aherman
/
the-bastion
mirror of https://github.com/ovh/the-bastion
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

release v3.23.01

Browse Source
pull/613/head
Stéphane Lesimple 3 weeks ago committed by Stéphane Lesimple
parent 11cbf63be8
commit 01c896ba63
3 changed files with 35 additions and 1 deletions
Show Stats Download Patch File Download Diff File

7
doc/CHANGELOG.md
Unescape View File

@ -1,3 +1,10 @@
## v3.23.01 - 2026/01/29
- feat: accept ``-l`` as an additional alias to specify the username (mimicking ``ssh``'s option)
- enh: better interaction between systemd units and /home encryption
- fix: add ``groupGidMin`` configuration option to avoid stealing an account's GID
- fix: missing ``-regex`` following @cdbd6c7 from #550
- chore: deprecate the use of -f and -l in selfListIngressKeys
## v3.23.00 - 2025/12/22
- feat: switch banner if node is sealed
- feat: httpproxy: add support for more HTTP methods (#601)

27
doc/sphinx/installation/upgrading.rst
Unescape View File

@ -27,6 +27,33 @@ See the ``--help`` for a more fine-grained upgrade path if needed.
Version-specific upgrade instructions
=====================================
v3.23.01 - 2026/01/29
*********************
The ``-l`` alias to ``--user`` has been added, to mimick ``ssh``'s ``-l`` option.
The ``selfDelIngressKey`` plugin had also this alias for its ``--id-to-delete`` option, and still does,
but the main routine's option parsing will take precedence if you don't use ``--`` to separate options.
For this reason, the use of the short options ``-l`` and ``-f`` have been deprecated
in ``selfDelIngressKey`` to avoid confusion.
Another change is the introduction of the ``groupGidMin`` option in :file:`/etc/bastion/bastion.conf`,
to fix an issue that could arise if you use fixed UIDs for your accounts (using ``--uid `` in ``accountCreate``
instead of ``--uid-auto``).
This minor release mainly fixes an issue where a preexisting bastion group would have reserved a GID that you
expected to allow to a future account.
This is only of importance if you're using fixed UIDs to create accounts, and can't let the system pick
the UIDs itself, for example because these UIDs are referenced in some other system of your company.
This change applies a GID shifting to all the bastion groups to ensure they can never take a GID that would
pertain to a later-to-be-created account with a fixed UID/GID.
This shift amount is configurable in bastion.conf as ``groupGidMin`` (``500000`` by default).
If you use fixed UIDs for your accounts and you want to ensure any preexisting group's GID won't get in the way,
you may use the updated :file:`bin/admin/fix-group-gid.sh` script to shift any preexisting group GID that would be
out of the new ``groupGidMin`` range. This is optional.
v3.23.00 - 2025/12/22
*********************

2
lib/perl/OVH/Bastion.pm
Unescape View File

@ -5,7 +5,7 @@ use common::sense;
use Fcntl;
use POSIX qw(strftime);
our $VERSION = '3.23.00';
our $VERSION = '3.23.01';
BEGIN {
# only used by the handler below

Write Preview
Loading…
Cancel
Save