Skip to content

Releases: CESNET/perun


07 Nov 16:05
Choose a tag to compare

31.0.0 (2023-11-07)


  • core: the ssh-keygen tool has to be available on instance machines
  • core: edit new config property perun.mailchange.replyTo and existing perun.mailchange.backupFrom to customize the respective fields of sent emails (from core API).
    replyTo (and replyToName) can be defined in to achieve the same for registrar
  • core: Method blockServicesOnDestinations does not throw
    ServiceAlreadyBannedException anymore.


  • core: allow customization of replyTo field of emails (1f20e82)
  • core: bulk-up public ssh key validation (64aaa86)
  • core: filter by role (84e0ccd)
  • engine: pass service name to send/gen script when using generic scripts (7c74749)

Bug Fixes

  • 🐛 Fix BBMRIResources registration module possible NullPExc (bfb3e6a)
  • 🐛 Use getAllSubgGroups in BBMRIResources reg.module (3fdcffc)
  • core: group admin/membership manager should not have rights for verifying users' mail address (53dbe02)
  • core: ignore already blocked destination (ad1774d)
  • correct attribute references in enabledO365MailForward (c52f15c), closes ST-1168
  • deps: update dependency to directory_v1-rev20231005-2.0.0 (bb691b0)
  • deps: update dependency commons-cli:commons-cli to v1.6.0 (11c038b)
  • deps: update dependency io.swagger:swagger-annotations to v1.6.12 (605aa63)
  • deps: update dependency org.json:json to v20231013 [security] (c207e8b)
  • deps: update dependency org.springframework.boot:spring-boot-starter-parent to v2.7.17 (6d6b4e5)
  • gui: typo in candidate title after param (ae6f8a7)
  • registrar: log error on submitted embedded aplications (6587daf)
  • registrar: pass registrar session when submitting embedded applications (ce6bb52)
  • registrar: transaction for approving multiple applications (369fcd3)


10 Oct 13:56
Choose a tag to compare

30.1.1 (2023-10-10)

Bug Fixes

  • core: authorization in removeBan() methods (25d2f5a)


10 Oct 04:10
Choose a tag to compare

30.1.0 (2023-10-10)


  • core: add getAssociatedResources to RPC and openapi (0c07203)
  • core: mfa categories use namespace as key (6096bf6)
  • core: new scopedLogin_mu virtual attribute (08e8eb6)

Bug Fixes

  • core: add right for GROUPMEMBERSHIPMANAGER to invite members (2c83cab)
  • core: initialize missing unixGID-namespace facility attribute (237371e)
  • core: user:virt:voPersonExternalAffiliation forces to lowercase (3facb22)
  • deps: update dependency net.jodah:expiringmap to v0.5.11 (f6ca050)
  • deps: update dependency org.springframework.boot:spring-boot-starter-parent to v2.7.16 (cfc7adc)
  • deps: update dependency org.xhtmlrenderer:flying-saucer-pdf to v9.3.1 (3c40522)


27 Sep 11:36
Choose a tag to compare

30.0.0 (2023-09-27)


  • 🧨 ApplicationForm bean property moduleClassName replaced with
    moduleClassNames. Type has changed from String to List. Includes
    database version update and column module_name of application_form table
    being renamed to module_names.
  • requires database update. UI version have to work with
    updated model of ApplicationForm (moduleClassName replaced with
    field moduleClassNames).
  • core: the groupMembershipExpiration attribute needs to have a new READ policy collection created with the SELF - USER policy
  • Changed behaviour might cause sending notifications to
    managers or configured TO recipients in parent group rather than to VO.


  • 🎸 Allow multiple reg. modules to be configured (b807877)
  • 🎸 Cascade to parent gr. when deciding gr. TO recipients (8adea84)
  • cli: added getRichMember method to the perl client API (1c53692)
  • core: allow members to read their group expiration (811b217)
  • core: allow resource managers to read subgroup managers (ba1bb15)
  • core: new ExtSource type for IT4I (28d6f87)
  • core: sort users by IDs when synchronizing LDAP (cf542ed)
  • core: support authoritative groups in group structure synchronization (9bc9d14)

Bug Fixes

  • core: properly resolve members removal from authoritative groups (26de9ab)
  • deps: update dependency to directory_v1-rev20230822-2.0.0 (f3bee32)
  • deps: update dependency org.xhtmlrenderer:flying-saucer-pdf to v9.2.2 (f20ec3d)
  • fixed definition of logback in perun-auditlogger (0f0ea39)
  • minimize default logging for perun-auditlogger (f46ba67)


