chore: Release Notes

2025-05-21 08:23:55 +02:00 · 2025-05-01 14:17:21 +10:00 · 2025-05-01 14:17:21 +10:00 · 8461cf6538
parent aaf43c7b06
commit 8461cf6538
7 changed files with 319 additions and 204 deletions
--- a/Cargo.lock
+++ b/Cargo.lock
--- a/Cargo.toml
+++ b/Cargo.toml
@ -158,6 +158,8 @@ axum = { version = "0.7.9", features = [
    "tokio",
    "tracing",
 ] }
+axum-extra = { version = "0.9.6", features = ["cookie"] }
+axum-macros = "0.4.2"
 axum-htmx = { version = "0.5.0", features = ["serde", "guards"] }
 base32 = "^0.5.1"
 base64 = "^0.22.1"
@ -176,6 +178,7 @@ csv = "1.3.1"
 dialoguer = "0.11.0"
 dhat = "0.3.3"
 dyn-clone = "^1.0.17"
+enum-iterator = "2.1.0"
 filetime = "^0.2.24"
 fs4 = "^0.13.0"
 futures = "^0.3.31"
@ -197,7 +200,7 @@ image = { version = "0.25.6", default-features = false, features = [
    "webp",
 ] }
 itertools = "0.14.0"
-enum-iterator = "2.1.0"
+jsonschema = "0.30.0"
 kanidmd_web_ui_shared = { path = "./server/web_ui/shared" }
 # REMOVE this
 lazy_static = "^1.5.0"
--- a/README.md
+++ b/README.md
@ -26,7 +26,7 @@ Kanidm supports:
 - Attested passkeys for high security environments
 - OAuth2/OIDC authentication provider for web SSO
 - Application Portal allowing easy access to linked applications
- Linux/Unix integration with TPM secured offline authentication
+- Linux/Unix integration with TPM protected offline authentication
 - SSH key distribution to Linux/Unix systems
 - RADIUS for network and VPN authentication
 - Read-only LDAPs gateway for Legacy Systems
--- a/RELEASE_NOTES.md
+++ b/RELEASE_NOTES.md
@ -14,6 +14,50 @@ report it to our [issue tracker].

 ## Release Notes

+### 2025-05-01 - Kanidm 1.6.0
+
+This is the latest stable release of the Kanidm Identity Management project. Every release is the
+combined effort of our community and we appreciate their invaluable contributions, comments,
+questions, feedback and support.
+
+You should review our
+[support documentation] as this
+may have important effects on your distribution or upgrades in future.
+
+Before upgrading you should review
+[our upgrade documentation]
+
+#### 1.6.0 Important Changes
+
+- The kanidmd server configuration now supports versions. You should review the example server configuration and update to `version = "2"`.
+
+#### 1.6.0 Release Highlights
+
+- Drop fernet in favour of JWE for OAuth2 tokens (#3577)
+- Allow spaces in ssh key comments
+- Support HAProxy PROXY protocol v2 (#3542)
+- Preserve ssh key content on form validation error (#3574)
+- Harden pam unix resolver to prevent a token update race (#3553)
+- Improve db klock handling (#3551)
+- Unix pam unix config parser (#3533)
+- Improve handling of systemd notify (#3540)
+- Allow versioning of server configs (#3515)
+- Remove the protected plugin in favour of access framework (#3504)
+- Add `max_ber_size` to freeipa sync tool (#3530)
+- Make schema indexing a boolean rather than index type (#3517)
+- Add set-description to group cli (#3511)
+- pam kanidm now acts as a pam unix replacement (#3501)
+- Support rfc2307 in ldap import/sync (3466)
+- Handle incorrect OAuth2 clients that ignore response modes (#3467)
+- Improve idx validation performance (#3459)
+- Improve migration and bootstrapper (#3432)
+- Reduce size of docker container (#3452)
+- Add limits to maximum queryable ldap attributes (#3431)
+- Accept more formats of ldap pwd hashes (#3444, 3458)
+- TOTP Label validation (#3419)
+- Harden denied names against accidental lockouts (#3429)
+- OAuth2 supports redirect uri's with query parameters (#3422)
+
 ### 2025-02-09 - Kanidm 1.5.0

 This is the latest stable release of the Kanidm Identity Management project. Every release is the
--- a/server/core/Cargo.toml
+++ b/server/core/Cargo.toml
@ -24,9 +24,8 @@ askama = { workspace = true, features = ["with-axum"] }
 askama_axum = { workspace = true }
 axum = { workspace = true }
 axum-htmx = { workspace = true }
-axum-extra = { version = "0.9.6", features = ["cookie"] }
-axum-macros = "0.4.2"
-axum-server = { version = "0.7.1", default-features = false }
+axum-extra = { workspace = true }
+axum-macros = { workspace = true }
 bytes = { workspace = true }
 chrono = { workspace = true }
 compact_jwt = { workspace = true }
--- a/server/core/src/https/mod.rs
+++ b/server/core/src/https/mod.rs
@ -577,11 +577,10 @@ where
 {
    debug!(?client_conn_info);

-    let svc =
-        axum_server::service::MakeService::<ClientConnInfo, hyper::Request<Body>>::make_service(
-            &mut app,
-            client_conn_info,
-        );
+    let svc = tower::MakeService::<ClientConnInfo, hyper::Request<Body>>::make_service(
+        &mut app,
+        client_conn_info,
+    );

    let svc = svc.await.map_err(|e| {
        error!("Failed to build HTTP response: {:?}", e);
--- a/server/testkit/Cargo.toml
+++ b/server/testkit/Cargo.toml
@ -68,7 +68,7 @@ tokio-openssl = { workspace = true }
 kanidm_lib_crypto = { workspace = true }
 uuid = { workspace = true }
 webauthn-authenticator-rs = { workspace = true }
-jsonschema = "0.29.1"
+jsonschema = { workspace = true }

 [package.metadata.cargo-machete]
 ignored = ["escargot", "futures", "kanidm_build_profiles"]