Releases: ltb-project/self-service-password
Version 1.7.1
ℹ️ Self Service Password
LDAP Tool Box Self Service Password is a web application for end users. It allows them to change or reset their password if they lost it.
It works with any LDAP directory, including Active Directory.
📄 What's Changed
Full Changelog: v1.7.0...v1.7.1
👥 Main Team
Contributors
Assets 3
Version 1.7.0
ℹ️ Self Service Password
LDAP Tool Box Self Service Password is a web application for end users. It allows them to change or reset their password if they lost it.
It works with any LDAP directory, including Active Directory.
📄 What's Changed
- add documentation for entropy feature (#903, #830) by @davidcoutadeur in #907
- fix: hide php notices from the end user in the web ui by @maichouni-mitek in #913
- Update ar.inc.php by @toky0 in #916
- remove smarty messages in error logs unless $smarty_debug is set to true (#909) by @davidcoutadeur in #919
- fix warning: userdn variable uninitialized when using sendsms (#920) by @davidcoutadeur in #930
- remove utf8_decode function (#931) by @davidcoutadeur in #933
- 894 refactor captcha system by @davidcoutadeur in #923
- 895 friendly captcha by @davidcoutadeur in #924
- 343 recaptcha v3 by @davidcoutadeur in #936
- update ltb-ldap library name to ltb-common (#944) by @davidcoutadeur in #945
- 946 improve docker image by @davidcoutadeur in #947
- add a $ldap_scope parameter (#921) by @davidcoutadeur in #939
- lang: update cn and zh-CN by @findlayfeng in #934
- 951 fix csp errors by @davidcoutadeur in #953
- Making it possible to docker build both on M1/M2/M3 Mac and in an x86 VM by @maglub in #950
- fix resending mail requests (#401) by @davidcoutadeur in #949
- Create ko.inc.php by @jungwooksong in #959
- clarify password confirmation field by @davidcoutadeur in #965
- fix vulnerabilities in docker images (#946) by @davidcoutadeur in #966
- Only call ldap_get_dn on an entry by @coudot in #971
- Override all parameters with values from $secondaries_ldap by @coudot in #974
- use symfony cache for managing session-side storage (#954) by @davidcoutadeur in #967
- prevent sending sms twice + share cache functions in dedicated lib/cache.php (#763) by @davidcoutadeur in #978
- use cache functions from ltb-common (#979) by @davidcoutadeur in #980
- improve cache modularity (#982) by @davidcoutadeur in #983
- 968 use ppolicy from ltb common by @davidcoutadeur in #981
- Arabic language support in documentation by @coudot in #989
- Use page size parameter from ltb-common (#985) by @davidcoutadeur in #988
- update ltb-common library to v0.3.0 (#948) by @davidcoutadeur in #990
- #943: Removed duplicated detect language code. by @davidcoutadeur in #992
Full Changelog: v1.6.1...v1.7.0
👥 Main Team
🤝 Other contributors
- @maichouni-mitek made their first contribution in #913
- @toky0 made their first contribution in #916
- @findlayfeng made their first contribution in #934
- @maglub made their first contribution in #950
- @jungwooksong made their first contribution in #959
Contributors
Assets 3
Version 1.6.1
ℹ️ Self Service Password
LDAP Tool Box Self Service Password is a web application for end users. It allows them to change or reset their password if they lost it.
It works with any LDAP directory, including Active Directory.
📄 What's Changed
- #904: Unable to install on RockyLinux 8
- #907: add documentation for entropy feature (#903, #830)
- #919: remove smarty messages in error logs unless $smarty_debug is set to true (#909)
- #930: fix warning: userdn variable uninitialized when using sendsms (#920)
- #933: remove utf8_decode function (#931)
Full Changelog: v1.6...v1.6.1
👥 Main Team
🤝 Other contributors
⬇️ Download
Get tarball and packages on https://ltb-project.org/download.html
Use our apt and yum repositories to ease the installation:
- https://self-service-password.readthedocs.io/en/latest/installation.html#debian-ubuntu
- https://self-service-password.readthedocs.io/en/latest/installation.html#centos-redhat
You can also use our Docker image: https://hub.docker.com/r/ltbproject/self-service-password
Contributors
Assets 3
Version 1.6.0
ℹ️ Self Service Password
LDAP Tool Box Self Service Password is a web application for end users. It allows them to change or reset their password if they lost it.
