Releases: CESNET/perun
v31.0.0
31.0.0 (2023-11-07)
⚠ BREAKING CHANGES
- core: the
ssh-keygentool has to be available on instance machines - core: edit new config property perun.mailchange.replyTo and existing perun.mailchange.backupFrom to customize the respective fields of sent emails (from core API).
replyTo(andreplyToName) can be defined inperun-registrar-lib.propertiesto achieve the same for registrar - core: Method blockServicesOnDestinations does not throw
ServiceAlreadyBannedException anymore.
Features
- core: allow customization of replyTo field of emails (1f20e82)
- core: bulk-up public ssh key validation (64aaa86)
- core: filter by role (84e0ccd)
- engine: pass service name to send/gen script when using generic scripts (7c74749)
Bug Fixes
- 🐛 Fix BBMRIResources registration module possible NullPExc (bfb3e6a)
- 🐛 Use getAllSubgGroups in BBMRIResources reg.module (3fdcffc)
- core: group admin/membership manager should not have rights for verifying users' mail address (53dbe02)
- core: ignore already blocked destination (ad1774d)
- correct attribute references in enabledO365MailForward (c52f15c), closes ST-1168
- deps: update dependency com.google.apis:google-api-services-admin-directory to directory_v1-rev20231005-2.0.0 (bb691b0)
- deps: update dependency commons-cli:commons-cli to v1.6.0 (11c038b)
- deps: update dependency io.swagger:swagger-annotations to v1.6.12 (605aa63)
- deps: update dependency org.json:json to v20231013 [security] (c207e8b)
- deps: update dependency org.springframework.boot:spring-boot-starter-parent to v2.7.17 (6d6b4e5)
- gui: typo in candidate title after param (ae6f8a7)
- registrar: log error on submitted embedded aplications (6587daf)
- registrar: pass registrar session when submitting embedded applications (ce6bb52)
- registrar: transaction for approving multiple applications (369fcd3)
v30.1.1
v30.1.0
30.1.0 (2023-10-10)
Features
- core: add getAssociatedResources to RPC and openapi (0c07203)
- core: mfa categories use namespace as key (6096bf6)
- core: new scopedLogin_mu virtual attribute (08e8eb6)
Bug Fixes
- core: add right for GROUPMEMBERSHIPMANAGER to invite members (2c83cab)
- core: initialize missing unixGID-namespace facility attribute (237371e)
- core: user:virt:voPersonExternalAffiliation forces to lowercase (3facb22)
- deps: update dependency net.jodah:expiringmap to v0.5.11 (f6ca050)
- deps: update dependency org.springframework.boot:spring-boot-starter-parent to v2.7.16 (cfc7adc)
- deps: update dependency org.xhtmlrenderer:flying-saucer-pdf to v9.3.1 (3c40522)
v30.0.0
30.0.0 (2023-09-27)
⚠ BREAKING CHANGES
- 🧨 ApplicationForm bean property
moduleClassNamereplaced with
moduleClassNames. Type has changed from String to List. Includes
database version update and columnmodule_nameofapplication_formtable
being renamed tomodule_names. - requires database update. UI version have to work with
updated model of ApplicationForm (moduleClassNamereplaced with
fieldmoduleClassNames). - core: the groupMembershipExpiration attribute needs to have a new READ policy collection created with the SELF - USER policy
- Changed behaviour might cause sending notifications to
managers or configured TO recipients in parent group rather than to VO.
