DE 

//Cloudogu EcoSystem Docs

CAS Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog, and this project adheres to Semantic Versioning.

[Unreleased]

[v6.6.15-1] - 2024-02-15

Changed

  • Upgrade CAS to 6.6.15

Security

  • spring-security-core: CVE-2022-31692 / CVE-2023-20862

[v6.6.12-2] - 2024-02-06

Added

  • add new volume /logs to avoid logging into the container file system (#173)

Changed

  • generated log files now reside under /logs instead of /opt/apache-tomcat/logs (#173)

Fixed

  • log files no longer spam the container file system which lead to resource exhaustion in the host file system (#173)

[v6.6.12-1] - 2023-09-21

Changed

[v6.6.10-1] - 2023-08-18

Changed

[v6.6.8-2] - 2023-06-26

Added

[v6.6.8-1] - 2023-06-16

Changed

  • Update CAS to 6.6.8 (#178)
  • Update Tomcat to 9.0.85

Removed

  • Remove /var/lib/cas Volume

[v6.5.9-1] - 2023-05-12

Changed

  • Upgrade cas to 6.5.9.1 (#175)

Security

  • spring-framework: CVE-2023-20861
  • sprint-boot: CVE-2022-22965 / CVE-2023-20873 / CVE-2022-22965 / GHSA-36p3-wjmg-h94x / CVE-2023-20873
  • snakeyaml: CVE-2022-25857 / CVE-2022-38749 / CVE-2022-38749 / CVE-2022-38749 / CVE-2022-38752 / CVE-2022-41854 / CVE-2022-1471
  • commons-text: CVE-2022-42889
  • netty: CVE-2019-20444 / CVE-2019-20445 / CVE-2019-16869 / CVE-2021-21290 / CVE-2021-21409 / CVE-2021-43797 / CVE-2022-24823
  • jackson.core: CVE-2020-36518 / CVE-2020-36518 / CVE-2022-42004 / CVE-2022-42003
  • junit: CVE-2020-15250
  • smart-json: CVE-2023-1370
  • jose4j: GHSA-jgvc-jfgh-rjvv
  • json: CVE-2022-45688
  • jsoup: CVE-2022-36033

[v6.5.8-2] - 2023-03-22

Fixed

  • Fix file system exhaustion from Tomcat access logs in /opt/apache-tomcat/logs (#173)

    • The access logs will be streamed to Stdout instead, t. i., the logs will be accommodated by the hosts /var/lib/docker/cas.log

[v6.5.8-1] - 2022-11-17

  • Upgrade cas to 6.5.8 (#171)

[v6.5.5-4] - 2022-08-23

Changed

  • Set the ldap-min-pool-size to zero also for the password management ldap (#136, #169)

[v6.5.5-3] - 2022-08-17

Added

  • Make password policy configurable. For more information see docs (#167)

[v6.5.5-2] - 2022-07-07

Changed

  • When resetting the password, certain e-mail addresses are declared invalid in the original CAS code, e.g. admin@ces.local. This has now been adjusted. E-mails are now sent to all e-mail addresses (concretely: forwarded to Postfix). (#163)

[v6.5.5-1] - 2022-06-30

Changed

  • Update cas to v6.5.5 (#164)

[v6.5.5-1] - 2022-06-30

Changed

  • Update cas to v6.5.5 (#164)

[v6.5.3-8] - 2022-05-25

Changed

  • Suppress determination of an existing username via password reset function (#161)

    • Previously, an error message has been displayed if a username does not exist in the system. If the username is present in the system, a confirmation that an email has been sent followed. Now a confirmation page with customised text is displayed in both cases.

[v6.5.3-7] - 2022-05-18

Fixed

  • If CAS version 6.3.7-5, 6.5.2-1 or 6.5.3-1 has been used and an upgrade to a version >= 6.5.3.2 has been carried out, the migration of the service account for the LDAP from the read account to the write account is not performed. This resulted in a password change not being saved by the user and the user receiving an error message. This error has now been corrected. (#159)

[v6.5.3-6] - 2022-05-11

Added

  • Password Reset Functionality. For more information see docs (#156)

Fixed

  • Forgotten password button has always been displayed. If no text has been defined in etcd, a useless default text has been displayed. (#157)

[v6.5.3-5] - 2022-04-29

Fixed

  • Fix wrong translation on password reset view (#154)
  • Change reset password view for better ui flow

[v6.5.3-4] - 2022-04-28

Changed

  • Enhance forgot password feature, enhance accessibility (#152)

[v6.5.3-3] - 2022-04-27

Changed

  • fix proxy ticket validation with services contain ports (#150)

[v6.5.3-2] - 2022-04-27

  • Activate password policy to allow changing password after first login (#145)

[v6.5.3-1] - 2022-04-26

Changed

  • Upgrade cas to 6.5.3 (#147)

[v6.5.2-1] - 2022-04-13

Changed

  • Upgrade cas war overlay version to 6.5.2 (#141)
  • Update java base image to 11.0.14-3 (#141)
  • Update all base image packages prior to building the cas app (#141)
  • Upgrade spring boot to version 2.6.6 (#141)
  • Upgrade cypress to version 9.5.4 for the integration tests (#141)

Fixed

  • Fixed german translation on login page (#138).

[v6.3.7-5] - 2022-04-11

Changed

  • Set min-width for notch to fully display floating label for username (#143)

[v6.3.7-4] - 2022-03-29

Changed

  • Update java base image to 11.0.14-2 (#139)

[v6.3.7-3] - 2022-02-02

Changed

  • Set the ldap-min-pool-size to zero (#136)

[v6.3.7-2] - 2022-01-11

Fixed

  • The name entered at login previously has been directly transferred to the session (including upper and lower case). This has led to some problems and has now been changed to use the name and spelling from the LDAP entry. (#133)
  • On the logout page, English text was displayed in the German version. The correct German text is now displayed here for the English text.

