⚡ Security

• No security fixes since previous release
• Oldest release with no known security issue is v3.14.15 (2023-11-08)

💡 Highlights

Please read the rc1 changes that are also included in this pre-release.

The rc2 add support of rsync (#301). Now, for specific protocols (such as scp, sftp and rsync), instead of having a dedicated option for all the plugins, they share a new --protocol option, which will permit adding more protocols if needed, without requiring adding new named options. The previous options are still supported and will keep working, even if the documentation has been updated to only reference --protocol.

We also add a new per-account option: egress session multiplexing (usage of the ControlPath and ControlMaster ssh client options), for accounts opening a large number of connections to the same hosts, such as is the case with e.g. Ansible usage. You'll find it in the accountModify documentation.

Worth noting is also a new plugin: groupSetServers, to permit setting the ACL (asset list) of a group in one shot, to attain a given wanted list, instead of having to rely in several groupAddServer and groupDelServer calls.

A more complete list of changes can be found below, for an exhaustive (and boring) list, please refer to the commit log.

📌 Changes

• feat: add rsync support through the --protocol rsync option in all plugins
• feat: add --egress-session-multiplexing option to accountModify
• feat: add groupSetServers to entirely change a group ACL in one shot
• enh: add lock for group ACL change to avoid race conditions on busy bastions
• enh: selfPlaySession: remove sqliteLog.ttyrecfile dependency
• chore: FreeBSD: ignore OS version mismatch with packages
• chore: selfMFASetupPassword: clearer message

⏩ Upgrading

• General upgrade instructions
• Specific upgrade instructions for v3.16.99-rc2