From the release announcement:
* Hide closed tasks on central,
* Quick search in saved searches panel,
* Fix image in FAQ for anonymous users,
* Possibility to add an analytics javascript,
* Various fixes on components,
* And many more!
The full changelog is available here for more details:
https://github.com/glpi-project/glpi/milestone/24?closed=1
* Noteworthy changes in release 4.5 (2018-03-31) [stable]
** Bug fixes
sed now fails when matching very long input lines (>2GB).
Before, sed would silently ignore the regex without indicating an
error. [Bug present at least since sed-3.02]
sed no longer rejects comments and closing braces after y/// commands.
[Bug existed at least since sed-3.02]
sed -E --posix no longer ignores special meaning of '+','?','|' .
[Bug introduced in the original implementation of --posix option in
v4.1a-5-gba68fb4]
sed -i now creates selinux context based on the context of the symlink
instead of the symlink target. [Bug present since at least sed-4.2]
sed -i --follow-symlinks remains unchanged.
sed now treats the sequence '\x5c' (ASCII 92, backslash) as literal
backslash character, not as an escape prefix character.
[Bug present since sed-3.02.80]
Old behavior:
$ echo z | sed -E 's/(z)/\x5c1/' # identical to 's/(z)/\1/'
z
New behavior:
$ echo z | sed -E 's/(z)/\x5c1/'
\1
DEPRECATIONS/CHANGES:
- `vault kv` and Vault versions: In 0.10.1 some issues with `vault kv` against
v1 K/V engine mounts are fixed. However, using 0.10.1 for both the server
and CLI versions is required.
- Mount information visibility: Users that have access to any path within a
mount can now see information about that mount, such as its type and
options, via some API calls.
- Identity and Local Mounts: Local mounts would allow creating Identity
entities but these would not be able to be used successfully (even locally)
in replicated scenarios. We have now disallowed entities and groups from
being created for local mounts in the first place.
FEATURES:
- X-Forwarded-For support: `X-Forwarded-For` headers can now be used to set the
client IP seen by Vault. See the TCP listener configuration
page for details.
- CIDR IP Binding for Tokens: Tokens now support being bound to specific
CIDR(s) for usage. Currently this is implemented in Token Roles; usage can be
expanded to other authentication backends over time.
- `vault kv patch` command: A new `kv patch` helper command that allows
modifying only some values in existing data at a K/V path, but uses
check-and-set to ensure that this modification happens safely.
- AppRole Local Secret IDs: Roles can now be configured to generate secret IDs
local to the cluster. This enables performance secondaries to generate and
consume secret IDs without contacting the primary.
- AES-GCM Support for PKCS#11 [BETA] (Enterprise): For supporting HSMs,
AES-GCM can now be used in lieu of AES-CBC/HMAC-SHA256. This has currently
only been fully tested on AWS CloudHSM.
- Auto Unseal/Seal Wrap Key Rotation Support (Enterprise): Auto Unseal
mechanisms, including PKCS#11 HSMs, now support rotation of encryption keys,
and migration between key and encryption types, such as from AES-CBC to
AES-GCM, can be performed at the same time (where supported).
IMPROVEMENTS:
- auth/approle: Support for cluster local secret IDs. This enables secondaries
to generate secret IDs without contacting the primary
- auth/token: Add to the token lookup response, the policies inherited due to
identity associations
- auth/token: Add CIDR binding to token roles
- cli: Add `vault kv patch`
- core: Add X-Forwarded-For support
- core: Add token CIDR-binding support
- identity: Add the ability to disable an entity. Disabling an entity does not
revoke associated tokens, but while the entity is disabled they cannot be
used.
- physical/consul: Allow tuning of session TTL and lock wait time
- replication: Dynamically adjust WAL cleanup over a period of time based on
the rate of writes committed
- secret/ssh: Update dynamic key install script to use shell locking to avoid
concurrent modifications
- ui: Access to `sys/mounts` is no longer needed to use the UI - the list of
engines will show you the ones you implicitly have access to (because you have
access to to secrets in those engines)
BUG FIXES:
- cli: Fix `vault kv` backwards compatibility with KV v1 engine mounts
- identity: Persist entity memberships in external identity groups across
mounts
- identity: Fix error preventing authentication using local mounts on
performance secondary replication clusters
- replication: Fix issue causing secondaries to not connect properly to a
pre-0.10 primary until the primary was upgraded
- secret/gcp: Fix panic on rollback when a roleset wasn't created properly
- secret/gcp: Fix panic on renewal
- ui: Fix IE11 form submissions in a few parts of the application
- ui: Fix IE file saving on policy pages and init screens
- ui: Fixed an issue where the AWS secret backend would show the wrong menu
- ui: Fixed an issue where policies with commas would not render in the
interface properly
- ui: Corrected the saving of mount tune ttls for auth methods
- ui: Credentials generation no longer checks capabilities before making
api calls. This should fix needing "update" capabilites to read IAM
credentials in the AWS secrets engine
- Fixed long-standing bug in 3.x regarding using column aliases with
queries that utilize the ModelCursorWrapper (typically queries with
one or more joins).
