LemonLDAP::NG 2.0.7 is out!
This new release fixes more than 60 issues. Here are some of bugfixes and improvements of this release:
- Security:
- [Security: medium, CVE-2019-19791] Apache access rules and SOAP/REST endpoints
- [Security:medium] Redirection in OpenID Connect is granted by default if no URI defined in oidcRPMetaDataOptionsRedirectUris
- [Security:low] afterData plugins (grantSession) cannot prevent session establishment when 2FA is in use
- Bugs:
- Issuer urldc is lost after error in 2F flow or notification flow
- Outgoing emails are missing a Date: field
- Zimbra preauth not working
- REST config service not working
- Server Error with OpenID Connect register endpoint
- Manager version comparator does not work with minified JS
- Reset expired password doesn't trigger when using Combination
- Kerberos not working with session upgrade
- After temporary ldap failure, ldap connections stop working forever
- Authenticating with external OpenID Connect Provider fails because of special chars in user name
- Improvements:
- Possibility to configure new plugins in Manager
- Append overScheme for persistent sessions
- Allow differents type of managerDN
- Append a requiredAuthenticationLevel option for each uri
- Add an option to force claims in ID token
- Possibility to set attributes and extra claims in OIDC registration endpoints
- Specific message and error code for 2F failure
- New features:
- Add per-service macros
- New script to convert sessions between backends
- Renew Captcha button
- Provide refresh tokens in OpenID Connect
- Certificate reset by mail
- Possibility to view/close other sessions opened for the same user
- Create a web service for "refresh my rights"
The full changelog can be seen here: https://gitlab.ow2.org/lemonldap-ng/lemonldap-ng/-/milestones/69
Upgrade notes: https://lemonldap-ng.org/documentation/latest/upgrade#section207
Download: https://lemonldap-ng.org/download
They made this release:
- Core team: Maxime Besson, Xavier Guimard, Christophe Maudoux and Clément Oudot
- Organizations : Gendarmerie Nationale, Worteks, CNAMTS, Orange, CSTB, Urgences Santé Québec, FER Genève, Linagora, SITIV, Métropole Européenne de Lille
- Community (issues opening, tests, patches, pull requests) : David Coutadeur, Andreas Deschka, Daniel Berteaud, Grégory Roy, Antoine Rosier, Mickael Bride, Vincent Filali-Ansary, Dave Conroy, Julien Ledoux, Louis Chemineau, Vincent Mazenod, Xavier Bachelot
If you use LemonLDAP::NG and enjoy it, please let us know: