------------------------------------------------------------------- Tue Aug 02 04:58:28 UTC 2022 - william.brown@suse.com - Update to version 1.1.0~alpha9~git2.ebab6c5f: * Fix cargo.lock + Docker * Fixing the Github Actions Kanidmd build (#963) * (cargo-release) version 1.1.0-alpha.9 (#962) * Improve radius to support eap-tls with ca-dir (#957) * A pile of Wasm UI tweaks (#958) * Bump types-requests from 2.28.3 to 2.28.6 in /kanidm_rlm_python (#960) * Update validator requirement from ^0.15.0 to ^0.16.0 (#959) * Bump types-requests from 2.28.3 to 2.28.6 in /pykanidm (#961) * 383 164 authentication updates 9 (#956) * Update libsqlite3-sys requirement from 0.24.2 to 0.25.0 in /kanidm_unix_int (#929) ------------------------------------------------------------------- Sun May 01 05:33:09 UTC 2022 - william.brown@suse.com - Update to version 1.1.0~alpha8~git1.980f358d: * Push some missed bits to documents * (cargo-release) version 1.1.0-alpha.8 * 20220501 fix logging (#730) * ref #725 - updated comment to note it's still failing (#727) * Remove async references (#724) * 383 170 164 authentication updates 3 (#723) * Making the login path nicer, dev scripting (#721) * Tweak docs generation... (#722) * Docs updates to push all tagged versions + dev (#720) * 20220427 dependency updates (#718) ------------------------------------------------------------------- Tue Apr 5 05:35:55 UTC 2022 - William Brown - Automatic update of vendored dependencies ------------------------------------------------------------------- Mon Mar 14 06:58:28 UTC 2022 - william.brown@suse.com - Update to resolve bsc#1196972 CVE-2022-24713 - Regex DOS ------------------------------------------------------------------- Fri Jan 07 00:59:36 UTC 2022 - wbrown@suse.de - resolve bsc#1194119 (CVE-2021-45710) ------------------------------------------------------------------- Fri Dec 31 00:11:55 UTC 2021 - wbrown@suse.de - Update to version 1.1.0~alpha7~git0.c8468199: * (cargo-release) version 1.1.0-alpha.7 * Pre-release update and cleanup (#631) * Improve autofocus to oauth2 (#630) * Finalise email changes for oidc (#629) * Temp use env filter (#628) * 20211216 tracing cleanup (#627) * Art attribution * Refactor of value and addition of base types for business attributes (#626) * Add xmas logo * Add rinstall file (#625) ------------------------------------------------------------------- Fri Oct 01 02:10:02 UTC 2021 - wbrown@suse.de - bsc#1191031 - use _pam_moduledir in spec macros - Update to version 1.1.0~alpha6~git0.c9f4b1d: * (cargo-release) version 1.1.0-alpha.6 * Added an interactive cli dialog to kanidm login (#584) * Add support for storing security token key in domain config (#581) * Remove auditscope for tracing (#580) * Entry Arc Tracking to reduce memory footprint (#579) * Rewrite how we store the internals of valuesets in entries (#578) * Improving logging and docs around unixd/PAM/NSS (#577) * Swap to tide-openssl (#575) * Start to remove audit scope :) (#574) * Fix io capture in tests (#573) ------------------------------------------------------------------- Wed Jul 07 02:36:51 UTC 2021 - wbrown@suse.de - Update to version 1.1.0~alpha5~git0.4be329e: * (cargo-release) version 1.1.0-alpha.5 * Release prep * Fix totp registration workflow with broken authenticators (#516) * Add statistical analysis to indexes (#505) * 511 upgrade failure - add debuging tools and improve debugging of the issue. (#512) * fixes #503 - TOTP prompt no longer drops a newline (#515) * Fixing kanidm windows client build (#507) * Add the ability to configure and provide Oauth2 authentication for Kanidm. (#485) * Change default totp to sha256 (#504) * Fixes #494 - password change user-facing responses (#499) * Fix readonly check (#496) * Update webauthn-authenticator-rs to fix test failures (#493) * Update repo locations and versions