the-bastion/doc/release-notes/v3.02.00.md

Changes since v3.01.03:

• feat: add support for a PIV-enforced policy (see https://ovh.github.io/the-bastion/using/piv)
• feat: more information in the logs (see https://ovh.github.io/the-bastion/installation/upgrading.html#version-specific-upgrade-instructions and the logs documentation https://ovh.github.io/the-bastion/administration/logs.html)
• feat: realms: use remote bastion MFA validation information for local policy enforcement
• feat: add LC_BASTION_DETAILS envvar
• feat: accountModify: add --osh-only (closes #97)
• feat: rootListIngressKeys: report keys found in all well-known authkeys files, not just the one used by The Bastion
• feat: add --(in|ex)clude filters to groupList and accountList
• enh: groupList: use cache to speedup calls
• enh: satellite scripts: better error handling
• enh: config: better parsing and normalization
• enh: config: detect warnBefore/idleTimeout misconfiguration (#125)
• fix: config: be more permissive for documentationURL validation regex
• fix: TOCTTOU fixes in ttyrec rotation script and lingering sessions reaper
• fix: confusing error messages in groupDelServer
• fix: proper sqlite log location for invalid realm accounts
• fix: tests: syslog-logged errors were not counted towards the total
• fix: groupList: remove 9K group limit
• fix: global-log: directly set proper perms on file creation
• fix: realmDelete: invalid sudoers configuration
• fix: remove useless warning when there is no guest access
• chore: tests: remove OpenSUSE Leap 15.0 (due to https://bugzilla.opensuse.org/show_bug.cgi?id=1146027)
• chore: a few other fixes & enhancements around tests, documentation, perlcritic et al.

General upgrade instructions: How to upgrade

Specific upgrade instructions: Please read through the details, in a nutshell:

• Logs have been enhanced
• The main configuration file now supports proper booleans (in a backward compatible way)