Features
- 🎸 Allow multiple reg. modules to be configured (b807877)
- 🎸 Cascade to parent gr. when deciding gr. TO recipients (8adea84)
- cli: added getRichMember method to the perl client API (1c53692)
- core: allow members to read their group expiration (811b217)
- core: allow resource managers to read subgroup managers (ba1bb15)
- core: new ExtSource type for IT4I (28d6f87)
- core: sort users by IDs when synchronizing LDAP (cf542ed)
- core: support authoritative groups in group structure synchronization (9bc9d14)
Bug Fixes
- core: properly resolve members removal from authoritative groups (26de9ab)
- deps: update dependency com.google.apis:google-api-services-admin-directory to directory_v1-rev20230822-2.0.0 (f3bee32)
- deps: update dependency org.xhtmlrenderer:flying-saucer-pdf to v9.2.2 (f20ec3d)
- fixed definition of logback in perun-auditlogger (0f0ea39)
- minimize default logging for perun-auditlogger (f46ba67)
v29.1.0
v29.0.0
29.0.0 (2023-09-04)
⚠ BREAKING CHANGES
-
Auditlogger no longer writes audit messages to the syslog. All configuration
related to usage of syslog is ignored and can be removed from /etc/perun/perun-auditlogger
and /etc/perun/perun-auditlogger.properties. Make sure journald is present and configured
on the machine before deploying. -
core: added new role 'PERUNADMINBA'
-
🎸 Filter our embedded groups where user is member (1968093)
-
🎸 RPC groupsManager/getGroupsWhereUserIsActiveMember (baf35f7)
-
core: added new role (9c55b3a)
-
core: allow perun observer to call getAllNamespaces method (a75e080)
-
core: attribute module for microsoft mails (26b530d)
-
core: check open applications (fe13f87)
-
core: enforce mfa modul - correctly retrieve mfa categories (dafdc82)
-
core: free logins when deleting login namespace attribute (1d5f537)
-
core: restrict deletion of the attribute definition (b562024)
-
core: richgroup is not supported (3089fba)
-
deps: update dependency com.google.apis:google-api-services-admin-directory to directory_v1-rev20230814-2.0.0 (980708a)
-
registrar: disable member invitation for incorrect setup (c482ddc)
-
use journald instead of syslog in perun-auditlogger (fdd9e54)
v28.0.2
v28.0.1
v28.0.0
28.0.0 (2023-08-10)
⚠ BREAKING CHANGES
-
authz table was updated
ALTER TABLE authz ADD COLUMN created_at timestamp default statement_timestamp() not null;
ALTER TABLE authz ADD column created_by varchar default user not null;
UPDATE configurations set value='3.2.16' WHERE property='DATABASE VERSION'; -
core: column 'global' was added to the attribute_critical_actions table
Database changelog:
ALTER TABLE attribute_critical_actions ADD COLUMN global boolean default false not null;
UPDATE configurations SET value='3.2.17' WHERE property='DATABASE VERSION'; -
core: Added created_at and created_by columns to authz table.
-
core: New property 'appAllowedRoles' added to the CoreConfig. In perun.properties define 'perun.appAllowedRoles.apps' as a list of names of apps where role limitation is necessary.
For each app name, define regex which maps to the Referer header of the request coming from the given app and a list of allowed roles. For example:
perun.appAllowedRoles.apps=registrar
perun.appAllowedRoles.registrar.reg=^./registrar/.$
perun.appAllowedRoles.registrar.roles=SELF,MFA -
core: Make sure following registration modules are not used on your instance - Ceitec, EduGain, Elixircz, Sitola and WeNMR.
-
fixup! feat(core): extend authz table with audit attributes (a85de71)
-
core: removed unused registration modules (32bbba5)
New features and notable changes
- 🎸 BBMRIResources reg. module (8cee9f6)
- 🎸 new RPC method membersManager/sendUsernameReminder (60eccd0)
- core: allow to set attribute action as globally critical (da3d1eb)
- core: attribute modul for mfaEnforceSettings (6de84b7)
- core: extend authz table with audit attributes (1608da5)
- core: filter getMembersPage (9d52d58)
- core: last successful propagation (56d6722)
- core: remove not allowed roles (c3654b6)
- core: skip MFA for internal components (259e284)
- enable facility search for SP reg role (9274d3c)
v27.1.0
27.1.0 (2023-07-20)
⚠ BREAKING CHANGES
-
core: new configuration property 'mail.smtp.from'
-
core: Remove all user identities for "https://idp-cert.e-infra.cz/idp/" IdP (ExtSource).
-
core: do not create certificate IdP identity for e-INFRA CZ (9f9fcb8)