- Update to version 1.8.3~git0.471c021f2:
* Release 1.8.3
* Resolve infinite reauth loop
- Update to version 1.8.2~git0.387e2ce61:
* Release 1.8.2
* Prevent deprecation warnings affecting release
* Ignore CredentialTypeMinimum during migrations (#3991)
* Report correct client IP in request log (#3990)
* Ensure that privileged sessions expirations are synced (#3984)
* Missing constraint on skip upgrade process (#3983)
* Document the upgrade process through versions. (#3982)
* lib crypto should not depend on proto (#3975)
* Change AttributeUniqueness to yield BAD_REQUEST (#3974)
* fix: kanidm_build_profiles has unwrap which can cause builds to fail (#3973)
OBS-URL: https://build.opensuse.org/request/show/1320414
OBS-URL: https://build.opensuse.org/package/show/network:idm/kanidm?expand=0&rev=110
- Update to version 1.8.0~git0.42d0e864c:
* Release 1.8.0
* 20251108 lld (#3944)
* Improve uid/gid overlap message during IAM migration (#3943)
* Release 1.8.0-pre
* Release Prep (#3938)
* 20251029 hmac name uniqueness (#3931)
* sssshhhhh quiet there. (#3906)
* Add support for proxyv1 (#3935)
* 20251031 nss sync conn persist (#3921)
* Improve offline authentication (#3934)
* 20251005 multiple accept (#3933)
* Add CSS to support forced-colors on the toggle switch (#3932)
* Prevent replication certificate renewal deadlock
* fix: ensure CLI exits with non-zero code on HTTP client errors (#3929)
* Bump the all group with 5 updates (#3927)
* 20251015 OIDC auth source (#3905)
* Bump the all group with 2 updates (#3913)
* Bump the all group with 2 updates (#3914)
* Prevent users saving their credentials if there are none (#3805)
* Fix passkey typos (#3907)
* fix: Replace letter "d" by sink (#3909)
* Bump the all group with 33 updates (#3898)
* Fix: set OAuth2 JTI to session ID (#3901)
* Open app links in new tabs (#3899)
* 20251009 account/group schema changes (#3880)
* [fix] Mail attribute on service accounts not accessible (#3893)
* Correct RADIUS API token generation examples (#3890)
* Foundations of message sending (#3878)
* 20251010 drop eckeys (#3882)
OBS-URL: https://build.opensuse.org/request/show/1317258
OBS-URL: https://build.opensuse.org/package/show/network:idm/kanidm?expand=0&rev=104
- Update to version 1.7.0~git0.621ac7be0:
* Release 1.7.0
* Fix a couple of commands in the OAuth2 Proxy examples (#3758)
- Update to version 1.7.0-pre~git0.7d9da9dc8:
* Release 1.7.0-pre
* 20250729 pre release (#3756)
* Helps to enable features like defer spans (#3755)
* Downgrade notify-debouncer (#3747)
* Reduce memory usage on unixd (#3754)
* Bump the all group with 4 updates (#3753)
* 20250723 application passwords again (#3748)
* Docs oauth2 examples (#3750)
* Groups WebUI, modify description (#3734)
* Improve replication logging (#3746)
* 20250711 type migrations (#3741)
* Bump the all group with 3 updates (#3743)
* Use constants for /etc/shadow and related paths (#3740)
* fix: don't show people's whole tokens in debugs (#3742)
* Updates to makefile (#3736)
* Add a new paragraph in the installation quickstart for installing required client tools, and clarify the client tool setup paragraph (#3735)
* Bump the all group with 4 updates (#3737)
* Add ppc64le support for docker images (#3733)
* Basic interface to get and regenerate the RADIUS password (#3728)
* book: fix command example in pam_and_nsswitch.md (#3732)
* fix docgen (#3731)
* Fix for Failed to deserialize query: missing field 'state' (#3726)
* Add user facing SCIM pagination / sorting (#3725)
* Admin UI Group name modification (#3717)
* fix typo in documentation: tls_path to tls_key (#3727)
OBS-URL: https://build.opensuse.org/request/show/1296930
OBS-URL: https://build.opensuse.org/package/show/network:idm/kanidm?expand=0&rev=96
- Update to version 1.6.3~git0.389493eb1:
* Release 1.6.3
* Fix minor issue with untagged version handling (#3634)
* Move shadow processing out of task event loop (#3631)
* Dont specify config path in container (#3630)
* Accept SSHA with different salt lengths (#3629)
* Resolve flaw with ssh key parse if the key has no comment (#3628)
* Indicate that this is an ip list, not a range (#3626)
* Test for corrupted unicode in SSH keys, keep the key title on error/resubmit (#3618)
* Reduce replication logging verbosity
* cargo publish (#3613)
OBS-URL: https://build.opensuse.org/request/show/1277307
OBS-URL: https://build.opensuse.org/package/show/network:idm/kanidm?expand=0&rev=91
- bsc#1242642 - CVE-2025-3416 - openssl use after free
- Update to version 1.6.0~git0.d7ae0f336:
* Release 1.6.0
* Avoid openssl for md4
* Fixes#3586, inverts the navbar button color (#3593)
* Release 1.6.0-pre
* chore: Release Notes (#3588)
* Do not require instances to exist during optional config load (#3591)
