Back to releases

Highlights

Main changes since 2.1.0:

  • Persona is retired
  • Python 2 is no longer supported
  • Theming capabilities
  • Update the crypto algorithms
  • Use a separate field for OTP
  • Fixes for IPA integration
  • Use python-pam for the PAM login module
  • Support Out of Band authentication
  • Lots of bugfixes

Detailed Changelog

  • Don't use the deprecated distutils module
  • Generate the man pages by replacing the version
  • Don't use the deprecated imp module
  • Testing: Replace F33 with F35
  • Make the OOB code in the page a bit smaller
  • Add the recent ui changes to the themes
  • Add support for Out Of Band authentication
  • Fix missing SAML2 provider key with AuthnRequest
  • Support PAM logins with email addresses
  • Modernize the PAM login module
  • Use an OTP field on the fas auth module as well
  • Also request the username from SSSd
  • Use a separate field for OTP in Fedora
  • Fix quickrun
  • Disable a test that I don't know how to fix
  • Fix pylint test & findings
  • pep8 is dead, use flake8
  • Query string elements may be in any order
  • There's a new mellon variable
  • The session TTL has to be an integer
  • An empty array is serialized as an empty string
  • Better detection of postgresql's main process ID
  • We still use etcd's v2 API
  • Update the docker CLI calls
  • Update the crypto algorithms
  • Drop support for very end-of-line distros
  • themes/Fedora: Fix spelling inconsistency in login form
  • Fix up some links in the footer
  • Add fedora accounts favicon
  • Update Fedora accounts logo to the new Fedora logo
  • Update fedora theme
  • providers/openidc: Do not stringify empty array for 'amr' when setting up auth response
  • Fix response_types in the OpenID Discovery document
  • Move Ipsilon libexec content to a subdirectory
  • Fix web-access to font files
  • providers/openidp: Ensure returned client display name is a string
  • providers/openid: Ensure base64 encoded trust root is used as a string
  • Update doc/design.txt
  • providers/openid: secret should be stored as a string
  • ipsilon-client-install: Write the OIDC crypto_passphrase as string
  • info/infosssd: Work around breakage in dbus-python on Python 3.8+
  • util/log: Convert properly between str and bytearray
  • ipsilon-server-install: Use input() from six for Python 3 compatibility
  • setuptools: Install themes
  • Add theming capabilities
  • login/authldap: ignore strong auth required when testing connection
  • Rename utils.http to httputils to avoid import conflicts
  • Run py3 unittests
  • Split lp-test from test and allow py3-pep8
  • Assume deps are correct for container tests
  • Re-add make
  • Downgrade to older mod_auth_openidc for f29 tests
  • Ignore_cp_config
  • Make tests default to verbosity 0
  • Make core code and test suite Python3 compatible
  • fconf: store the timestamp of loaded configuration
  • Make sure that REST pages encode utf-8
  • Add --python-3 flag for test controller
  • getargvaluese is not actually deprecated, docs are just wrong
  • Use logging.warning instead of logging.warn
  • Use pylint-3 for lint
  • Add python3 dependencies on Fedora
  • Add python-six
  • Mark Persona as Retired
  • Allow marking plugins as retired
  • Allow SHA1 for image names for now: they're admin-provided
  • Skip false SQL injection positive
  • Store sessions as json
  • Setup dbupgrade template_env up like normal
  • Skip security analysis in unit test
  • Add static security analysis tool
  • Fix style issues from PR#303
  • Fix race condition in OpenIDConnect api
  • Fix a few lint issues with IPA helper
  • Bump the container for tests to f28/f29
  • Remove duplicate BuildArch entry
  • Replace ipalib with ipa command line
  • Use Fedora 27's pylint in containerlint
  • Tell pylint that we can actually assign in a dict
  • Tell pylint that getgrouplist is callable if it exists
  • Tell pylint that op is actually callable
  • Rename storeAssociation argument to match parent
  • Make add_constraint argument names consistent
  • Make infosssd save_plugin_config match parent
  • Make PluginObject init match all its child inits
  • Remove useless super delegations
  • Add a cico template