Release v3.10.1

Release 3.10.1

- Fixed searching for users/members by name
  when search string contains spaces.
- Fixed regex for ExtSourceINET allowed group names.
- Removed attribute module for member:virt:loa, it
  is replaced by user:virt:loa where necessary.
- Fixed rescheduling tasks in WAITING state.

Release v3.9.10

Release 3.9.10

- Fixed searching for users/members by name
  when search string contains spaces.
- Fixed searching for users/members by exact match.
- Fixed regex for ExtSourceINET allowed group names.
- Removed attribute module for member:virt:loa, it
  is replaced by user:virt:loa where necessary.
- Fixed rescheduling tasks in WAITING state.

Release v3.11.0

Release 3.11.0

- Searching for users and members now correctly handle
  spaces in search string and also handles name stored
  in different order: firstName/lastName vs. lastName/firstName.
- Member sponsorship can now expire on exact day, we can
  send notifications for incoming expiration.
- Member can expire or stay valid when losing the last sponsorship
  based on VO configuration.
- Membership sponsoring ends with losing the last sponsor,
  member is switched to standard member with expiration.
- Fixed deletion of sponsored members.
- Support configurable roles management - eg. we can specify,
  which role can manage other roles.
- Added new default roles GROUPOBSERVER, RESOURCEOBSERVER and
  FACILITYOBSERVER.
- Fixed user matching on registration for VŠUP external workers.
- Propagation Tasks stuck in WAITING state are now also handled
  and resheduled on source data changes or force propagation.
- Fixed duplicities in membersManager/getSponsoredMembers().
- Fixed null pointer in membersManager/getSponsoredMembersAndTheirSponsors().
- Fixed exception messages for PrivilegeException.
- Added utils scripts for finding group inconsistencies
  and assigning service to the resource with another specified
  service.
- Updated RPC docs parsing tool.

Release v3.10.0

Release 3.10.0

- This release contains DB changes!
- This release requires PostgreSQL >= 9.5

- The biggest change is configurable API methods
  and roles authorization. Change was done 1:1 with
  the old authorization, but there might be bugs!
  Configuration can be modified on each instance
  in /etc/perun/perun-roles.yml.
- We have removed generally unused member status SUSPENDED.
  It is replaced by VO wide bans, similar to Resource/Facility
  bans. This logic is available only in API.
  Related "suspended" and "suspendedTo" params were removed
  from the (Rich)Member object.
- For future use we added UUID to the Group/Resource/User
  objects and their rich versions.
- We are going to replace sponsored users with normal users with
  sponsored VO memberships. For now its no longer possible
  create new sponsored users from the GUI.
- Added new methods to create and work with sponsored members.
- Group synchronization no longer runs in a single transaction,
  but rather each group member is processed in own transaction.
- Removed deprecated API for:
  - attributesManager/checkAttributeValue
  - attributesManager/checkAttributesValue
  - generalServiceManager -> servicesManager
  - propagationStatsReader -> tasksManager
  - membersManager/createSponsoredAccount
  - membersManager/setStatus (with message)
- Added EnrichedResource object and some methods in ResourcesManager
  as an example of new version of Rich objects. We use composition
  instead of extension of Resource object.
- AuditMessages no longer contains message pre-formatted for GUI
  as we will remove former method of message (de)serialization
  in the future.
- Attribute member:virt:isSuspeneded looks for VO bans instead of
  member status.
- Many API methods were extended to work also with object names
  instead of only their IDs (if they are unique too).
- LDAPc can now resolve changes of virtual attributes on its
  own and we do not slow down transaction commit in core perun.
- Do not allow UCO like mails in attribute module for
  group/group_resource:def:o365EmailAddresses_o365mu attributes.
- Removed subgroups of assigned groups on resource for which we
  generate provisioning data.

Release v3.9.9

Release 3.9.9

- This version contains DB and configuration changes.
- This version contains LDAP schema changes.

- Better heuristic to determine displayName on registration form.
- Configurable lifescience-persistent-shadow attribtue.
- Added new API to generate data for service provisioning.
- Searching users/members can be configured to search in any
  user, member or userExtSource attribute.
- Support new WARNING state in service provisioning. Its like DONE,
  but with non-empty output in STDERR.
- Unique attributes can be converted to non-unique.
- Removed subgroups of assigned groups from the data structure
  returned by getDataWithGroups() used for service provisioning.
- Store all attribute values in single column.
- Fixed members SQL mapper, should increase performance.
- Do not return duplicate candidates, which matches to the same user.
- Added userIdentities LDAP attribute, for now equals to eduPersonPrincipalNames.
- Added schacPersonalUniqueCode LDAP attribute.
- Updated Spring and Spring Boot.

Release v3.9.8

Release 3.9.8

- Fixed approval of extension applications.
- Optimize memory usage during services provisioning.
- Fixed too slow processing of members in the tree of groups.
  It also prevents possible race conditions and inconsistencies.
- Don't remove non-required User-Facility attributes
  when member is deleted.
- Assign all groups at once to resource when synchronizing
  group structures.
- Use SameSite=Strict session cookies.
- Each service destination can be blocked/allowed from the GUI
  and facility manager can see their state.
- Speed up members filtering for all get/find members methods.
- Store/show also start timestamp of the group synchronization.
- Automatically create releases on GitHub when tag is pushed.

Release v3.10.SNAPSHOT1

test of CI

Release 3.9.7

Changes

• Moved AD/o365 attributes for MU from group_resource
  to group namespace.
• Added getAllRichSubGroupsWithAttributesByNames() to CLI.
• Added methods for working with ApplicationFormItem to CLI.
• Removed unused logic for setting facility attributes
  to resource in LDAP.
• Reworked logic of BBMRI registration module.
• Support TaskResult deletion from GUI.
• Fixed links in registrar notification not working
  on federative authz.
• Lightweight synchronization no longer adds new VO members,
  it just work with current VO members and another synchronization
  must take place in order to handle all VO members.
• Allow getHosts() for perun engine.
• Respect authentication prefix in email address validation links.
• Fixed additionalInformation resolving during non-authz registration.

Release 3.9.6

• This version contains DB changes!

Changes

• Allow to set secondary group name regex.
• Added EnrichedHosts (Host with its attributes).
• New module for erasmus persistent shadow.
• Keep last_access timestamp when moving UES.
• Support additional identifiers in registration
  process for eduteams.
• Added getAdmins for resource manager.
• Added missing logic for re-schedule interval
  in service provisioning.
• Converted all char(1) columns to boolean.
  including member.status column.
• Removed all unused status columns.
• Use GWT 2.9.0 to build perun GUI.
• New method in API to submit application.
• Optimized search for members/users, should be quicker.
• Validate sponsored membersh after adding sponsorships.
• New methods to work with entityless attributes
  and their usage in GUI to prevent data/key mismatch.
• Separate logs for group synchronizations.
• Case insensitive check for duplicates in tcsMails:mu.
• Travis CI replaced with GitHub CI.
• Removed never used attribute cache.
• Simplified code to read attribute value.
• Fixed checks in login-namespace:vsup.

Release 3.9.5

• This version contains DB chages!
• Oracle DB is no longer supported!

Changes

• Reworked group structure synchronization.
• Removed support for multiple engines.
• Optimized groups assigning to the resource.
• Fixed unixGID check when assigning group to resource.
• Module to support UID ranges (same as GID ranges,
  not yet used).
• Support authorization of SELF role for resource attributes.
• Random password generation is now implemeneted
  within PasswordManagerModule. Added specific
  implementation for VŠUP.
• Support custom URL in mail validation.
• Do not double "name" property in JSON in auditer log.