* Fix std::fmt::Display for some objects (#3587)
* Drop fernet in favour of JWE (#3577)
* docs: document how to configure oauth2 for opkssh (#3566)
* Add kanidm_ssh_authorizedkeys_direct to client deb (#3585)
* Bump the all group in /pykanidm with 2 updates (#3581)
* Update dependencies, fix a bunch of clippy lints (#3576)
* Support spaces in ssh key comments (#3575)
* 20250402 3423 proxy protocol (#3542)
* fix(web): Preserve SSH key content on form validation error (#3574)
* Bump the all group in /pykanidm with 3 updates (#3572)
* Bump the all group in /pykanidm with 2 updates (#3564)
* Bump crossbeam-channel from 0.5.14 to 0.5.15 in the cargo group (#3560)
* Improve token handling (#3553)
* Bump tokio from 1.44.1 to 1.44.2 in the cargo group (#3549)
* Update fs4 and improve klock handling (#3551)
* Less footguns (#3552)
* Unify unix config parser (#3533)
* Bump openssl from 0.10.71 to 0.10.72 in the cargo group (#3544)
* Bump the all group in /pykanidm with 8 updates (#3547)
* implement notify-reload protocol (#3540)
* Allow versioning of server configs (#3515)
OBS-URL: https://build.opensuse.org/request/show/1275074
OBS-URL: https://build.opensuse.org/package/show/network:idm/kanidm?expand=0&rev=85
- Update to version 1.5.0~git1.0fa57fc:
* Update makefile for docker
* Release 1.5.0
* 20250209 pre release (#3409)
* 20250206 freebsd ports (#3404)
* Resolve kanidm-unix auth-test bug (#3405)
* chore: Remove empty scopemaps (#3170)
* Feat: Allowing spn query with non-spn structured data in LDAP (#3400)
* SSH Keys in Credentials Update (#3027)
* 20250205 3369 firefox pin (#3403)
* Correctly return that uuid2spn changed on domain rename (#3402)
* Fix the password reset form and possible resolver issue (#3398)
* Add handle_group_error to cli client (#3399)
* Improve spans in unixd (#3397)
* Allow OAuth2 with empty state parameter (#3396)
* #3387 - RADIUS Startup fixin's (#3388)
* Allow POST on oauth userinfo (#3395)
* OpenBSD support (#3381)
* Bump openssl from 0.10.69 to 0.10.70 in the cargo group (#3391)
* Add /.well-known/change-password endpoint (#3382)
* Bump the all group across 1 directory with 7 updates (#3385)
* extend oauth2 examples with gitea (#3351)
* Bump the all group with 22 updates (#3376)
* Book: Added small section on primary cred fallback (#3365)
* Added shell.nix to create dev environment (#3362)
* fix(ci): Add setup-oras step to include ORAS CLI for container builds on ubuntu-24.04. (#3368)
* 20250114 3325 SCIM access control (#3359)
* Small UI updates. (#3361)
* Bump the all group in /pykanidm with 2 updates (#3366)
* Repair systemd reload notifications (#3355)
OBS-URL: https://build.opensuse.org/request/show/1244965
OBS-URL: https://build.opensuse.org/package/show/network:idm/kanidm?expand=0&rev=79
- Update to version 1.4.5~git0.a7fabde:
* Release 1.4.5
* nss/pam resolver should reauth faster (#3309)
* Further SCIM sync testing, minor fixes (#3305)
* Automatically trigger passkeys on login view (#3307)
* Re-add enrol another device flow
* Improved Cookie Removal
* Allow reseting account policy values to defaults (#3306)
* Incorrect member name in groups (#3302)
* SCIM Sync Missing Annotation (#3300)
* Ignore system users for UPG synthesiseation (#3297)
* Limit OAuth2 resumption to session (#3296)
* Use specific errors for intent token revoked (#3291)
* Autocomplete password during reauth with TOTP (#3290)
* Add CORS headers to jwks and userinfo (#3283)
- Require system-user-nobody to prevent install ordering issue with
invalid rpc/statd users
OBS-URL: https://build.opensuse.org/request/show/1232927
OBS-URL: https://build.opensuse.org/package/show/network:idm/kanidm?expand=0&rev=75
- Update to version 1.4.3~git1.078625c:
* Update to latest fido-mds-tool (#3230)
- Update to version 1.4.3~git0.fb00176:
* Release 1.4.3
* Warn when v2 options are used in v1 unixd config (#3228)
* Resolve UI Auth Loop with OAuth2 (#3226)
* Harden transport in pam unixd (#3227)
* Improve warning around invalid JWT deserialisation (#3224)
* Update and fix server config files in examples. (#3225)
* Change CLI oauth2 command from set-display-name to set-displayname for consistency. (#3212)
* Add docs on customising Kanidm. (#3209)
* Correct spelling of occurred (#3222)
* UI/Feature polish (#3191)
* Prevent Invalid MFA Reg States (#3194)
* Change CSS for applications so SVG scales nicely in Firefox. (#3200)
* 20241109 3185 max age (#3196)
* Hoist max_age to prevent incorrect deserialisation (#3190)
* Release 1.4.2
* Re-migrate all acps to force updating (#3184)
* security - low - fault in migrations (#3182)
OBS-URL: https://build.opensuse.org/request/show/1225755
OBS-URL: https://build.opensuse.org/package/show/network:idm/kanidm?expand=0&rev=71