It works with any LDAP directory, including Active Directory.
📄 What's Changed
- Update tr.inc.php by @berkaycagir in #775
- Audit log by @coudot in #781
- Use login_hint to prefill user login by @coudot in #795
- Update phpunit by @coudot in #799
- translated the line $messages['tokensent_ifexists'] into german by @piang0 in #804
- First implementation of a page to set mail and phone attributes by @coudot in #808
- Use LTB LDAP common PHP lib by @coudot in #797
- Update tr.inc.php by @berkaycagir in #812
- Complete and fix pt-BR translation by @natanjunges in #815
- Filter allowed languages by @coudot in #829
- Error handling when using the signal-cli api for sms by @armfem in #833
- Update it.inc.php by @iotaka in #839
- Upgrade Bootstrap to 5.3 by @coudot in #837
- Fix pt-BR translation for pwned password policy by @campolargo in #841
- prevent multiple form submits (#844) by @davidcoutadeur in #845
- 830 entropy by @davidcoutadeur in #843
- remove useless show_policy function, now rendered by smarty template by @davidcoutadeur in #842
- Remove criteria depending on old password when unavailable (#855) by @davidcoutadeur in #856
- add docker image labels (#778) + update base image to php:8.2 + smarty to v4.4.1 by @davidcoutadeur in #866
- update bundled dependencies + mv them as composer managed dep (#849) by @davidcoutadeur in #859
- Spec cleanup (#846) by @davidcoutadeur in #847
- deb cleanup (#852) by @davidcoutadeur in #858
- Avoid host header poisoning by @coudot in #857
- Use a dedicated CSS class for ppolicy div by @coudot in #873
- Test crypt_tokens parameter if SMS feature is enabled by @coudot in #874
- Securisation of reset by SMS token feature by @armfem in #851
- use new ltb-ldap v0.2 and adapt method signatures (#878) by @davidcoutadeur in #879
- 878 use ltb ldap functions by @davidcoutadeur in #882
- Use POST instead of GET in check entropy module (#884) by @davidcoutadeur in #885
- compute pwd_diff_last_min_chars the same way than at backend side (#868) by @davidcoutadeur in #869
- reinject default configuration file into conf directory (#831) by @davidcoutadeur in #870
- fix warnings for uninitialized variables (#887) by @davidcoutadeur in #888
- ability to change custom password fields, developped by @markus-96 (#864) by @davidcoutadeur in #865
- Correction of max number of attempts for token sent by sms bug by @armfem in #890
- remove global variables in sendsms.php (#889) by @davidcoutadeur in #891
- Corrected error introduced when adding obscure notifications by @armfem in #892
- 674 notify by mail code factorization by @davidcoutadeur in #893
- Remove obscure_failure_messages option by @coudot in #899
Full Changelog: v1.5.4...v1.6.0
👥 Main Team
🤝 New Contributors
- @piang0 made their first contribution in #804
- @natanjunges made their first contribution in #815
- @armfem made their first contribution in #833
- @iotaka made their first contribution in #839
- @campolargo made their first contribution in #841
⬇️ Download
Get tarball and packages on https://ltb-project.org/download.html
Use our apt and yum repositories to ease the installation:
- https://self-service-password.readthedocs.io/en/latest/installation.html#debian-ubuntu
- https://self-service-password.readthedocs.io/en/latest/installation.html#centos-redhat
You can also use our Docker image: https://hub.docker.com/r/ltbproject/self-service-password
Contributors
Assets 2
Version 1.5.4
ℹ️ Self Service Password
LDAP Tool Box Self Service Password is a web application for end users. It allows them to change or reset their password if they lost it.
It works with any LDAP directory, including Active Directory.
📄 What's Changed
- Typo in config_tokens.rst by @maxxer in #777
- Updated italian localization by @xBounceIT in #793
- Dockerfile fails to build #813 by @pljeff in #814
- Do not trust SMS number from crypted token, search it again in LDAP Directory by @coudot in #818
- Announce that the smarty3 package needs to be installed manually by @paulignari in #774
Full Changelog: v1.5.3...v1.5.4
👥 Main Team
🤝 New Contributors
- @xBounceIT made their first contribution in #793
- @pljeff made their first contribution in #814
- @paulignari made their first contribution in #774
⬇️ Download
Get tarball and packages on https://ltb-project.org/download.html
Use our apt and yum repositories to ease the installation:
- https://self-service-password.readthedocs.io/en/latest/installation.html#debian-ubuntu
- https://self-service-password.readthedocs.io/en/latest/installation.html#centos-redhat
You can also use our Docker image: https://hub.docker.com/r/ltbproject/self-service-password
Contributors
Assets 2
Version 1.5.3
ℹ️ Self Service Password
LDAP Tool Box Self Service Password is a web application for end users. It allows them to change or reset their password if they lost it.
