106 lines
2.8 KiB
Plaintext
106 lines
2.8 KiB
Plaintext
swauth (1.3.0)
|
|
|
|
[SECURITY] Stop using client headers for cross-middleware communication
|
|
WARNING: You need to upgrade Swift3 to at least 1.12
|
|
|
|
[SECURITY] Hash token before storing it in Swift (CVE-2017-16613)
|
|
WARNING: In deployments without memcached this patch logs out all users
|
|
because tokens became invalid.
|
|
|
|
swauth (1.2.0)
|
|
|
|
Allow to set password by hash
|
|
|
|
Allow to set hash salt in config for S3 compatibility
|
|
|
|
Due to security reason, S3 support is disabled by default
|
|
|
|
Salt is not included in S3 HMAC computation
|
|
|
|
Use correct content type on JSON responses
|
|
|
|
Fix changing of auth_type in existing deployments
|
|
|
|
Remove outdated locale
|
|
|
|
swauth (1.1.0)
|
|
|
|
This is first release after move to OpenStack Infra
|
|
|
|
Allow users to change their own password/key
|
|
|
|
Add support for storage policy
|
|
|
|
Show password prompt if key is not specified
|
|
|
|
Allow to use Keystone at same time
|
|
|
|
Support SHA512 for password hashing
|
|
|
|
Code cleanup
|
|
|
|
Bugfixies a security fixies
|
|
|
|
swauth (1.0.8)
|
|
|
|
Added request.environ[reseller_request] = True if request is coming from an
|
|
user in .reseller_admin group
|
|
|
|
Fixed to work with newer Swift versions whose memcache clients require a
|
|
time keyword argument when the older versions required a timeout keyword
|
|
argument.
|
|
|
|
swauth (1.0.7)
|
|
|
|
New X-Auth-Token-Lifetime header a user can set to how long they'd like
|
|
their token to be good for.
|
|
|
|
New max_token_life config value for capping the above.
|
|
|
|
New X-Auth-Token-Expires header returned with the get token request.
|
|
|
|
Switchover to swift.common.swob instead of WebOb; requires Swift >= 1.7.6
|
|
now.
|
|
|
|
swauth (1.0.6)
|
|
|
|
Apparently I haven't been keeping up with this CHANGELOG. I'll try to be
|
|
better onward.
|
|
|
|
This release added passing OPTIONS requests through untouched, needed for
|
|
CORS support in Swift.
|
|
|
|
Also, Swauth is a bit more restrictive in deciding when it's the definitive
|
|
auth for a request.
|
|
|
|
swauth (1.0.3-dev)
|
|
|
|
This release is still under development. A full change log will be made at
|
|
release. Until then, you can see what has changed with:
|
|
|
|
git log 1.0.2..HEAD
|
|
|
|
swauth (1.0.2)
|
|
|
|
Fixed bug rejecting requests when using multiple instances of Swauth or
|
|
Swauth with other auth services.
|
|
|
|
Fixed bug interpreting URL-encoded user names and keys.
|
|
|
|
Added support for the Swift container sync feature.
|
|
|
|
Allowed /not/ setting super_admin_key to disable Swauth administration
|
|
features.
|
|
|
|
Added swauth_remote mode so the Swauth middleware for one Swift cluster
|
|
could be pointing to the Swauth service on another Swift cluster, sharing
|
|
account/user data sets.
|
|
|
|
Added ability to purge stored tokens.
|
|
|
|
Added API documentation for internal Swauth API.
|
|
|
|
swauth (1.0.1)
|
|
|
|
Initial release after separation from Swift.
|