github ovh/the-bastion v3.08.00
on GitHub

latest releases: v3.16.00, v3.15.00, v3.14.16...
2 years ago

⚡ Security

  • No security fixes since previous release
  • Oldest release with no known security issues: v3.00.00 (first public version)

💡 Highlights

The 2 main changes of this version are:

  • System scripts are now using GnuPG 2.x instead of GnuPG 1.x. All supported OSes do support GnuPG 2.x. The 2.x series of GnuPG support more key algorithms (such as ECDSA and Ed25519), for both higher security and speed. Please refer to the specific upgrade instructions for more information.

  • New restricted plugin accountUnlock, to unlock accounts locked by either pam_tally, pam_tally2 or pam_faillock

Additionally, the supported list of operating systems has changed:

  • Removed official support for OpenSUSE Leap 15.2 (EOL), older minor releases of CentOS 7.x and 8.x (EOL). No code has been removed that would break compatibility, but we removed these OSes from the automated tests suite, so the code may stop working in the future on these OSes for a root cause that we wouldn't be able to detect automatically.
  • Added official support for Debian "Bullseye" 11, RockyLinux 8.x

Also note that since v3.03.99-rc2, the FreeBSD integration tests were not running properly, this has been fixed and the few non-passing tests since this version have also been resolved.

A more complete list of changes can be found below, for an exhaustive (and boring) list, please refer to the commit log.

📌 Changes

  • feat: move scripts to GnuPG 2.x, add tests & doc
  • feat: add new OSes (Debian "Bullseye" 11, RockyLinux 8.x) and deprecate old ones (OpenSUSE Leap 15.2, older minor releases of CentOS 7.x and 8.x)
  • feat: add the accountUnlock restricted plugin
  • enh: detect silent password change failures
  • enh: batch: detect when asked to start a plugin requiring MFA
  • enh: rewrite packages-check.sh, perl-tidy.sh and shell-check.sh with more features and deprecated code removed
  • feat: add the code-info syslog type in addition to code-warn
  • enh: tests: --module can now be specified multiple times
  • fix: FreeBSD tests & portions of code, regression since v3.03.99-rc2
  • chore: install: remove obsolete upgrading sections for pre-v3.x versions

⏩ Upgrading

Check out latest releases or
releases around ovh/the-bastion v3.08.00

Don't miss a new the-bastion release

NewReleases is sending notifications on new releases.

Get notifications