- Fix typo in model metadata code, thanks @klen.
- Add examples of using recursive CTEs to docs.
5.26.2:
Security
[CVE-2018-6797] heap-buffer-overflow (WRITE of size 1) in S_regatom (regcomp.c)
A crafted regular expression could cause a heap buffer write overflow, with control over the bytes written.
[CVE-2018-6798] Heap-buffer-overflow in Perl__byte_dump_string (utf8.c)
Matching a crafted locale dependent regular expression could cause a heap buffer read overflow and potentially information disclosure.
[CVE-2018-6913] heap-buffer-overflow in S_pack_rec
pack() could cause a heap buffer write overflow with a large item count.
Assertion failure in Perl__core_swash_init (utf8.c)
Control characters in a supposed Unicode property name could cause perl to crash. This has been fixed.
Updated Modules and Pragmata
Module::CoreList has been upgraded from version 5.20170922_26 to 5.20180414_26.
PerlIO::via has been upgraded from version 0.16 to 0.17.
Term::ReadLine has been upgraded from version 1.16 to 1.17.
Unicode::UCD has been upgraded from version 0.68 to 0.69.
Selected Bug Fixes
The readpipe() built-in function now checks at compile time that it has only one parameter expression, and puts it in scalar context, thus ensuring that it doesn't corrupt the stack at runtime.
Fixed a use after free bug in pp_list introduced in Perl 5.27.1.
Parsing a sub definition could cause a use after free if the sub keyword was followed by whitespace including newlines (and comments).
The tokenizer now correctly adjusts a parse pointer when skipping whitespace in an ${identifier} construct.
Accesses to ${^LAST_FH} no longer assert after using any of a variety of I/O operations on a non-glob.
sort now performs correct reference counting when aliasing $a and $b, thus avoiding premature destruction and leakage of scalars if they are re-aliased during execution of the sort comparator.
Some convoluted kinds of regexp no longer cause an arithmetic overflow when compiled.
Fixed a duplicate symbol failure with -flto -mieee-fp builds. pp.c defined _LIB_VERSION which -lieee already defines.
A NULL pointer dereference in the S_regmatch() function has been fixed.
Failures while compiling code within other constructs, such as with string interpolation and the right part of s///e now cause compilation to abort earlier.
6.7.0:
[Sanic] Added support for sanic.
[Core] Disabled dill logger by default
[Core] Added SENTRY_NAME, SENTRY_ENVIRONMENT and SENTRY_RELEASE environment variables
[Core] DSN secret is now optional
[Core] Added fix for cases with exceptions in repr
[core] Fixed bug with mutating record.data
0.30.0:
- Various small typos (Windows builds, Fix SSL.Connection.__del__)
- The project is now Linux-distribution agnostic
- Replace all old-style classes with the new ones (it shouldn't cause
any problems, but feel free to file an issue, if it does)
- Do not by-pass a potential transfer decoding in m2urllib2
- Update M2Crypto.six with 1.11.0 and replace our local workarounds with
new functions.
- SSLv3 just removed.
- Don't support Python 2.6 on Windows anymore. Windows users don't have
python as a system package, so they are usually more likely to upgrade
anyway.
OpenVPN 2.4.6
management: Warn if TCP port is used without password
Correct version in ChangeLog - should be 2.4.5, was mistyped as 2.4.4
Fix potential double-free() in Interactive Service (CVE-2018-9336)
preparing release v2.4.6 (ChangeLog, version.m4, Changes.rst)
manpage: improve description of --status and --status-version
Make return code external tls key match docs
Delete the IPv6 route to the "connected" network on tun close
Management: warn about password only when the option is in use
Avoid overflow in wakeup time computation
Add missing #ifdef SSL_OP_NO_TLSv1_1/2
Check for more data in control channel
0.48 2018-04-22 09:01:08+02:00 Europe/Oslo
- No changes from 0.47-TRIAL
0.47 2017-07-26 10:34:24-04:00 America/New_York (TRIAL RELEASE)
[Fixed]
- Appends PID to random file names for tee signalling to avoid
random name collision when used in multiple forked children.
0.24 2018-04-21 14:11:08Z
- no changes since last trial release
0.23 2018-03-17 23:33:09Z (TRIAL RELEASE)
- improve use of constants in compile-time perl version checks
0.22 2018-03-17 19:31:37Z (TRIAL RELEASE)
- Fix memory corruption on perls 5.8.0 - 5.8.3
1.24 Tue Apr 17 21:24:11 CEST 2018
- actually rewnew was missing, not wrongly documented. silly.
1.23 Tue Apr 17 21:18:24 CEST 2018
- ->renew is actually called ->post_fork, fix documentation.
- use stability canary.
1.41 2018-04-24 06:19:18 -0400
- before and after directives in alienfile triggers requirement on Alien::Build 1.40
1.40_01 2018-04-12 09:21:05 -0400
- Add before and after directives to alienfile syntax
Depend on p5-Cpanel-JSON-XS.
1.004000 - 2018-04-19
- added true and false subs so they can be used via JSON::MaybeXS rather than
only JSON() exported sub.
