedata
+++ b/_servicedata
@@ -1,4 +1,4 @@
https://github.com/kanidm/kanidm.git
- 3ce4e0ff87632ed6e549bc2ae174ebb0dd02809c
\ No newline at end of file
+ 0fa57fcf49a5e3cff55d10f84cbf77c89ce971ce
\ No newline at end of file
diff --git a/kanidm-1.4.6~git0.3ce4e0f.tar.zst b/kanidm-1.4.6~git0.3ce4e0f.tar.zst
deleted file mode 100644
index 1730a64..0000000
--- a/kanidm-1.4.6~git0.3ce4e0f.tar.zst
+++ /dev/null
@@ -1,3 +0,0 @@
-version https://git-lfs.github.com/spec/v1
-oid sha256:93a94da8a2f7e82cf12bf3f5d5584ff5b8645e23923b5baa2c539bfc796412bc
-size 6833256
diff --git a/kanidm-1.5.0~git1.0fa57fc.tar.zst b/kanidm-1.5.0~git1.0fa57fc.tar.zst
new file mode 100644
index 0000000..dcb3174
--- /dev/null
+++ b/kanidm-1.5.0~git1.0fa57fc.tar.zst
@@ -0,0 +1,3 @@
+version https://git-lfs.github.com/spec/v1
+oid sha256:0f88596a5b14dd93fa51ac05f0d56519c6f2473dfe2977c1fca535a760112391
+size 6864273
diff --git a/kanidm.changes b/kanidm.changes
index e52904e..9caae46 100644
--- a/kanidm.changes
+++ b/kanidm.changes
@@ -1,3 +1,150 @@
+-------------------------------------------------------------------
+Tue Feb 11 06:37:21 UTC 2025 - william.brown@suse.com
+
+- Update to version 1.5.0~git1.0fa57fc:
+ * Update makefile for docker
+ * Release 1.5.0
+ * 20250209 pre release (#3409)
+ * 20250206 freebsd ports (#3404)
+ * Resolve kanidm-unix auth-test bug (#3405)
+ * chore: Remove empty scopemaps (#3170)
+ * Feat: Allowing spn query with non-spn structured data in LDAP (#3400)
+ * SSH Keys in Credentials Update (#3027)
+ * 20250205 3369 firefox pin (#3403)
+ * Correctly return that uuid2spn changed on domain rename (#3402)
+ * Fix the password reset form and possible resolver issue (#3398)
+ * Add handle_group_error to cli client (#3399)
+ * Improve spans in unixd (#3397)
+ * Allow OAuth2 with empty state parameter (#3396)
+ * #3387 - RADIUS Startup fixin's (#3388)
+ * Allow POST on oauth userinfo (#3395)
+ * OpenBSD support (#3381)
+ * Bump openssl from 0.10.69 to 0.10.70 in the cargo group (#3391)
+ * Add /.well-known/change-password endpoint (#3382)
+ * Bump the all group across 1 directory with 7 updates (#3385)
+ * extend oauth2 examples with gitea (#3351)
+ * Bump the all group with 22 updates (#3376)
+ * Book: Added small section on primary cred fallback (#3365)
+ * Added shell.nix to create dev environment (#3362)
+ * fix(ci): Add setup-oras step to include ORAS CLI for container builds on ubuntu-24.04. (#3368)
+ * 20250114 3325 SCIM access control (#3359)
+ * Small UI updates. (#3361)
+ * Bump the all group in /pykanidm with 2 updates (#3366)
+ * Repair systemd reload notifications (#3355)
+ * fix: unrecoverable error page doesn't include logo or domain name (#3352)
+ * Bump jinja2 from 3.1.4 to 3.1.5 in /pykanidm in the pip group (#3358)
+ * Bump the all group in /pykanidm with 4 updates (#3356)
+ * 20250110 eo fixes (#3353)
+ * fix(server/config): reduce string allocations (#3350)
+ * Add ssh_publickeys as a claim for oauth2 (#3346)
+ * Allow modification of password minimum length (#3345)
+ * Add OAuth2 `response_mode=fragment` (#3335)
+ * Resolve passkey regression (#3343)
+ * Renaming "TOTP" in the login flow (#3338)
+ * Bump the all group in /pykanidm with 3 updates (#3339)
