SUSE Package Hub - openSUSE-2026-76

Update Info

openSUSE-2026-76

Recommended update for kanidm

Type: recommended
Severity: moderate
Issued: 2026-03-08
Description:
This update for kanidm fixes the following issues:

- Update to version 1.9.1~git0.36055feca:
  * Release 1.9.1
  * 20260220 prevent migration accidents (#4156)
  * Alert on unsaved changes (#4155)
  * Warn about systemd-userdb (#4147)
  * Dont be as upset when migration dir doesnt exist (#4146)

- Update to version 1.9.0~git0.2df2bfc4a:
  * Release 1.9.0
  * Allow LDAP CA verification to be disabled in sync (#4133)
  * Add oauth2 example, fix inter-migration reference handling (#4136)
  * Corrected recycle_bin.md typo (#4135)
  * Set docker tag properly
  * Release "1.9.0-pre"-pre
  * chore: Release Notes (#4129)
  * Update to use hjson (#4128)
  * Python OpenAPI-based internals (#4119)
  * Allow reseting (aka clearing) softlocks (#4111)
  * 20260122 SCIM batch (#4088)
  * Improve upgrade/downgrade testing and checks (#4125)
  * Adding scripts for testing nginx and proxyv1 ldap, updating haproxy-protocol (#4087)
  * Allow extra characters in claim names (#4110)
  * Add ability to backup via stdout (#4114)
  * Remove mozilla webauthn authenticator backend (#4118)
  * 20260205 truncate service acct tokens (#4113)
  * clarify ssh_publickeys oidc claim (#4116)
  * Add note about building client tools locked (#4117)
  * add RFC8693 to features section of the book (#4112)
  * FIX: make tracing-forest stop panic'ing things when enabling otel (#4105)
  * Bump bytes from 1.11.0 to 1.11.1 (#4107)
  * Tweaking rm_if_exist to remove a race condition (#4103)
  * Set `sudo_provider = none` in sssd.conf; Update default value for LDAP_MAXIMUM_QUERYABLE_ATTRIBUTES (#4098)
  * Improve secure origin handling in OAuth2 (#4097)
  * Radius support for SAN-DN (#4094)
  * Bump the all group with 10 updates (#4093)
  * Allow UUID when Name also allowed (#4089)
  * Disallow methods that should not be used (#4083)
  * Prevent panic (#4082)
  * 20260116 kanidmd json mode (#4075)
  * Return http409 on AttrUniqueness error (#4079)
  * Hardening against process errors (#4061)
  * 20260108 sync polish (#4054)
  * Allow overriding css (#4077)
  * Bump the all group with 8 updates (#4078)
  * Support homeDirectory virtual attribute (#4073)
  * Bump the uv group across 2 directories with 3 updates (#4074)
  * Allow invalid passwords to be skipped (#4071)
  * shrinking logo.svg and re-brotli-ing others (#4069)
  * fallback for target_os dependency management in kanidm_tools webauthn-authenticator-rs (#4067)
  * allows service desk to change account validity (#4068)
  * kanidm-ipa-sync aws-lc-rs crypto provider fix (#4065)
  * 20260107 unixd documentation (#4046)
  * Bump the all group with 12 updates (#4059)
  * Bump lru from 0.16.2 to 0.16.3 (#4047)
  * Prevent server crashing on requests with low log level (#4039)
  * Correct rw flag in service account documentation (#4042)
  * Bump rsa from 0.9.9 to 0.9.10 (#4041)
  * Implement OIDC auth for service-accounts (RFC8963) (#4021)
  * 20251219 Uint64/Int64 syntax types (#4022)
  * Bump the all group across 1 directory with 16 updates (#4036)
  * update askama, askama_web to v0.15 (#4030)
  * Bump the all group with 11 updates (#4024)
  * Bump yescrypt from 0.1.0-rc.0 to 0.1.0-rc.1 in the all group (#4017)
  * Bump the all group with 2 updates (#4016)
  * OAuth2 CSP form-action (#4011)
  * Handle concurrent pam sessions. (#4001)
  * Bump the all group with 5 updates (#4005)
  * fix: correcting parsing of backup compression input (#3995)
  * Add a home strategy framework (#3985)
  * Bump the all group with 8 updates (#3996)
  * Resolve infinite reauth loop (#3992)
  * Ignore CredentialTypeMinimum during migrations (#3991)
  * Allow disabling OAuth2 consent prompt (#3972)
  * Report correct client IP in request log (#3990)
  * Ensure that privileged sessions expirations are synced (#3984)
  * Add reference to the Kanidm anthem (#3987)
  * Missing constraint on skip upgrade process (#3983)
  * Changing how we parse environment variables in kanidmd (#3977)
  * Document the upgrade process through versions. (#3982)
  * Bump actions/checkout from 5 to 6 in the all group (#3979)
  * Bump the all group with 8 updates (#3980)
  * lib crypto should not depend on proto (#3975)
  * Change AttributeUniqueness to yield BAD_REQUEST (#3974)
  * fix: kanidm_build_profiles has unwrap which can cause builds to fail (#3973)
  * Small fixes (#3965)
  * Make log messages more verbose for issues with resources server (#3954)
  * unixd_tasks: update home alias symlink conditionally and atomically (#3947)
  * Manually handle form bytes to allow optional encoding (#3968)
  * Improve handling of ready event (#3967)
  * Fix typo in kanidm-ldap-sync (#3964)
  * Bump the all group with 10 updates (#3963)
  * Bump js-yaml (#3957)
  * Bump the all group with 3 updates (#3948)
  * 20251108 lld (#3944)
  * Improve uid/gid overlap message during IAM migration (#3943)
  * 1.9.0-dev (#3939)

- Enable python bindings for the primary python version on newer
  distributions and 3.11 on 15.x

- Update to version 1.8.6~git0.268c71d0a:
  * Release 1.8.6
  * Release 1.8.5
  * OAuth2 CSP form-action (#4011)
  * Force webauthn 0.5.4
References

No references
Packages

kanidm-1.9.1~git0.36055feca-bp157.2.29.1