Differences

This shows you the differences between two versions of the page.

Link to this comparison view

Both sides previous revision Previous revision
Next revision
Previous revision
documentation:latest:upgrade [2019/10/30 13:42]
maxbes [2.0.6]
documentation:latest:upgrade [2020/01/08 10:45] (current)
coudot [2.0.7]
Line 4: Line 4:
  
 <note warning>​If you have [[installrpm|installed LemonLDAP::​NG from official RPMs]], you may run into bug [[https://​gitlab.ow2.org/​lemonldap-ng/​lemonldap-ng/​issues/​1757|#​1757]] and lose your Apache configuration files while updating from LemonLDAP::​NG 2.0.0 or 2.0.1 to later versions. Please backup your ''/​etc/​httpd/​conf.d/​z-lemonldap-ng-*.conf''​ files before the update.</​note>​ <note warning>​If you have [[installrpm|installed LemonLDAP::​NG from official RPMs]], you may run into bug [[https://​gitlab.ow2.org/​lemonldap-ng/​lemonldap-ng/​issues/​1757|#​1757]] and lose your Apache configuration files while updating from LemonLDAP::​NG 2.0.0 or 2.0.1 to later versions. Please backup your ''/​etc/​httpd/​conf.d/​z-lemonldap-ng-*.conf''​ files before the update.</​note>​
 +
 +===== 2.0.7 =====
 +
 +  * Security:
 +    * [[https://​gitlab.ow2.org/​lemonldap-ng/​lemonldap-ng/​issues/​2040|#​2040]]:​ Configuration of a redirection URI for an OpenID Connect Relying Party is now mandatory, as defined in the specifications. If you save your configuration,​ you will have an error if some of your RP don't have a redirect URI configured.
 +    * [[https://​gitlab.ow2.org/​lemonldap-ng/​lemonldap-ng/​issues/​1943|#​1943]] / [[https://​cve.mitre.org/​cgi-bin/​cvename.cgi?​name=CVE-2019-19791|CVE-2019-19791]]:​ along with the patch provided in 2.0.7 in ''​Lemonldap/​NG/​Common/​PSGI/​Request.pm'',​ Apache rewrite rule must be updated to avoid an unprotected access to REST services:
 +<​code>​portal-apache2.conf</​code>​
 +<file apache>
 +    RewriteCond "​%{REQUEST_URI}"​ "​!^/​(?:​(?:​static|javascript|favicon).*|.*\.fcgi(?:/​.*)?​)$"​
 +    RewriteRule "​^/​(.+)$"​ "/​index.fcgi/​$1"​ [PT]
 +</​file>​
 +<​code>​manager-apache2.conf</​code>​
 +<file apache>
 +     ​RewriteCond "​%{REQUEST_URI}"​ "​!^/​(?:​static|doc|lib|javascript|favicon).*"​
 +     ​RewriteRule "​^/​(.+)$"​ "/​manager.fcgi/​$1"​ [PT]
 +</​file>​
 +
 +  * Other:
 +    * Option ''​checkTime''​ was enabled by default in ''​lemonldap-ng.ini'',​ this let the portal check the configuration immediately instead of waiting for configuration cache expiration. You can keep this option enabled unless you need strong [[performances|performances]].
 +  * Removed parameters:
 +    * ''​samlIdPResolveCookie''​
  
 ===== 2.0.6 ===== ===== 2.0.6 =====