+ * Bump actions/checkout from 2 to 4 in the all group (#3341)
+ * Add support for prefers-color-scheme using Bootstrap classes. (#3327)
+ * Fix /var/run/kanidm-unixd permission (#3342)
+ * Javascript linting (#3329)
+ * Ignore anonymous in oauth2 read allow access (#3336)
+ * cookies don't clear unless you set domain (#3332)
+ * 20250102 freebsd client (#3333)
+ * fix: PAM on Debian, enable use_first_pass by default (#3326)
+ * Bump the all group with 6 updates (#3324)
+ * Bump the all group in /pykanidm with 2 updates (#3323)
+ * Bump the all group with 3 updates (#3317)
+ * Bump the all group in /pykanidm with 7 updates (#3316)
+ * nss/pam resolver should reauth faster (#3309)
+ * Update to latest webauthn-rs/time (#3315)
+ * kanidm-unixd example config enfixening (#3314)
+ * Further SCIM sync testing, minor fixes (#3305)
+ * book: explain how to use fido-mds-tool (#3231)
+ * client: read attestation CA list JSON from file (#3232)
+ * Automatically trigger passkeys on login view (#3307)
+ * Re-add enrol another device flow
+ * Improved Cookie Removal
+ * Allow opt-in of easter eggs (#3308)
+ * Allow reseting account policy values to defaults (#3306)
+ * Incorrect member name in groups (#3302)
+ * SCIM Sync Missing Annotation (#3300)
+ * Ignore system users for UPG synthesiseation (#3297)
+ * Limit OAuth2 resumption to session (#3296)
+ * Use specific errors for intent token revoked (#3291)
+ * Autocomplete password during reauth with TOTP (#3290)
+ * Bump the all group with 6 updates (#3294)
+ * Bump mozilla-actions/sccache-action from 0.0.6 to 0.0.7 in the all group (#3295)
+ * Bump the all group in /pykanidm with 2 updates (#3293)
+ * remove unused webauthn features. (#3286)
+ * Add CORS headers to jwks and userinfo (#3283)
+ * Cleanup webauthn features (#3285)
+ * Minor tweaks to cred reset ui (#3284)
+ * Bump the all group across 1 directory with 6 updates (#3280)
+ * Allow group managers to modify entry-managed-by (#3272)
+ * pykanidm: Make a little dry. (#3281)
+ * Bump the all group with 5 updates (#3278)
+ * pykanidm: Add retrieving credential reset token for a person. (#3279)
+ * Cleanup of println and other outputs (#3266)
+ * Canonicalize path for user shell check (#3265)
+ * Check DNS on replication loop start not at task start (#3243)
+ * Work around systemd race condition (#3262)
+ * fix(docstrings): minor lack of formatting breaking things (#3260)
+ * Devcontainertainertainer (#3251)
+ * grafana: update example to work with strict redirect uri checking (#3259)
+ * Bump the all group in /pykanidm with 5 updates (#3257)
+ * Bump the all group with 6 updates (#3258)
+ * 20240927 SCIM put (#3151)
+ * Clear invalid tokens from unix resolver (#3256)
+ * Clippy Lints (#3255)
+ * Allow OAuth2 loopback redirects if the path matches (#3252)
+ * Correctly display domain name on login (#3254)
+ * Display account_id during success/deny paths in unixd (#3253)
+ * s/idm_people_self_write_mail/idm_people_self_mail_write/g (#3250)
+ * handle missing map_group setting in config (#3242)
+ * owncloud: Add SameSite=Lax config for cross-domain auth (#3245)
+ * Bump the all group across 1 directory with 7 updates (#3238)
+ * Yaleman/issue3229 (#3239)
+ * Bump the all group across 1 directory with 12 updates (#3235)
