SUSE Package Hub - openSUSE-2025-61

Update Info

openSUSE-2025-61

Recommended update for kanidm

Type: recommended
Severity: moderate
Issued: 2025-02-15
Description:
This update for kanidm fixes the following issues:

- Update to version 1.5.0~git1.0fa57fc:
  * Update makefile for docker
  * Release 1.5.0
  * 20250209 pre release (#3409)
  * 20250206 freebsd ports (#3404)
  * Resolve kanidm-unix auth-test bug (#3405)
  * chore: Remove empty scopemaps (#3170)
  * Feat: Allowing spn query with non-spn structured data in LDAP (#3400)
  * SSH Keys in Credentials Update (#3027)
  * 20250205 3369 firefox pin (#3403)
  * Correctly return that uuid2spn changed on domain rename (#3402)
  * Fix the password reset form and possible resolver issue (#3398)
  * Add handle_group_error to cli client (#3399)
  * Improve spans in unixd (#3397)
  * Allow OAuth2 with empty state parameter (#3396)
  * #3387 - RADIUS Startup fixin's (#3388)
  * Allow POST on oauth userinfo (#3395)
  * OpenBSD support (#3381)
  * Bump openssl from 0.10.69 to 0.10.70 in the cargo group (#3391)
  * Add /.well-known/change-password endpoint (#3382)
  * Bump the all group across 1 directory with 7 updates (#3385)
  * extend oauth2 examples with gitea (#3351)
  * Bump the all group with 22 updates (#3376)
  * Book: Added small section on primary cred fallback (#3365)
  * Added shell.nix to create dev environment (#3362)
  * fix(ci): Add setup-oras step to include ORAS CLI for container builds on ubuntu-24.04. (#3368)
  * 20250114 3325 SCIM access control (#3359)
  * Small UI updates. (#3361)
  * Bump the all group in /pykanidm with 2 updates (#3366)
  * Repair systemd reload notifications (#3355)
  * fix: unrecoverable error page doesn't include logo or domain name (#3352)
  * Bump jinja2 from 3.1.4 to 3.1.5 in /pykanidm in the pip group (#3358)
  * Bump the all group in /pykanidm with 4 updates (#3356)
  * 20250110 eo fixes (#3353)
  * fix(server/config): reduce string allocations (#3350)
  * Add ssh_publickeys as a claim for oauth2 (#3346)
  * Allow modification of password minimum length (#3345)
  * Add OAuth2 `response_mode=fragment` (#3335)
  * Resolve passkey regression (#3343)
  * Renaming "TOTP" in the login flow (#3338)
  * Bump the all group in /pykanidm with 3 updates (#3339)
  * Bump actions/checkout from 2 to 4 in the all group (#3341)
  * Add support for prefers-color-scheme using Bootstrap classes. (#3327)
  * Fix /var/run/kanidm-unixd permission (#3342)
  * Javascript linting (#3329)
  * Ignore anonymous in oauth2 read allow access (#3336)
  * cookies don't clear unless you set domain (#3332)
  * 20250102 freebsd client (#3333)
  * fix: PAM on Debian, enable use_first_pass by default (#3326)
  * Bump the all group with 6 updates (#3324)
  * Bump the all group in /pykanidm with 2 updates (#3323)
  * Bump the all group with 3 updates (#3317)
  * Bump the all group in /pykanidm with 7 updates (#3316)
  * nss/pam resolver should reauth faster (#3309)
  * Update to latest webauthn-rs/time (#3315)
  * kanidm-unixd example config enfixening (#3314)
  * Further SCIM sync testing, minor fixes (#3305)
  * book: explain how to use fido-mds-tool (#3231)
  * client: read attestation CA list JSON from file (#3232)
  * Automatically trigger passkeys on login view (#3307)
  * Re-add enrol another device flow
  * Improved Cookie Removal
  * Allow opt-in of easter eggs (#3308)
  * Allow reseting account policy values to defaults (#3306)
  * Incorrect member name in groups (#3302)
  * SCIM Sync Missing Annotation (#3300)
  * Ignore system users for UPG synthesiseation (#3297)
  * Limit OAuth2 resumption to session (#3296)
  * Use specific errors for intent token revoked (#3291)
  * Autocomplete password during reauth with TOTP (#3290)
  * Bump the all group with 6 updates (#3294)
