X-Git-Url: https://git.proxmox.com/?a=blobdiff_plain;f=debian%2Fchangelog;h=65b90006230d1f76cd0ba5bcbbc0219b18d8c38d;hb=8a47ffa50b6fe81161579d01278b912e378f63b7;hp=e4fda0277a05abc63152178bc2f5bf99705c061a;hpb=374647e8cd52b675ecfe2855dc272327066796a0;p=pve-access-control.git diff --git a/debian/changelog b/debian/changelog index e4fda02..65b9000 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,3 +1,245 @@ +libpve-access-control (7.1-2) bullseye; urgency=medium + + * catch incompatible tfa entries with a nice error + + -- Proxmox Support Team Wed, 17 Nov 2021 13:44:45 +0100 + +libpve-access-control (7.1-1) bullseye; urgency=medium + + * tfa: map HTTP 404 error in get_tfa_entry correctly + + -- Proxmox Support Team Mon, 15 Nov 2021 15:33:22 +0100 + +libpve-access-control (7.0-7) bullseye; urgency=medium + + * fix #3513: pass configured proxy to OpenID + + * use rust based parser for TFA config + + * use PBS-like auth api call flow, + + * merge old user.cfg keys to tfa config when adding entries + + * implement version checks for new tfa config writer to ensure all + cluster nodes are ready to avoid login issues + + * tickets: add tunnel ticket + + -- Proxmox Support Team Thu, 11 Nov 2021 18:17:49 +0100 + +libpve-access-control (7.0-6) bullseye; urgency=medium + + * fix regression in user deletion when realm does not enforce TFA + + -- Proxmox Support Team Thu, 21 Oct 2021 12:28:52 +0200 + +libpve-access-control (7.0-5) bullseye; urgency=medium + + * acl: check path: add /sdn/vnets/* path + + * fix #2302: allow deletion of users when realm enforces TFA + + * api: delete user: disable user first to avoid surprise on error during the + various cleanup action required for user deletion (e.g., TFA, ACL, group) + + -- Proxmox Support Team Mon, 27 Sep 2021 15:50:47 +0200 + +libpve-access-control (7.0-4) bullseye; urgency=medium + + * realm: add OpenID configuration + + * api: implement OpenID related endpoints + + * implement opt-in OpenID autocreate user feature + + * api: user: add 'realm-type' to user list response + + -- Proxmox Support Team Fri, 02 Jul 2021 13:45:46 +0200 + +libpve-access-control (7.0-3) bullseye; urgency=medium + + * api: acl: add missing `/access/realm/`, `/access/group/` and + `/sdn/zones/` to allowed ACL paths + + -- Proxmox Support Team Mon, 21 Jun 2021 10:31:19 +0200 + +libpve-access-control (7.0-2) bullseye; urgency=medium + + * fix #3402: add Pool.Audit privilege - custom roles containing + Pool.Allocate must be updated to include the new privilege. + + -- Proxmox Support Team Tue, 1 Jun 2021 11:28:38 +0200 + +libpve-access-control (7.0-1) bullseye; urgency=medium + + * re-build for Debian 11 Bullseye based releases + + -- Proxmox Support Team Sun, 09 May 2021 18:18:23 +0200 + +libpve-access-control (6.4-1) pve; urgency=medium + + * fix #1670: change PAM service name to project specific name + + * fix #1500: permission path syntax check for access control + + * pveum: add resource pool CLI commands + + -- Proxmox Support Team Sat, 24 Apr 2021 19:48:21 +0200 + +libpve-access-control (6.1-3) pve; urgency=medium + + * partially fix #2825: authkey: rotate if it was generated in the + future + + * fix #2947: add an option to LDAP or AD realm to switch user lookup to case + insensitive + + -- Proxmox Support Team Tue, 29 Sep 2020 08:54:13 +0200 + +libpve-access-control (6.1-2) pve; urgency=medium + + * also check SDN permission path when computing coarse permissions heuristic + for UIs + + * add SDN Permissions.Modify + + * add VM.Config.Cloudinit + + -- Proxmox Support Team Tue, 30 Jun 2020 13:06:56 +0200 + +libpve-access-control (6.1-1) pve; urgency=medium + + * pveum: add tfa delete subcommand for deleting user-TFA + + * LDAP: don't complain about missing credentials on realm removal + + * LDAP: skip anonymous bind when client certificate and key is configured + + -- Proxmox Support Team Fri, 08 May 2020 17:47:41 +0200 + +libpve-access-control (6.0-7) pve; urgency=medium + + * fix #2575: die when trying to edit built-in roles + + * add realm sub commands to pveum CLI tool + + * api: domains: add user group sync API enpoint + + * allow one to sync and import users and groups from LDAP/AD based realms + + * realm: add default-sync-options to config for more convenient sync configuration + + * api: token create: return also full token id for convenience + + -- Proxmox Support Team Sat, 25 Apr 2020 19:35:17 +0200 + +libpve-access-control (6.0-6) pve; urgency=medium + + * API: add group members to group index + + * implement API token support and management + + * pveum: add 'pveum user token add/update/remove/list' + + * pveum: add permissions sub-commands + + * API: add 'permissions' API endpoint + + * user.cfg: skip inexisting roles when parsing ACLs + + -- Proxmox Support Team Wed, 29 Jan 2020 10:17:27 +0100 + +libpve-access-control (6.0-5) pve; urgency=medium + + * pveum: add list command for users, groups, ACLs and roles + + * add initial permissions for experimental SDN integration + + -- Proxmox Support Team Tue, 26 Nov 2019 17:56:37 +0100 + +libpve-access-control (6.0-4) pve; urgency=medium + + * ticket: use clinfo to get cluster name + + * ldaps: add sslversion configuration property to support TLS 1.1 to 1.3 as + SSL version + + -- Proxmox Support Team Mon, 18 Nov 2019 11:55:11 +0100 + +libpve-access-control (6.0-3) pve; urgency=medium + + * fix #2433: increase possible TFA secret length + + * parse user configuration: correctly parse group names in ACLs, for users + which begin their name with an @ + + * sort user.cfg entries alphabetically + + -- Proxmox Support Team Tue, 29 Oct 2019 08:52:23 +0100 + +libpve-access-control (6.0-2) pve; urgency=medium + + * improve CSRF verification compatibility with newer PVE + + -- Proxmox Support Team Wed, 26 Jun 2019 20:24:35 +0200 + +libpve-access-control (6.0-1) pve; urgency=medium + + * ticket: properly verify exactly 5 minute old tickets + + * use hmac_sha256 instead of sha1 for CSRF token generation + + -- Proxmox Support Team Mon, 24 Jun 2019 18:14:45 +0200 + +libpve-access-control (6.0-0+1) pve; urgency=medium + + * bump for Debian buster + + * fix #2079: add periodic auth key rotation + + -- Proxmox Support Team Tue, 21 May 2019 21:31:15 +0200 + +libpve-access-control (5.1-10) unstable; urgency=medium + + * add /access/user/{id}/tfa api call to get tfa types + + -- Proxmox Support Team Wed, 15 May 2019 16:21:10 +0200 + +libpve-access-control (5.1-9) unstable; urgency=medium + + * store the tfa type in user.cfg allowing to get it without proxying the call + to a higher priviledged daemon. + + * tfa: realm required TFA should lock out users without TFA configured, as it + was done before Proxmox VE 5.4 + + -- Proxmox Support Team Tue, 30 Apr 2019 14:01:00 +0000 + +libpve-access-control (5.1-8) unstable; urgency=medium + + * U2F: ensure we save correct public key on registration + + -- Proxmox Support Team Tue, 09 Apr 2019 12:47:12 +0200 + +libpve-access-control (5.1-7) unstable; urgency=medium + + * verify_ticket: allow general non-challenge tfa to be run as two step + call + + -- Proxmox Support Team Mon, 08 Apr 2019 16:56:14 +0200 + +libpve-access-control (5.1-6) unstable; urgency=medium + + * more general 2FA configuration via priv/tfa.cfg + + * add u2f api endpoints + + * delete TFA entries when deleting a user + + * allow users to change their TOTP settings + + -- Proxmox Support Team Wed, 03 Apr 2019 13:40:26 +0200 + libpve-access-control (5.1-5) unstable; urgency=medium * fix vnc ticket verification without authkey lifetime