in prep for release (#492) * Add workaround for podman subid issue (#491) * 163 account recovery code (#469) * check user shell (#392) (#490) * Removed `OperationResponse` (#489) * Set default shell to `bin/sh` (#488) * 20210607 orca ldap (#470) * `kanidm_client` bool/return values (#479) * Arc cachesize warning fixes (#483) * Closure Refactoring (#482) * Renamed fields in `dbvalue` (#477) * 471 add service files (#474) * fixes #478 - adds note about web ui already being packaged (#480) * unixd will now bail if startup tests fail (#476) * Add email syntax (#465) * Add some openid stubs (#464) * Add auth docs (#463) * 64 120 session claims (#462) * Add ldap vattr mapping (#459) * Fix for unixd issue (#460) * 414 clear stale credentials (#447) * Fix multivalue setting of description attribute (#457) * 445 update pam nsswitch md (#451) * simpler ip logging (#454) * I might have become clippy this time (#449) * Calming clippy's nerves, Friday edition (#448) * 444 - client's config URI missing and more file open handling (#446) * Fix proxy usage in tests (#443) * This allows TOTP to accept an OTP that is one step behind AKA the previous TOTP (#442) * oauth design (#441) * Adding an example config file (#440) * adding env vars, making clippy happier, cleaning up some error messages (#438) * 20210509 cleanup clippy and audit name (#437) * 277 radius pw not accept for main pw (#435) * Orca - a load testing framework for Kanidm (#431) * Add verification of name indexes (#433) * Add ability to pick a server role (#432) * Adding a new verb group remove_members (#434) * 397 Caching password badlist (#425) * User feedback improvements, also handling a permissions issue (#424) * Fix concat issue * Update contributors * Making clippy happy (#420) * Fix 421 - clearer debug messages when doing things (#422) * 62 idm qs cleanup (#419) * Rough working login page (#417) * Make clippy happy (#415) * More debug messages (#413) * merging upstream (#411) * Improve error message when socket not found (#412) * Idlset2, query cache, acp resolve cache (#409) * Add lto thin (#410) * fixing broken action (#405) * Basic documentation for monitoring (#404) * Create design for mfa_backup_code.rst (#402) * phrasing (#401) * Docs update (#400) - Remove un-needed source files: * kanidm-unixd-tasks.service * kanidm-unixd.service * kanidmd.service * server.toml ------------------------------------------------------------------- Thu Jun 24 02:54:31 UTC 2021 - wbrown@suse.de - Update to version 1.1.0~alpha4~git54.675146e: * check user shell (#392) (#490) * Removed `OperationResponse` (#489) * Set default shell to `bin/sh` (#488) * 20210607 orca ldap (#470) * `kanidm_client` bool/return values (#479) * Arc cachesize warning fixes (#483) * Closure Refactoring (#482) ------------------------------------------------------------------- Wed Jun 16 02:38:11 UTC 2021 - wbrown@suse.de - Update to version 1.1.0~alpha4~git47.5e83b68: * Renamed fields in `dbvalue` (#477) * 471 add service files (#474) * fixes #478 - adds note about web ui already being packaged (#480) * unixd will now bail if startup tests fail (#476) * Add email syntax (#465) * Add some openid stubs (#464) * Add auth docs (#463) * 64 120 session claims (#462) * Add ldap vattr mapping (#459) ------------------------------------------------------------------- Thu May 27 11:18:43 UTC 2021 - wbrown@suse.de - Update to version 1.1.0~alpha4~git38.d978c9d: * Fix for unixd issue (#460) ------------------------------------------------------------------- Wed May 26 06:12:04 UTC 2021 - wbrown@suse.de - Update to version 1.1.0~alpha4~git37.e8b1089: * 414 clear stale credentials (#447) * Fix multivalue setting of description attribute (#457) * 445 update pam nsswitch md (#451) * simpler ip logging (#454) * I might have become clippy this time (#449) * Calming clippy's nerves, Friday edition (#448) * 444 - client's config URI missing and more file open handling (#446) * Fix proxy usage in tests (#443) * This allows TOTP to accept an OTP that is one step behind AKA the previous TOTP (#442) * oauth design (#441) * Adding an example config file (#440) * adding env vars, making clippy happier, cleaning up some error messages (#438) * 20210509 cleanup clippy and audit name (#437) * 277 radius pw not accept for main pw (#435) * Orca - a load testing framework for Kanidm (#431) * Add verification of name indexes (#433) * Add ability to pick a server role (#432) * Adding a new verb group remove_members (#434) * 397 Caching password badlist (#425) * User feedback improvements, also handling a permissions issue (#424) * Fix concat issue * Update contributors * Making clippy happy (#420) * Fix 421 - clearer debug messages when doing things (#422) * 62 idm qs cleanup (#419) * Rough working login page (#417) * Make clippy happy (#415) * More debug messages (#413) * merging upstream (#411) * Improve error message when socket not found (#412) * Idlset2, query cache, acp resolve cache (#409) * Add lto thin (#410) * fixing broken action (#405) * Basic documentation for monitoring (#404) * Create design for mfa_backup_code.rst (#402) * phrasing (#401) * Docs update (#400) ------------------------------------------------------------------- Thu Apr 01 01:11:04 UTC 2021 - wbrown@suse.de - Update to version 1.1.0~alpha4~git0.0ac5da8: * Performance Improvements * TOTP CLI enrollment * Jemalloc in main server instead of system allocator * Command line completion * TLS file handling improvements * Webauthn authentication and enrollment on CLI * Add db vacuum task * Unix tasks daemon that automatically creates home directories * Support for sk-ecdsa public ssh keys * Badlist checked at login to determine account compromise * Minor Fixes for attribute display ------------------------------------------------------------------- Mon Dec 28 00:15:25 UTC 2020 - wbrown@suse.de - Update to version v1.1.0alpha.3~git0.b34c893: * (cargo-release) version 1.1.0-alpha.3 * release notes * Update Dependencies * Unixd - NXCache of unknown items (#338) * WIP - Improve Auth Proto to Support Webauthn (#333) * Follow up on ci fixes * Add port verification to start server in kanidm_client tests * Update CI base image to ubuntu 20.04 * Add libudev to ci * 13 135 webauthn support (#332) * Change root user check to warning due to container run times (#328) * Fixes #324 account softlocking and rate limiting (#326) * Add passpoint link * Update tumbleweed docs * Account valid-from and expiry (#322) ------------------------------------------------------------------- Thu Oct 01 00:19:19 UTC 2020 - wbrown@suse.de - Update to version v1.1.0alpha.2~git0.764e727: * Update * (cargo-release) version 1.1.0-alpha.2 * (cargo-release) version 1.1.0-alpha.2 * (cargo-release) version 1.1.0-alpha.2 * (cargo-release) version 1.1.0-alpha.2 * (cargo-release) version 1.1.0-alpha.2 * (cargo-release) version 1.1.0-alpha.2 * (cargo-release) version 1.1.0-alpha.2 * gitignore * Update Release Notes * 250 cookie to auth bearer (#321) * 259 reduce clones (#319) * Xxx clippy outdated (#318) * 314 improve async (#316) * Update README.md * On login pw upgrade (#315) * Add python3 support to radius * Dynamic crypto rounds (#311) * tweak book chapter * 67 resource limits impl (#307) * Update based on review * Apply suggestions from code review * doc * Build improvements * Support zfs page size * V large cleanup * Cleanup and improve client error handling * Improve server hardening * Update deps + add simd support in container * Add FAQ + eap selection * Minor updates * tweak release steps ------------------------------------------------------------------- Mon Aug 3 00:38:29 UTC 2020 - William Brown - Initial Commit