  * Bump mozilla-actions/sccache-action from 0.0.6 to 0.0.7 in the all group (#3295)
  * Bump the all group in /pykanidm with 2 updates (#3293)
  * remove unused webauthn features. (#3286)
  * Add CORS headers to jwks and userinfo (#3283)
  * Cleanup webauthn features (#3285)
  * Minor tweaks to cred reset ui (#3284)
  * Bump the all group across 1 directory with 6 updates (#3280)
  * Allow group managers to modify entry-managed-by (#3272)
  * pykanidm: Make a little dry. (#3281)
  * Bump the all group with 5 updates (#3278)
  * pykanidm: Add retrieving credential reset token for a person. (#3279)
  * Cleanup of println and other outputs (#3266)
  * Canonicalize path for user shell check (#3265)
  * Check DNS on replication loop start not at task start (#3243)
  * Work around systemd race condition (#3262)
  * fix(docstrings): minor lack of formatting breaking things (#3260)
  * Devcontainertainertainer (#3251)
  * grafana: update example to work with strict redirect uri checking (#3259)
  * Bump the all group in /pykanidm with 5 updates (#3257)
  * Bump the all group with 6 updates (#3258)
  * 20240927 SCIM put (#3151)
  * Clear invalid tokens from unix resolver (#3256)
  * Clippy Lints (#3255)
  * Allow OAuth2 loopback redirects if the path matches (#3252)
  * Correctly display domain name on login (#3254)
  * Display account_id during success/deny paths in unixd (#3253)
  * s/idm_people_self_write_mail/idm_people_self_mail_write/g (#3250)
  * handle missing map_group setting in config (#3242)
  * owncloud: Add SameSite=Lax config for cross-domain auth (#3245)
  * Bump the all group across 1 directory with 7 updates (#3238)
  * Yaleman/issue3229 (#3239)
  * Bump the all group across 1 directory with 12 updates (#3235)
  * Update to latest fido-mds-tool (#3230)
  * Warn when v2 options are used in v1 unixd config (#3228)
  * Bump aiohttp from 3.10.10 to 3.10.11 in /pykanidm in the pip group (#3223)
  * Resolve UI Auth Loop with OAuth2 (#3226)
  * Harden transport in pam unixd (#3227)
  * Improve warning around invalid JWT deserialisation (#3224)
  * Update and fix server config files in examples. (#3225)
  * Change CLI oauth2 command from set-display-name to set-displayname for consistency. (#3212)
  * Add docs on customising Kanidm. (#3209)
  * Correct spelling of occurred (#3222)
  * Bump the all group across 1 directory with 13 updates (#3202)
  * UI/Feature polish (#3191)
  * Prevent Invalid MFA Reg States (#3194)
  * Change CSS for applications so SVG scales nicely in Firefox. (#3200)
  * 20241109 3185 max age (#3196)
  * Hoist max_age to prevent incorrect deserialisation (#3190)
  * Use correct oauth2 manage acp (#3186)
  * Re-migrate all acps to force updating (#3184)
  * Bump the all group across 1 directory with 2 updates (#3180)
  * security - low - fault in migrations (#3182)
  * fix(kanidmd): Print replication cert to stdout (#3179)
  * Correct missing CSP header (#3177)
  * Resolve pam services not always having a tty (#3176)
  * Resolve incorrect handling of rhost in pam (#3171)
  * chore: Made oauth2 scopes required in CLI (#3165)
  * More "choosing a domain" revision (#3161)
  * Bump jsonschema from 0.21.0 to 0.26.0 in the all group (#3157)
  * Update missing inputmode numeric when adding a new TOTP. (#3160)
  * Improve OAuth2 authorisation ux (#3158)
  * Fix attribute scim sync attribute naming (#3159)
  * Change to text input and use numeric mode for TOTP prompts. (#3154)
  * Bump the all group in /pykanidm with 3 updates (#3156)
  * Fix release note date and typos (#3153)
  * Begin 1.5.0 Development Cycle (#3150)

- Update to version 1.4.6~git1.3f47d7f:
  * fix: PAM on Debian, enable use_first_pass by default (#3326)
References

No references
Packages

kanidm-1.5.0~git1.0fa57fc-bp156.24.1