lemonldap-ng (2.0.9-1) unstable; urgency=medium

  This release fixes 2 CVE:
  - CVE-2020-24660: Nginx configuration for Handler protected applications
   must be updated if your virtual host configuration contains per-URL access
   rules based on regular expressions in addition to the built-in default access rule.
  - CVE-2020-16093: LDAP server certificates were previously not verified by default
   when using secure transports (LDAPS or TLS). Starting from this release, certificate
   validation is now enabled by default, including on existing installations. If
   your SSL configuration is not valid, you can temporarily disable certificate
   verification.
  See upgrade notes in local documentation or on https://lemonldap-ng.org

 -- Clement OUDOT <clement@oodo.net>  Sun, 06 Sep 2020 22:00:00 +0100

lemonldap-ng (2.0.6-1) unstable; urgency=medium

  FastCGI / uWsgi servers require llng-lmlog.conf and llng-lua-headers.conf.
  Those configuration files are now provided by lemonldap-ng-handler package
  and installed in /etc/nginx/snippets directory.

 -- maudoux <maudoux@localhost>  Wed, 11 Sep 2019 22:47:57 +0200

lemonldap-ng (2.0.5-1) unstable; urgency=medium

  This version adds some improvements in cryptographic functions. To take
  advantage of them, you must change the encryption key of LemonLDAP::NG.

 -- Xavier Guimard <yadd@debian.org>  Thu, 27 Jun 2019 23:19:09 +0200

lemonldap-ng (2.0.0-1) unstable; urgency=medium

  2.0 is a major release, many things have been changed. You must read
  https://lemonldap-ng.org/documentation/2.0/upgrade before upgrade.

 -- Xavier Guimard <x.guimard@free.fr>  Mon, 11 Dec 2017 22:48:25 +0100

lemonldap-ng (1.9.2-1) unstable; urgency=medium

  liblemonldap-ng-handler-perl package has been split into:
  - lemonldap-ng-handler that provides web server configuration
  - liblemonldap-ng-handler-perl that provides Perl libraries only

 -- Xavier Guimard <x.guimard@free.fr>  Sat, 17 May 2016 22:25:43 +0200

lemonldap-ng (1.9.0-1) unstable; urgency=low

  1) Configuration and sessions storage

  From now, Lemonldap::NG uses JSON serialization to store configuration and
  sessions instead of Storable::nfreeze Perl function. This permits one to have
  heterogenous servers connected to the same LLNG organization (32/64 bits or
  different Perl versions). Old format still works but:
   * configuration backends: new format is applied at first configuration
     save,
   * sessions storages: new format is applied for each new session or when
     updating an existing session. You can force LemonLDAP::NG to keep the old
     serialization method by setting useStorable to 1 in sessions backend
     options if you have some custom hooks.
     Note that this behaviour only affects modules Apache::Session::File, SQL
     database and Apache::Session::LDAP

  If you have more than one server and don't want to stop the SSO service, start
  upgrading in the following order:
   * servers that have only handlers;
   * portal servers (all together if your load balancer doesn't keep state by
     user or client IP and if users use the menu);
   * manager server

  2) Manage Ajax requests when sessions expires

  To request for authentication, handlers sent a 302 HTTP code even if request
  was an Ajax one. From now, after redirection, portal will send a 401 code
  with a WWW-Authenticate header containing "SSO portal-URL". This is a little
  HTTP protocol hook created because browsers follow redirection transparently.
  If you want to keep old behaviour, set noAjaxHook to 1 (in General Parameters
  -> Advanced -> Handler redirections -> Keep redirections for Ajax).

  3) New "Multi" authentication scheme

  The Multi backend configuration has changed. Now the stacks are defined in
  separate attributes:
   * multiAuthStack
   * multiUserDBStack

  So an old configuration like this:

    authentication = Multi LDAP;DBI
    userDB         = Multi LDAP;DBI

  Must be replaced by:

    authentication   = Multi
    userDB           = Multi
    multiAuthStack   = LDAP;DBI
    multiUserDBStack = LDAP;DBI

  4) Form replay

  Management of form replay has been rewritten. If you uses this experimental
  feature, you must edit your configuration and rewrite it.

 -- Xavier Guimard <x.guimard@free.fr>  Thu, 21 Jan 2016 17:13:07 +0100

lemonldap-ng (1.4.6-1) unstable; urgency=medium

  Handler files "My::Package" are no longer installed by default as a module
  "Lemonldap::NG::Handler" generic is now available. It is therefore
  necessary either to modify Apache configuration files to use
  "Lemonldap::NG::Handler" or create your own Perl modules using the provided
  examples files.

 -- Xavier Guimard <x.guimard@free.fr>  Mon, 29 Dec 2014 17:10:00 +0100

lemonldap-ng (1.2.2-1) unstable; urgency=low

  Examples files (Apache configuration and default handler files) are now not
  installed in /var/lib/lemonldap-ng/handler but available as examples files

  Since 1.2.2, LemonLDAP::NG uses 'Demo' authentication backend by default
  and the manager is protected by default by LemonLDAP::NG. So for an
  unconfigured installation, you have to use dwho account to access to the
  manager (password dwho)

 -- Xavier Guimard <x.guimard@free.fr>  Thu, 29 Nov 2012 06:22:45 +0100