11 Sep 23:31
Choose a tag to compare

29.1.0 (2023-09-11)


  • core: approve applications method (6fdaf33)
  • core: delete applications method (a873ae5)
  • core: new enabledO365MailForward virtual attribute (fcb256f)
  • core: reject applications method (a2d270c)
  • core: resend notifications method (352d9e2)

Bug Fixes

  • core: approve applications order (019acfe)
  • deps: update dependency org.springframework.boot:spring-boot-starter-parent to v2.7.15 (7d389b9)


04 Sep 12:26
Choose a tag to compare

29.0.0 (2023-09-04)


  • Auditlogger no longer writes audit messages to the syslog. All configuration
    related to usage of syslog is ignored and can be removed from /etc/perun/perun-auditlogger
    and /etc/perun/ Make sure journald is present and configured
    on the machine before deploying.

  • core: added new role 'PERUNADMINBA'

  • 🎸 Filter our embedded groups where user is member (1968093)

  • 🎸 RPC groupsManager/getGroupsWhereUserIsActiveMember (baf35f7)

  • core: added new role (9c55b3a)

  • core: allow perun observer to call getAllNamespaces method (a75e080)

  • core: attribute module for microsoft mails (26b530d)

  • core: check open applications (fe13f87)

  • core: enforce mfa modul - correctly retrieve mfa categories (dafdc82)

  • core: free logins when deleting login namespace attribute (1d5f537)

  • core: restrict deletion of the attribute definition (b562024)

  • core: richgroup is not supported (3089fba)

  • deps: update dependency to directory_v1-rev20230814-2.0.0 (980708a)

  • registrar: disable member invitation for incorrect setup (c482ddc)

  • use journald instead of syslog in perun-auditlogger (fdd9e54)


28 Aug 01:19
Choose a tag to compare

28.0.2 (2023-08-28)


15 Aug 12:11
Choose a tag to compare

28.0.1 (2023-08-15)


10 Aug 06:58
Choose a tag to compare

28.0.0 (2023-08-10)


  • authz table was updated
    ALTER TABLE authz ADD COLUMN created_at timestamp default statement_timestamp() not null;
    ALTER TABLE authz ADD column created_by varchar default user not null;
    UPDATE configurations set value='3.2.16' WHERE property='DATABASE VERSION';

  • core: column 'global' was added to the attribute_critical_actions table
    Database changelog:
    ALTER TABLE attribute_critical_actions ADD COLUMN global boolean default false not null;
    UPDATE configurations SET value='3.2.17' WHERE property='DATABASE VERSION';

  • core: Added created_at and created_by columns to authz table.

  • core: New property 'appAllowedRoles' added to the CoreConfig. In define 'perun.appAllowedRoles.apps' as a list of names of apps where role limitation is necessary.
    For each app name, define regex which maps to the Referer header of the request coming from the given app and a list of allowed roles. For example:

  • core: Make sure following registration modules are not used on your instance - Ceitec, EduGain, Elixircz, Sitola and WeNMR.

  • fixup! feat(core): extend authz table with audit attributes (a85de71)

  • core: removed unused registration modules (32bbba5)

New features and notable changes

  • 🎸 BBMRIResources reg. module (8cee9f6)
  • 🎸 new RPC method membersManager/sendUsernameReminder (60eccd0)
  • core: allow to set attribute action as globally critical (da3d1eb)
  • core: attribute modul for mfaEnforceSettings (6de84b7)
  • core: extend authz table with audit attributes (1608da5)
  • core: filter getMembersPage (9d52d58)
  • core: last successful propagation (56d6722)
  • core: remove not allowed roles (c3654b6)
  • core: skip MFA for internal components (259e284)
  • enable facility search for SP reg role (9274d3c)


20 Jul 07:35
Choose a tag to compare

27.1.0 (2023-07-20)


  • core: new configuration property 'mail.smtp.from'

  • core: Remove all user identities for "" IdP (ExtSource).

  • core: do not create certificate IdP identity for e-INFRA CZ (9f9fcb8)

New features and notable changes

  • core: added 'mail.smtp.from' to configuration file (b328846)
  • core: virtual attribute for eligibilities (76bd8c7)