SUSE Package Hub - openSUSE-2025-441

Update Info

openSUSE-2025-441

Recommended update for kanidm

Type: recommended
Severity: moderate
Issued: 2025-11-27
Description:
This update for kanidm fixes the following issues:

- Update to version 1.8.0~git0.42d0e864c:
  * Release 1.8.0
  * 20251108 lld (#3944)
  * Improve uid/gid overlap message during IAM migration (#3943)
  * Release 1.8.0-pre
  * Release Prep (#3938)
  * 20251029 hmac name uniqueness (#3931)
  * sssshhhhh quiet there. (#3906)
  * Add support for proxyv1 (#3935)
  * 20251031 nss sync conn persist (#3921)
  * Improve offline authentication (#3934)
  * 20251005 multiple accept (#3933)
  * Add CSS to support forced-colors on the toggle switch (#3932)
  * Prevent replication certificate renewal deadlock
  * fix: ensure CLI exits with non-zero code on HTTP client errors (#3929)
  * Bump the all group with 5 updates (#3927)
  * 20251015 OIDC auth source (#3905)
  * Bump the all group with 2 updates (#3913)
  * Bump the all group with 2 updates (#3914)
  * Prevent users saving their credentials if there are none (#3805)
  * Fix passkey typos (#3907)
  * fix: Replace letter "d" by sink (#3909)
  * Bump the all group with 33 updates (#3898)
  * Fix: set OAuth2 JTI to session ID  (#3901)
  * Open app links in new tabs (#3899)
  * 20251009 account/group schema changes (#3880)
  * [fix] Mail attribute on service accounts not accessible (#3893)
  * Correct RADIUS API token generation examples (#3890)
  * Foundations of message sending (#3878)
  * 20251010 drop eckeys (#3882)
  * Remove systemd notify-reload. (#3885)
  * Bump the all group with 3 updates (#3884)
  * 20250801 reference entries (#3863)
  * 20251009 3829 OIDC groups (#3879)
  * Bump the all group with 5 updates (#3876)
  * 20251003 im silly (#3874)
  * When no upgrade checks are performed, issue a status: PASS (#3873)
  * Example of ipv4 to ipv6 addr mapping. (#3871)
  * 20250919 csp again (#3856)
  * client_secret_post auth for oauth2 endpoints (#3833)
  * Fix some CLI things (#3870)
  * Bump the all group with 6 updates (#3869)
  * Use connection address for Proxy::Local Requests (#3868)
  * Dont prevalidate UAT on oauth2 routes (#3865)
  * Backup Compression (#3821)
  * fix: always throw error when pam_allowed_login_groups is empty in Kanidm unixd (#3840)
  * update oauth2 outline config example (#3826)
  * Syntax errors in openapi.json (#3859)
  * fix: stop duplicating logs in otel mode (#3704)
  * Update fedora docs, start to add authselect profile (#3806)
  * Document oauth2 shortnames in book (#3857)
  * Bump the all group with 9 updates (#3861)
  * fix: Revert adding fetching ui hints to the reset-credentials flow. (#3831)
  * 20250912 unixd performance (#3846)
  * Fix readme file for better readability (#3775)
  * Updates for rust 1.90 (#3855)
  * Add password check api (#3847)
  * Bump the all group with 3 updates (#3853)
  * Add form-action localhost to csp (#3849)
  * Bump the all group across 1 directory with 8 updates (#3845)
  * Bump actions/setup-python from 5 to 6 in the all group (#3842)
  * docs: Don't enable unixd Kanidm provider in safe default config (#3839)
  * Add yescrypt support (#3844)
  * fix: spelling (#3841)
  * Bump the all group with 2 updates (#3836)
  * Bump tracing-subscriber from 0.3.19 to 0.3.20 in the cargo group (#3832)
  * CLI gardening (#3819)
  * Bump the all group with 7 updates (#3823)
  * Bump actions/upload-pages-artifact from 3 to 4 in the all group (#3824)
  * Prevent memory exhaustion on freebsd builds (#3818)
  * Make it clearer why acceptor isnt available (#3812)
  * Minor: reduce logging verbosity during debug (#3810)
  * Handle IP addresses in replication SAN field (#3811)
  * Update to use the codec properly (#3807)
  * Show the admin page in the navbar when the user has experiment ui hint. (#3793)
  * Bump actions/checkout from 4 to 5 in the all group (#3803)
  * Bump the all group with 5 updates (#3804)
  * Update whatwg email validation regex (#3797)
  * Fix account recover-disable edge case (#3796)
  * Dynamic version for centos/fedora repository (#3794)
  * Resolve replication show-cert issue (#3792)
  * Add json codec wrapper for unix integration (#3789)
  * Break-glass account disable command (#3780)
  * Bump the all group across 1 directory with 11 updates (#3790)
  * Bump slab from 0.4.10 to 0.4.11 in the cargo group (#3788)
  * [webui] add members to group (#3786)
  * Bump actions/download-artifact from 4 to 5 in the all group (#3785)
  * Make it clearer why the user can't login with unixd (#3778)
  * fix: bump HSTS age to 2 years + 1 second (#3779)
  * updating packages (#3774)
  * Improve argon2id parameter search speed (#3768)
  * Improve error messages during server startup to identify failing cert… (#3771)
  * Update docs re PA and google (#3772)
  * Forget username if user no longer wants to be remembered (#3770)
  * 20250802 handle sec1 keys (#3769)
  * Trying to clean up order of operations in kanidm_unixd_tasks (#3762)
  * Bump the all group with 7 updates (#3764)
  * Provide correct access for RADIUS service accounts (#3759)
  * Fix a couple of commands in the OAuth2 Proxy examples (#3758)
  * Design doc for email messaging (#3729)
  * 20250725 unixd access token (#3751)
  * 20250729 dev version (#3757)
References

No references
Packages

kanidm-1.8.0~git0.42d0e864c-bp157.2.18.1