[v6.3.7-1] - 2021-12-20

Changed

  • Update cas overlay version to version 6.3.7.4 (#129)

[v6.3.3-11] - 2021-12-13

Fixed

[v6.3.3-10] - 2021-11-30

Fixed

  • Get CAS 4 upgrade compatibility by moving upgrade steps to post-upgrade script; #123

[v6.3.3-9] - 2021-11-30

Added

  • add testkeys in thymeleaf templates for a stable selection in integrationtests (#122)

[v6.3.3-8] - 2021-11-09

Changed

  • warning label for invalid credentials conforms to styleguide (#120)

[v6.3.3-7] - 2021-10-21

Changed

  • use equal login error messages (#118)

[v6.3.3-6] - 2021-10-20

Changed

  • correct font-stack for inputs (#116)
  • update ces-theme to v0.4.0

[v6.3.3-5] - 2021-10-06

Added

  • OIDC-client support. Now, it is possible to register OIDC clients at the CAS via a service account. For more information see docs (#114)

[v6.3.3-4] - 2021-09-24

Added

  • OIDC-property to define an attribute that should be used as the principal id for the clients (#112)

[v6.3.3-3] - 2021-09-20

Fixed

  • CAS could not handle fqdn that contain uppercase letters (#110)

[v6.3.3-2] - 2021-09-09

Added

  • Add new configuration keys to delegate the cas authentication to a configured OIDC provider. For more information about the keys see here (#107)

Changed

  • Update UI to show OIDC-Link (#108)

[v6.3.3-1] - 2021-08-31

Added

  • Add new LDAP specific dogu configuration keys (#99)
  • Re-add LDAP group resolving with internal resolvers (#99)

Changed

  • Adapt the UI to the Cloudogu styling. (#91)
  • Update the underlying Tomcat library to v9.0 (#36)

Removed

  • Remove dependency to the ldap-mapper dogu in favour of direct LDAP connections (#99)

    • The vision of abstracting LDAP connections with help of the ldap-mapper dogu still remains. This change is an intermediate step until the necessary changes to the ldap-mapper dogu and the migration towards CAS 6 are completed.
  • Remove dogu configuration key ldap/use_user_connection_to_fetch_attributes. From now on, all connections to the LDAP to fetch user attributes are made via the system connection. (#103)

Fixed

  • At log level debug, the password has been output in plain text in some classes. The password is now no longer output in plain text anywhere. (#86)

Removed

  • Remove dogu configuration key logging/translation_messages

[v4.0.7.20-20] - 2021-06-02

Changed

  • Add autofocus attribute to username (#83)

[v4.0.7.20-19] - 2021-05-06

Changed

  • Improve accessibility of login mask by changing design (#80)

[v4.0.7.20-18] - 2021-04-20

Changed

  • Changes the positioning of alert-fields and the login button

[v4.0.7.20-17] - 2021-04-19

Changed

  • Changes to button and alert-dialogues on the login- and logout-page to increase accessibility

[v4.0.7.20-16] - 2021-02-18

Added

  • Adds verification via OAuth to the CAS

    Fixed

  • Return empty service account list if account directory is missing in registry

[v4.0.7.20-15] - 2021-01-22

Changed

  • Add own log level configuration for translation logs; #64
  • Set default log level for translation related logs to ERROR; #64

[v4.0.7.20-14] - 2021-01-11

Fixed

  • Activate Perf4J logger only if log level is INFO or DEBUG; #62

[v4.0.7.20-13] - 2020-12-17

Fixed

  • bug where the forgot_password_text-key was never applied for some browsers (#60)

Changed

  • Update java base image to 8u252-1

[v4.0.7.20-12] - 2020-12-14

Added

  • Ability to set memory limit via cesapp edit-config
  • Ability to configure the MaxRamPercentage and MinRamPercentage for the CAS process inside the container via cesapp edit-conf (#58)

[v4.0.7.20-11] - 2020-11-19

Added

  • add locales for deDE and enUS

Fixed

  • change server encoding so special characters will be decoded correctly (#56)

[v4.0.7.20-10] - 2020-11-12

Fixed

  • CAS bloated the log file after a dogu was uninstalled or marked as absent during a blueprint upgrade. (#54)

v4.0.7.20-9 - 2020-07-24

Changed

  • Use doguctl validation for log level

Added

  • Add modular makefiles
  • Add automated release flow

v4.0.7.20-8 - 2020-04-08

Added

A new CES registry key logging/root is evaluated to override the default root log level (#49). One of these values can be set in order to increase the log verbosity: ERROR, WARN, INFO, DEBUG.

CAS's Log4J log levels are directly applied from the root log level.

Tomcat log levels are mapped from the root log level as follows:

root log level Tomcat log level
ERROR Everything equal or above ERROR
WARN Everything equal or above WARNING
INFO Everything equal or above INFO
DEBUG Everything equal or above FINE

Changed

  • Under the hood we verify the Tomcat binary to spot (possibly) tampered Tomcat binaries during the build time. (#38)

Fixed

  • PerformanceStats are no longer logged to the container filesystem for reasons of discoverability and performance. Instead they are logged to the usual CES logging facility. (#48)

v4.0.7.20-7 - 2020-03-12

Added

  • cas config etcd key session_tgt/max_time_to_live_in_seconds to configure maximum session timeout
  • cas config etcd key session_tgt/time_to_kill_in_seconds to configure idle session timeout