openSUSE Recommended Update: Recommended update for kanidm ______________________________________________________________________________ Announcement ID: openSUSE-RU-2024:0129-1 Rating: moderate References: Affected Products: openSUSE Backports SLE-15-SP5 ______________________________________________________________________________ An update that has 0 recommended fixes can now be installed. Description: This update for kanidm fixes the following issues: - Update to version 1.2.0~git0.9efa91a: * Release 1.2.0 (#2733) * Prepare 1.2.0 * Release 1.2.0 prep (#2724) * Minor upgrade fixes (#2722) * Resolve OAuth2 client/rs confusion (#2719) * Improve access control doc to describe privilege access mode (#2721) * Support 1.1 attribute in LDAP (#2720) * Add mail support to groups (#2718) * Add session limit (#2714) * added profile and `memberof` search to the basic model (#2712) * chore(deps): bump the all group in /pykanidm with 4 updates (#2717) * Fix typo in oauth2 error message (#2715) * 20240409 rework orca markov (#2699) * Begin the basis of the key provider model (#2640) * chore(deps): bump the all group in /pykanidm with 4 updates (#2707) * chore(deps): bump peaceiris/actions-mdbook from 1 to 2 in the all group (#2706) * chore(deps): bump idna from 3.4 to 3.7 in /pykanidm (#2703) * fix(TotpDigits): fix typo in TryFrom impl (#2702) * chore(deps-dev): bump the all group in /pykanidm with 4 updates (#2696) * chore(deps): bump h2 from 0.3.25 to 0.3.26 (#2694) * Windows Hello Authentication requirements (#2688) * chore(deps): bump the all group with 1 update (#2690) * chore(deps-dev): bump the all group in /pykanidm with 1 update (#2691) * Require kanidm-unixd before kanidm-unixd-tasks (#2687) * kanidm unixd mfa capabilities (#2672) * Add Grafana integration to OAuth2 documentation (#2685) * [SECURITY: LOW] Administrator triggered thread crash in oauth2 claim maps #2686 (#2686) * ldap-sync: allow to use attrs more than once (#2676) * chore(deps-dev): bump the all group in /pykanidm with 4 updates (#2683) * chore(deps): bump the all group with 1 update (#2682) * fix(docs): packaging section improved (#2677) * Fix developer ethics link (#2674) * fix(docs): filename, header and title mismatch fixes (#2660) * 20240312 concread upgrade (#2668) * fix(docs): capitalization fixes (#2659) * fix(docs): links corrected (#2661) * fix api typo (#2657) * chore(deps-dev): bump the all group in /pykanidm with 2 updates (#2662) * chore(deps): bump the all group in /pykanidm with 9 updates (#2656) * Update bootstrap 5.0.2 to 5.3.3 & minor UI fixes (#2650) * fix(docs): typos, grammar and broken link fixes (#2644) * increase severity for "{:?} !⊆ allowed: {:?}" (#2648) * Add instructions on how to enable PKCE in Nextcloud (#2647) * 20230224 2437 orca remodel (#2591) * Add initial design for key domains (#2564) * Add upgrade process, improve developer readme (#2635) * Doc unix client support (#2633) * 20240301 systemd uid (#2602) * expose group patch for parity (#2628) * Adding a builtin class for all built-in things (#2603) * apidoc tag fixes (#2625) * chore(deps): bump mio from 0.8.10 to 0.8.11 (#2620) * Fix missing entry managed by on anonymouns (#2623) * Notes on privilege-expiry (#2622) * SPAs really are stupid sometimes (#2609) * apidoc fixes (#2614) * chore(deps): bump the all group in /pykanidm with 4 updates (#2615) * Typo fixes (#2610) * Return consent scope to service account (#2605) * OpenAPI schema fixes (#2590) * WASM test fixing (#2595) * Feature object graph (#2518) * Add domain version test framework (#2576) * Fix the miniflux oauth2 example (#2598) * docs(monitoring): Fix syntax for OpenTelemetry config (#2594) * 20240221 2489 cleanup api v1 (#2573) * Changing to allow startup without a config file (#2582) * Allow /dev/tpmrm0 on older systemd versions (#2587) * Adjust output of claim maps for better parsing (#2566) * chore(deps): bump the all group in /pykanidm with 4 updates (#2585) * improved error description for commit_credential_update (#2579) * Make /status less noisy (#2574) * chore(deps): bump cryptography from 42.0.2 to 42.0.4 in /pykanidm (#2567) * Add system range protection (#2565) * Fix string comparison in Debian build script (#2409) * of course I started looking at clippy things and now I can't stop (#2560) * 20240216 308 resource limits (#2559) * fix(oauth2): typo in basic path (#2562) * Adding duplicate-finder script (#2550) * prctl compile-time fixes, also chasing lints (#2558) * Removing unused constant and updating docstring for LDAP bind address (#2556) * chore(deps-dev): bump the all group in /pykanidm with 3 updates (#2553) * Support Policy Updates (#2536) * chore(deps): bump cryptography from 42.0.0 to 42.0.2 in /pykanidm (#2548) * Re-enable HW tpm support (#2531) * Add further hardening for system services (#2542) * fixing the test script (#2547) * when the HTTPS server fails, handle that gracefully (#2546) * Fix update intent ttl parameters (#2540) * radius build workflow fixes (#2541) * Conflict nscd, start before sshd (#2539) * Fix incorrect documentation elements (#2533) * Remove replication is in dev flag (#2535) * Ordering auth methods in the CLI (#2508) * Set lowercase owner name in tag (#2534) * Add code_challenge_methods_supported to OIDC discovery (#2525) * Himmelblau requires the machine key for unix_user_get (#2523) * Extend on Apache example (#2524) * chore(deps): bump the all group in /pykanidm with 4 updates (#2520) * List of supported features (#2499) * Update to latest dev version (#2486) Patch Instructions: To install this openSUSE Recommended Update use the SUSE recommended installation methods like YaST online_update or "zypper patch". Alternatively you can run the command listed for your product: - openSUSE Backports SLE-15-SP5: zypper in -t patch openSUSE-2024-129=1 Package List: - openSUSE Backports SLE-15-SP5 (aarch64 x86_64): kanidm-1.2.0~git0.9efa91a-bp155.20.1 kanidm-clients-1.2.0~git0.9efa91a-bp155.20.1 kanidm-docs-1.2.0~git0.9efa91a-bp155.20.1 kanidm-server-1.2.0~git0.9efa91a-bp155.20.1 kanidm-unixd-clients-1.2.0~git0.9efa91a-bp155.20.1 References: