Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:latest:upgrade [2019/06/28 13:11]
127.0.0.1 external edit
documentation:latest:upgrade [2019/09/18 18:20] (current)
cmaudoux [2.0.6]
Line 1: Line 1:
 ====== Upgrade from 2.0.x to 2.0.y ====== ====== Upgrade from 2.0.x to 2.0.y ======
- 
-Update from one minor version to another does not require any particular action except: 
-  * The Text::​Unidecode perl module becomes a requirement after version 2.0.5 //(it will be automatically installed if you upgrade from from the deb or RPM repositories)//​ 
-  * Since 2.0.5, CAS logout starts validating the service= parameter, but only if you use the CAS Access control policy. The URL sent in the service= parameter will be checked against [[idpcas#​configuring_cas_applications|known CAS applications]],​ Virtual Hosts, and  [[security#​configure_security_settings|trusted domains]]. Add your target domain to trusted domains if you suddenly start having "​Invalid URL" messages on logout 
-  * 2.0.5 adds some improvements in cryptographic functions. To take advantage of them, **you must change the encryption key** of LemonLDAP::​NG (see [[cli_examples#​encryption_key|CLI example]]). 
  
 Please apply general caution as you would with any software: have backups and a rollback plan ready! Please apply general caution as you would with any software: have backups and a rollback plan ready!
  
-Do not forget ​to read the release notes of the version ​you are about to install ​for any specific instructions.+<note warning>​If you have [[installrpm|installed LemonLDAP::​NG from official RPMs]], you may run into bug [[https://​gitlab.ow2.org/​lemonldap-ng/​lemonldap-ng/​issues/​1757|#​1757]] and lose your Apache configuration files while updating from LemonLDAP::​NG 2.0.0 or 2.0.1 to later versions. Please backup your ''/​etc/​httpd/​conf.d/​z-lemonldap-ng-*.conf''​ files before ​the update.</​note>​ 
 + 
 +===== 2.0.6 ===== 
 + 
 +  * Option was added to display generate password box in [[resetpassword|password reset by mail plugin]]. If you use this feature, you must enable this option, which is disabled by default. 
 +  * If you use the default _whatToTrace macro and a case insensitive authentication backend, then a user can generate several persistent sessions for the same login (see [[https://​gitlab.ow2.org/​lemonldap-ng/​lemonldap-ng/​issues/​1869|issue 1869]]). This can lead to a security bug if you enabled 2FA, which rely on data stored in the persistent session. To fix this, either choose a unique attribute ​for _whatToTrace,​ either force lower case in your macro: 
 +<code perl> 
 +$_auth eq '​SAML'​ ? lc($_user.'​@'​.$_idpConfKey) : $_auth eq '​OpenIDConnect'​ ? lc($_user.'​@'​.$_oidcConnectedRP) : lc($_user) 
 +</​code>​ 
 + 
 +===== 2.0.5 ===== 
 + 
 +  * The Text::​Unidecode perl module becomes a requirement //(it will be automatically installed if you upgrade from from the deb or RPM repositories)//​ 
 +  * CAS logout starts validating the service= parameter, but only if you use the CAS Access control policy. The URL sent in the service= parameter will be checked against [[idpcas#​configuring_cas_applications|known CAS applications]],​ Virtual Hosts, and  [[security#​configure_security_settings|trusted domains]]. Add your target domain to trusted domains if you suddenly start having "​Invalid URL" messages on logout 
 +  *Improvements in cryptographic functions: to take advantage of them, **you must change the encryption key** of LemonLDAP::​NG (see [[cli_examples#​encryption_key|CLI example]]).
  
-===== RPM users ===== 
  
-If you have [[installrpm|installed LemonLDAP::​NG from official RPMs]], you may run into bug [[https://​gitlab.ow2.org/​lemonldap-ng/​lemonldap-ng/​issues/​1757|#​1757]] and lose your Apache configuration files while updating from LemonLDAP::​NG 2.0.0 or 2.0.1 to later versions. Please backup your ''/​etc/​httpd/​conf.d/​z-lemonldap-ng-*.conf''​ files before the update. 
  
 ====== Upgrade from 1.9 to 2.0 ====== ====== Upgrade from 1.9 to 2.0 ======