+ * Update to latest fido-mds-tool (#3230)
+ * Warn when v2 options are used in v1 unixd config (#3228)
+ * Bump aiohttp from 3.10.10 to 3.10.11 in /pykanidm in the pip group (#3223)
+ * Resolve UI Auth Loop with OAuth2 (#3226)
+ * Harden transport in pam unixd (#3227)
+ * Improve warning around invalid JWT deserialisation (#3224)
+ * Update and fix server config files in examples. (#3225)
+ * Change CLI oauth2 command from set-display-name to set-displayname for consistency. (#3212)
+ * Add docs on customising Kanidm. (#3209)
+ * Correct spelling of occurred (#3222)
+ * Bump the all group across 1 directory with 13 updates (#3202)
+ * UI/Feature polish (#3191)
+ * Prevent Invalid MFA Reg States (#3194)
+ * Change CSS for applications so SVG scales nicely in Firefox. (#3200)
+ * 20241109 3185 max age (#3196)
+ * Hoist max_age to prevent incorrect deserialisation (#3190)
+ * Use correct oauth2 manage acp (#3186)
+ * Re-migrate all acps to force updating (#3184)
+ * Bump the all group across 1 directory with 2 updates (#3180)
+ * security - low - fault in migrations (#3182)
+ * fix(kanidmd): Print replication cert to stdout (#3179)
+ * Correct missing CSP header (#3177)
+ * Resolve pam services not always having a tty (#3176)
+ * Resolve incorrect handling of rhost in pam (#3171)
+ * chore: Made oauth2 scopes required in CLI (#3165)
+ * More "choosing a domain" revision (#3161)
+ * Bump jsonschema from 0.21.0 to 0.26.0 in the all group (#3157)
+ * Update missing inputmode numeric when adding a new TOTP. (#3160)
+ * Improve OAuth2 authorisation ux (#3158)
+ * Fix attribute scim sync attribute naming (#3159)
+ * Change to text input and use numeric mode for TOTP prompts. (#3154)
+ * Bump the all group in /pykanidm with 3 updates (#3156)
+ * Fix release note date and typos (#3153)
+ * Begin 1.5.0 Development Cycle (#3150)
+
+-------------------------------------------------------------------
+Tue Feb 11 06:35:23 UTC 2025 - william.brown@suse.com
+
+- Update to version 1.4.6~git1.3f47d7f:
+ * fix: PAM on Debian, enable use_first_pass by default (#3326)
+
-------------------------------------------------------------------
Thu Jan 23 23:42:52 UTC 2025 - william.brown@suse.com
diff --git a/kanidm.spec b/kanidm.spec
index e87b1e9..e54caf4 100644
--- a/kanidm.spec
+++ b/kanidm.spec
@@ -20,7 +20,7 @@
%define configdir %{_sysconfdir}/kanidm
Name: kanidm
-Version: 1.4.6~git0.3ce4e0f
+Version: 1.5.0~git1.0fa57fc
Release: 0
Summary: A identity management service and clients.
License: ( Apache-2.0 OR BSL-1.0 ) AND ( Apache-2.0 OR ISC OR MIT ) AND ( Apache-2.0 OR MIT ) AND ( Apache-2.0 WITH LLVM-exception OR Apache-2.0 OR MIT ) AND ( CC0-1.0 OR Apache-2.0 ) AND ( MIT OR Apache-2.0 OR Zlib ) AND ( Unlicense OR MIT ) AND ( Zlib OR Apache-2.0 OR MIT ) AND Apache-2.0 AND BSD-2-Clause AND BSD-3-Clause AND CC0-1.0 AND ISC AND MIT AND MPL-2.0 AND MPL-2.0+
diff --git a/vendor.tar.zst b/vendor.tar.zst
index fc148b6..41ff68f 100644
--- a/vendor.tar.zst
+++ b/vendor.tar.zst
@@ -1,3 +1,3 @@
version https://git-lfs.github.com/spec/v1
-oid sha256:2a546aeeebbf670cb0002c33fdf2d03c4f1d6734d7b500dc81aab64d297517d2
-size 68810823
+oid sha256:05428f574f79d690fd606394ec17e25c96ae9cf66e6233893f62e9b7b53a9e97
+size 68777550