github ovh/the-bastion v3.24.01

4 hours ago

⚡ Security

  • No security fixes since previous release
  • Oldest release with no known security issue is v3.22.00 (2025-09-17)

💡 Highlights

This minor release fixes a few issues.

The most notable one is that cross-realm TOTP MFA checks were not working properly, which could prevent TOTP MFA from being enforced as expected when connecting to a target through a realm. This was not the case for password MFA.

We also fixed the --bind option, which was not being applied properly, and moved the banner seal service setup to the install script when using /home encryption (#653).

On the enhancement side, we now poke directly into the kernel's PRNG (/dev/urandom) instead of relying on Perl's rand() wherever we need randomness, for good measure.

We get our usual round of internal cleanups too, listed below.
For an exhaustive (and boring) list, please refer to the commit log.

📌 Changes

  • enh: use /dev/urandom instead of rand()
  • fix: cross-realm TOTP MFA check didn't work properly
  • fix: the --bind option was not being applied properly
  • fix: setup-encryption: move the banner seal service setup to the install script (#653)
  • chore: replace grep-as-boolean with List::Util any/none
  • chore: standardize $fnret->msg to stringified $fnret

⏩ Upgrading

Don't miss a new the-bastion release

NewReleases is sending notifications on new releases.