⚡ Security

• No security fixes since previous release
• Oldest release with no known security issue is v3.14.15 (2023-11-08)

💡 Highlights

The main noteworthy change in this release is the support for so-called Secure Keys 🔑 (FIDO2) for ingress connection. If you're upgrading from a previous version, you'll have to enable support in the configuration file, refer to the specific upgrade instructions below. This is enabled on new installations by default.

To learn how to generate and use a Secure Key from your hardware token to secure SSH access is usually detailed in the documentation of your hardware key vendor (For example Yubico).

A more complete list of changes can be found below, for an exhaustive (and boring) list, please refer to the commit log.

📌 Changes

• feat: support hardware-based Secure Keys (FIDO2) for ingress authentication
• enh: remove netcat dependency by using perl bultins
• enh: --wait now checks whether the TCP port is open instead of just pinging the host
• fix: logic error in etc/pam.d/sshd.rhel breaking MFA handling if enabled

⏩ Upgrading

• General upgrade instructions
• Specific upgrade instructions for v3.16.00