Skip to content

2.3.2

Choose a tag to compare

View all tags
@dmulder dmulder released this 22 Jan 18:40
· 831 commits to main since this release
2.3.2
5a7a598
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Himmelblau 2.3.2 Release Notes

Summary

This release focuses on cross-distribution compatibility, bug fixes, and improved system integration.

Bug Fixes

  • Fixed semver parse error with Intune compliance - The OS version compliance check now skips validation when Intune policies don't specify min/max OS version constraints (fixes #1006)
  • Fixed NSS user lookup for user_map entries - Users mapped via the user_map configuration file are now correctly resolved when cn_name_mapping is disabled (fixes #848)
  • Improved MFA error handling - Added proper detection and retry logic for MFARequired errors during PRT exchange with ConvergedTFA
  • Graceful consent error handling - Group name lookups now handle consent errors without failing

Improvements

  • HSM PIN initialization reworked - Moved HSM PIN creation from postinst script to a new systemd oneshot service (himmelblau-hsm-pin-init.service) for better compatibility with Live system deployments
  • SELinux policy improvements:
    • Wrapped external types in optional blocks for cross-distribution compatibility
    • Changed to runtime compilation at install time to match the target system's SELinux version
  • Improved PAM configuration on openSUSE/SLE

Dependency Updates

  • Downgraded kanidm dependencies to 1.7.4 for Rust 1.88 compatibility (SUSE Linux Factory)
  • Updated chrono, time, cc, zbus, and rsa crates to latest versions

Full Changelog: 2.3.1...2.3.2

Assets 2
Loading