⚡ Security
- No security fixes since previous release
- Oldest release with no known security issues:
v3.00.00
(first public version)
💡 Highlights
The 2 main changes of this version are:
-
System scripts are now using GnuPG 2.x instead of GnuPG 1.x. All supported OSes do support GnuPG 2.x. The 2.x series of GnuPG support more key algorithms (such as ECDSA and Ed25519), for both higher security and speed. Please refer to the specific upgrade instructions for more information.
-
New restricted plugin
accountUnlock
, to unlock accounts locked by eitherpam_tally
,pam_tally2
orpam_faillock
Additionally, the supported list of operating systems has changed:
- Removed official support for OpenSUSE Leap 15.2 (EOL), older minor releases of CentOS 7.x and 8.x (EOL). No code has been removed that would break compatibility, but we removed these OSes from the automated tests suite, so the code may stop working in the future on these OSes for a root cause that we wouldn't be able to detect automatically.
- Added official support for Debian "Bullseye" 11, RockyLinux 8.x
Also note that since v3.03.99-rc2
, the FreeBSD integration tests were not running properly, this has been fixed and the few non-passing tests since this version have also been resolved.
A more complete list of changes can be found below, for an exhaustive (and boring) list, please refer to the commit log.
📌 Changes
- feat: move scripts to GnuPG 2.x, add tests & doc
- feat: add new OSes (Debian "Bullseye" 11, RockyLinux 8.x) and deprecate old ones (OpenSUSE Leap 15.2, older minor releases of CentOS 7.x and 8.x)
- feat: add the
accountUnlock
restricted plugin - enh: detect silent password change failures
- enh:
batch
: detect when asked to start a plugin requiring MFA - enh: rewrite
packages-check.sh
,perl-tidy.sh
andshell-check.sh
with more features and deprecated code removed - feat: add the
code-info
syslog type in addition tocode-warn
- enh: tests:
--module
can now be specified multiple times - fix: FreeBSD tests & portions of code, regression since v3.03.99-rc2
- chore: install: remove obsolete upgrading sections for pre-v3.x versions