It works with any LDAP directory, including Active Directory.
📄 What's Changed
- Update gpg install command by @wwuck in #723
- Add support for Arabic locale by @bondif in #741
- Update Dutch lang file by @zidesm in #744
- Added comment/note over $custom_css by @stevleibelt in #754
- Bump guzzlehttp/psr7 from 2.4.0 to 2.5.0 in /lib by @dependabot in #767
- Restrict languages to php files by @coudot in #771
- Prevent account disclosure in password reset by mail token page by @coudot in #749
Full Changelog: v1.5.2...v1.5.3
👥 Main Team
🤝 New Contributors
- @wwuck made their first contribution in #723
- @zidesm made their first contribution in #744
- @stevleibelt made their first contribution in #754
⬇️ Download
Get tarball and packages on https://ltb-project.org/download.html
Use our apt and yum repositories to ease the installation:
- https://self-service-password.readthedocs.io/en/latest/installation.html#debian-ubuntu
- https://self-service-password.readthedocs.io/en/latest/installation.html#centos-redhat
You can also use our Docker image: https://hub.docker.com/r/ltbproject/self-service-password
Contributors
Assets 2
Version 1.5.2
ℹ️ Self Service Password
LDAP Tool Box Self Service Password is a web application for end users. It allows them to change or reset their password if they lost it.
It works with any LDAP directory, including Active Directory.
📄 What's Changed
- Update config_nginx.rst by @souhaib22 in #717
- Update config_apache.rst by @souhaib22 in #718
- Use gpg instead of apt-key during for deb install by @ZephOne in #722
- captcha in sendsms check when needed only by @artlog in #721
Full Changelog: v1.5.1...v1.5.2
👥 Main Team
🤝 New Contributors
- @souhaib22 made their first contribution in #717
- @ZephOne made their first contribution in #722
⬇️ Download
Get tarball and packages on https://ltb-project.org/download.html
Use our apt and yum repositories to ease the installation:
- https://self-service-password.readthedocs.io/en/latest/installation.html#debian-ubuntu
- https://self-service-password.readthedocs.io/en/latest/installation.html#centos-redhat
You can also use our Docker image: https://hub.docker.com/r/ltbproject/self-service-password
Contributors
Assets 2
Version 1.5.1
ℹ️ Self Service Password
LDAP Tool Box Self Service Password is a web application for end users. It allows them to change or reset their password if they lost it.
It works with any LDAP directory, including Active Directory.
📄 What's Changed
- Catch user not found error by @coudot in #712
- Explicit libldap-common dependency for docker by @VeselaHouba in #715
🤝 New Contributors
- @VeselaHouba made their first contribution in #715
Full Changelog: v1.5.0...v1.5.1
⬇️ Download
Get tarball and packages on https://ltb-project.org/download.html
Use our apt and yum repositories to ease the installation:
- https://self-service-password.readthedocs.io/en/latest/installation.html#debian-ubuntu
- https://self-service-password.readthedocs.io/en/latest/installation.html#centos-redhat
You can also use our Docker image: https://hub.docker.com/r/ltbproject/self-service-password
Contributors
Assets 2
Version 1.5.0
ℹ️ Self Service Password
LDAP Tool Box Self Service Password is a web application for end users. It allows them to change or reset their password if they lost it.
It works with any LDAP directory, including Active Directory.
