⚡ Security
- No security fixes since previous release
- Oldest release with no known security issue is
v3.22.00(2025-09-17)
💡 Highlights
This minor release fixes a few issues.
The most notable one is that cross-realm TOTP MFA checks were not working properly, which could prevent TOTP MFA from being enforced as expected when connecting to a target through a realm. This was not the case for password MFA.
We also fixed the --bind option, which was not being applied properly, and moved the banner seal service setup to the install script when using /home encryption (#653).
On the enhancement side, we now poke directly into the kernel's PRNG (/dev/urandom) instead of relying on Perl's rand() wherever we need randomness, for good measure.
We get our usual round of internal cleanups too, listed below.
For an exhaustive (and boring) list, please refer to the commit log.
📌 Changes
- enh: use
/dev/urandominstead ofrand() - fix: cross-realm TOTP MFA check didn't work properly
- fix: the
--bindoption was not being applied properly - fix: setup-encryption: move the banner seal service setup to the install script (#653)
- chore: replace grep-as-boolean with
List::Utilany/none - chore: standardize
$fnret->msgto stringified$fnret