Releases: privacyidea/privacyidea
Releases · privacyidea/privacyidea
v3.13.1dev1
Merge pull request #5290 from privacyidea/changelog-3-13-1 update changelog for 3.13.1
v3.13.1dev0
Merge pull request #5301 from privacyidea/5300/push_challenge_text Add push_challenge_text policy
v3.13
Version 3.13
Features:
- The new WebUI 2.0 is now in beta, containing all admin functionality. But please be aware that layouts are not final and bugs may still occur.
If you have any feedback, please share it with us! The old WebUI is still the default for this version.
Enhancements:
- Token in the token table can be filtered by realm and by user. Search for a user is only possible with exact matches and requires to press enter. (#5032)
- Added --keep-db-uri flag to pi-manage backup restore, so that the database URI will not be overwritten with the value from the backup (#5033)
- Registration of passkeys during authentication can now directly enable offline usage with the
enroll_via_multichallenge_passkey_offline policy (#4259) - Alternative Mode for Push Token: push_mode_code_to_phone. After confirming on their phone, the user is shown a
number in the app, which they have to enter in the client/login to complete the authentication (#4907) - HTTP Resolvers (including Keycloak and EntraID) can now handle group memberships mapped to an attribute, similar to the LDAP Resolver (#4880)
- The unlock mechanism for the smartphone app can now be set explicitly by policy to PIN or biometrics (#4719)
- Emails can optionally be signed with S/MIME (#4288)
- The passkey login button for the WebUI login can now be disabled (#4949)
- Improved the search options for LDAP resolvers to allow more optimized queries with the API (#4874)
- Added tags that can be used in configurable messages of SMS and Email token:
phone_redactedand
email_redacted(#4766) - Allow to use attributes of the user as destination for Emails (#3963)
- Added functions for token containers to the token janitor (#4033)
- Updated SQLAlchemy from 1.4 to 2.0 (#3598)
- Hardening: Optionally, a strict Content Security Policy and HTTPS enforcement can be enabled in
pi.cfgby adding
PI_ENABLE_CSP=TrueandPI_FORCE_HTTPS=True(#4802) - Hardening: Optionally, the message returned by the server in case of failures can be made unspecific. This is done
via policy. Be aware that this alters the response for the corresponding endpoint! (#4739, #4684, #4622)
Fixes
- Corrected the Content-Types for the WebHook Event Handler (#4977)
- 'enrollpin' right is enforced more rigorously. If the user does not have the right but tries to set a PIN during
enrollment, the enrollment will be denied, instead of silently removing the PIN. - Fixed a bug that would cause errors when writing challenges to Oracle databases (#4969)
- Keycloak Resolver will now properly use wildcards (*) (#5057)
- Fixed a bug with search_on_enter (webui policy) (#4967)
- Fixed a bug where passkey_trigger_by_pin in combination with multiple passkeys for the user, would cause failed
authentications (#4951) - Fixed a bug with the passwd resolver where trying to access the token details would cause an error (#4887)
- Fixed the interaction of two_step_enrollment and verify_enrollment that would previously cause problems (#3170)
- Fixed TLS configuration for machine resolver (#4964)
- Verify token enrollment now throws an error for a failed verification (#5056)
- Fixed displaying of checkbox to use userstore password for container registration (#5114)
- Fixed updating of phone and email settings in the token info during SMS and email token rollover (#5073)
- Catch FileNotFoundError for saving firebase sms gateway with invalid config file (#5119)
v3.13dev3
Merge pull request #5087 from weblate/weblate-privacyidea-privacyidea…
v3.13dev2
Policy improvements (#5132) * focus filter input when adding filter key * Remove unused files * Use material inputs as everywhere else and remove background box * Only set focus after view init * Fix input field height to be not truncated * selector row full width --------- Co-authored-by: frankmer <frank.merkel@netknights.it>
v3.13dev1
Merge pull request #5034 from privacyidea/5032/filter-token-by-user filter tokens by user
v3.13dev0
Merge pull request #4942 from privacyidea/4880/http-resolver-improvem…
v3.12.2
Version 3.12.2
Enhancements:
- The WebUI Preview is updated to the current development version.
Notably with the new main menu, user details, realms, token and container wizard, and policy feature,
which is not complete yet. - Introduced authentication policy action 'set_realm' to set / overwrite the realm parameter for authentication
requests (#4813)
Fixes:
- Sanitize 'page' and 'page_size' parameter for querying the Audit-Log (#4758)
- Pre-select the first realm when using realm_dropdown for the WebUI login (#4786)
- Sanitize inputs and parameters for user search in the frontend and backend if they contain multiple asterisks,
which would cause an error (#4778) - The disabled_token_types policy now works correctly for FIDO2 token (#4800)
- Apply all user conditions (username, realm, resolver) to the change pin policies (#4744)
- Allow to specify a deviating base dn for LDAP group searches (#4829)
- Fixed interaction of force_server_generate and 2step_enrollment policies (#4826)
- Enrolling a token with only realm assignment now correctly displays the QR Code (#4861)
v3.12.2dev2
Merge pull request #4863 from privacyidea/changelog update changelog