📄 What's Changed
- feat(ssh): public key check ( #509 ) by @faust64 in #510
- docs(sshkey) by @faust64 in #512
- fix(mail): add sendmail to Docker image by @faust64 in #517
- docs(multi-tenancy): adds samples setting multi-tenancy header by @faust64 in #515
- If token was provided by SMS, check initial SMS code before changing password by @coudot in #521
- [Security:low] Dismiss captcha once it is used by @coudot in #522
- Merge 1.4 branch by @coudot in #523
- Typo in resetbytoken resulting in mails not being sent by @faust64 in #529
- adding Kerberos authentication support by @jazzl0ver in #536
- Change expired password as manager by @coudot in #530
- fix(version): mismatch between htdocs/index.php and rest/v1/include.php by @faust64 in #539
- core(update): apache 2.4.46 by @faust64 in #541
- Refactor pwned passwords by @faust64 in #540
- fix(notify): don't send notification if modification failed by @faust64 in #542
- docs(ratelimit): typo by @faust64 in #545
- feat(mails): using several mail attributes by @faust64 in #546
- fix(sshkeys): don't send mail notification when entry was not changed by @faust64 in #513
- Update de.inc.php by @usrflo in #547
- fix(docs): invalid nginx root serving ssp by @faust64 in #551
- Added sms api for signal-cli by @mfulz in #549
- fix(docs): ratelimit check interval should be 1h, not 1min by @faust64 in #558
- Document $allowed_lang var by @maxxer in #562
- Updated IT translation by @maxxer in #564
- Fix Error 500 when user is not found in ldap for sms reset by @mfulz in #571
- fix(api): phpmailer needs to be included (#573) by @faust64 in #576
- fix: captcha misaligned in the mobile version by @bondif in #588
- Update simplified Chinese translation by @tweea in #594
- fix(docs) - see #590 by @faust64 in #598
- Update fr translation by @vboucard in #606
- chore(deps): bump phpmailer/phpmailer from 6.4.1 to 6.5.0 in /lib by @dependabot in #559
- Fix some undefined warnings by @liedekef in #609
- fix apache / bullseye by @faust64 in #612
- Issue 608 by @doc-slice in #619
- Implement Argon2 hashing by @tleuxner in #628
- Add some cosmetic css properties to sshkey textarea by @spike77453 in #642
- Fix translation by @tvdijen in #646
- chore(deps): bump guzzlehttp/psr7 from 2.1.0 to 2.2.1 in /lib by @dependabot in #647
- chore(deps): bump guzzlehttp/guzzle from 7.4.0 to 7.4.4 in /lib by @dependabot in #659
- Update bootstrap to v3.4.1 by @bohze in #661
- chore(deps): bump guzzlehttp/guzzle from 7.4.4 to 7.4.5 in /lib by @dependabot in #664
- feat(sms): Allow more than one mobile attribute #658 by @artlog in #673
- Feat mail factorize attributes by @artlog in #675
- Update TR translation by @berkaycagir in #669
- fix(sshkey): should add one sshPublicKey per key by @faust64 in #514
- Remove warning "Decoding error" by @coudot in #676
- Fix 563 by @faust64 in #592
- Use correct message identifiers by @coudot in #677
- hide failure by default for mailnomatch issue #610 by @artlog in #685
- fix check password toward ldap attribute for token based methods by @artlog in #686
- captcha use dedicated session cookie fix #602 by @artlog in #680
- Rate limit optional support per ip (ratelimit_filter_by_ip) by @artlog in #683
- Add rate limit checking for any password change request include fix #654 by @artlog in #684
- Improve documentation, parse php code by @coudot in #696
- Fix password check ldap by @artlog in #688
- Use require_once for file inclusion by @coudot in #702
- Fix reset by questions display after password change by @coudot in #703
- Check parameters before calling hash_equals by @coudot in #699
- Get entry in checkpassword REST service by @coudot in #708
🤝 New Contributors
- @jazzl0ver made their first contribution in #536
- @usrflo made their first contribution in #547
- @mfulz made their first contribution in #549
- @maxxer made their first contribution in #562
- @bondif made their first contribution in #588
- @vboucard made their first contribution in #606
- @liedekef made their first contribution in #609
- @doc-slice made their first contribution in #619
- @tleuxner made their first contribution in #628
- @tvdijen made their first contribution in #646
- @artlog made their first contribution in #673
Full Changelog: v1.4.5...v1.5.0
⬇️ Download
Get tarball and packages on https://ltb-project.org/download.html
Use our apt and yum repositories to ease the installation:
- https://self-service-password.readthedocs.io/en/latest/installation.html#debian-ubuntu
- https://self-service-password.readthedocs.io/en/latest/installation.html#centos-redhat
You can also use our Docker image: https://hub.docker.com/r/ltbproject/self-service-password
Contributors
Assets 2
Version 1.4.5
What's Changed
Download
Get tarball and packages on https://ltb-project.org/download.html
Use our apt and yum repositories to ease the installation:
