ltb-project/self-service-password v1.5.0

Version 1.5.0

on GitHub

ℹ️ Self Service Password

LDAP Tool Box Self Service Password is a web application for end users. It allows them to change or reset their password if they lost it.

It works with any LDAP directory, including Active Directory.

📄 What's Changed

• feat(ssh): public key check ( #509 ) by @faust64 in #510
• docs(sshkey) by @faust64 in #512
• fix(mail): add sendmail to Docker image by @faust64 in #517
• docs(multi-tenancy): adds samples setting multi-tenancy header by @faust64 in #515
• If token was provided by SMS, check initial SMS code before changing password by @coudot in #521
• [Security:low] Dismiss captcha once it is used by @coudot in #522
• Merge 1.4 branch by @coudot in #523
• Typo in resetbytoken resulting in mails not being sent by @faust64 in #529
• adding Kerberos authentication support by @jazzl0ver in #536
• Change expired password as manager by @coudot in #530
• fix(version): mismatch between htdocs/index.php and rest/v1/include.php by @faust64 in #539
• core(update): apache 2.4.46 by @faust64 in #541
• Refactor pwned passwords by @faust64 in #540
• fix(notify): don't send notification if modification failed by @faust64 in #542
• docs(ratelimit): typo by @faust64 in #545
• feat(mails): using several mail attributes by @faust64 in #546
• fix(sshkeys): don't send mail notification when entry was not changed by @faust64 in #513
• Update de.inc.php by @usrflo in #547
• fix(docs): invalid nginx root serving ssp by @faust64 in #551
• Added sms api for signal-cli by @mfulz in #549
• fix(docs): ratelimit check interval should be 1h, not 1min by @faust64 in #558
• Document $allowed_lang var by @maxxer in #562
• Updated IT translation by @maxxer in #564
• Fix Error 500 when user is not found in ldap for sms reset by @mfulz in #571
• fix(api): phpmailer needs to be included (#573) by @faust64 in #576
• fix: captcha misaligned in the mobile version by @bondif in #588
• Update simplified Chinese translation by @tweea in #594
• fix(docs) - see #590 by @faust64 in #598
• Update fr translation by @vboucard in #606
• chore(deps): bump phpmailer/phpmailer from 6.4.1 to 6.5.0 in /lib by @dependabot in #559
• Fix some undefined warnings by @liedekef in #609
• fix apache / bullseye by @faust64 in #612
• Issue 608 by @doc-slice in #619
• Implement Argon2 hashing by @tleuxner in #628
• Add some cosmetic css properties to sshkey textarea by @spike77453 in #642
• Fix translation by @tvdijen in #646
• chore(deps): bump guzzlehttp/psr7 from 2.1.0 to 2.2.1 in /lib by @dependabot in #647
• chore(deps): bump guzzlehttp/guzzle from 7.4.0 to 7.4.4 in /lib by @dependabot in #659
• Update bootstrap to v3.4.1 by @bohze in #661
• chore(deps): bump guzzlehttp/guzzle from 7.4.4 to 7.4.5 in /lib by @dependabot in #664
• feat(sms): Allow more than one mobile attribute #658 by @artlog in #673
• Feat mail factorize attributes by @artlog in #675
• Update TR translation by @berkaycagir in #669
• fix(sshkey): should add one sshPublicKey per key by @faust64 in #514
• Remove warning "Decoding error" by @coudot in #676
• Fix 563 by @faust64 in #592
• Use correct message identifiers by @coudot in #677
• hide failure by default for mailnomatch issue #610 by @artlog in #685
• fix check password toward ldap attribute for token based methods by @artlog in #686
• captcha use dedicated session cookie fix #602 by @artlog in #680
• Rate limit optional support per ip (ratelimit_filter_by_ip) by @artlog in #683
• Add rate limit checking for any password change request include fix #654 by @artlog in #684
• Improve documentation, parse php code by @coudot in #696
• Fix password check ldap by @artlog in #688
• Use require_once for file inclusion by @coudot in #702
• Fix reset by questions display after password change by @coudot in #703
• Check parameters before calling hash_equals by @coudot in #699
• Get entry in checkpassword REST service by @coudot in #708

🤝 New Contributors

• @jazzl0ver made their first contribution in #536
• @usrflo made their first contribution in #547
• @mfulz made their first contribution in #549
• @maxxer made their first contribution in #562
• @bondif made their first contribution in #588
• @vboucard made their first contribution in #606
• @liedekef made their first contribution in #609
• @doc-slice made their first contribution in #619
• @tleuxner made their first contribution in #628
• @tvdijen made their first contribution in #646
• @artlog made their first contribution in #673

Full Changelog: v1.4.5...v1.5.0

⬇️ Download

Get tarball and packages on https://ltb-project.org/download.html

Use our apt and yum repositories to ease the installation:

• https://self-service-password.readthedocs.io/en/latest/installation.html#debian-ubuntu
• https://self-service-password.readthedocs.io/en/latest/installation.html#centos-redhat

You can also use our Docker image: https://hub.docker.com/r/ltbproject/self-service-password