v3.14.00

⚡ Security

• No security fixes since previous release
• Oldest release with no known security issues: v3.00.00 (first public version)

💡 Highlights

This release fixes a possibly problematic behavior introduced in v3.13.00 when replacing sqlite logging of plugins output by ttyrec where the scp and sftp plugins, when downloading a file (from the remote server to the local machine through the bastion) would save the binary stream as part of the ttyrec file, possibly taking a lot of space when these plugins are often used.

Another, somehow niche, new feature is the support of so-called type8 and type9 hash types for egress passwords, mainly used by network devices. More information is available in the specific upgrade instructions link below.

📌 Changes

• feat: add type8 and type9 password hashes
• feat: add stealth_stderr/stdout ttyrec support, enable it for scp & sftp

⏩ Upgrading

• General upgrade instructions
• Specific upgrade instructions for v3.14.00

v3.13.01

⚡ Security

• No security fixes since previous release
• Oldest release with no known security issues: v3.00.00 (first public version)

💡 Highlights

This minor release has only a few changes, mainly on the documentation and setup sides. Two new important documentation sections have appeared:

• The JSON API section, detailing how to integrate The Bastion in your automated workflows, and
• The Multi-Factor Authentication (MFA) section, detailing several possible setups to harden your users accesses

The features documented above have been available since v3.00.00, so updating to this version is not required to use them.

A more complete list of changes can be found below, for an exhaustive (and boring) list, please refer to the commit log.

📌 Changes

• doc: add JSON API and MFA documentations
• fix: clush: restore default handlers for SIGHUP/PIPE
• enh: setup-gpg.sh: create additional backup signing config with --generate

Thanks to @toutoen and @docwalter for their contribution to this release.

⏩ Upgrading

• General upgrade instructions
• Specific upgrade instructions for v3.13.01

v3.13.00

⚡ Security

• No security fixes since previous release
• Oldest release with no known security issues: v3.00.00 (first public version)

💡 Highlights

The change from the previous version is:

• The plugins output is now recorded using ttyrec, as the egress connections are, instead of being stored in sqlite format
  within the home folder of the account. This helps avoiding the sqlite databases growing too much in size when
  accounts are using --osh commands very intensively.

A more complete list of changes can be found below, for an exhaustive (and boring) list, please refer to the commit log.

📌 Changes

• enh: use ttyrec instead of sqlite to record plugin output
• fix: selfMFASetupPassword: restore default sighandlers to avoid being zombified

⏩ Upgrading

• General upgrade instructions
• Specific upgrade instructions for v3.13.00

v3.12.00

⚡ Security

• No security fixes since previous release
• Oldest release with no known security issues: v3.00.00 (first public version)

💡 Highlights

Main changes from the previous version are:

• Debian "Stretch" 9 is no longer officially supported, as this version has been EOL upstream for a few months now. This doesn't mean that the future versions of The Bastion won't work under this distro, it means that this distro release is no longer part of the automated tests. As Debian Stretch is EOL, you should consider upgrading to a more recent version, as maintaining a secured underlying OS is paramount to the whole security of The Bastion (or of any other software).

• Debian "Bookworm" 12 has been part of the automated tests for a while, but is now officially supported as this has been officially released upstream.

• Two new configuration parameters have been added to the selfAddPersonalAccess and accountAddPersonalAccess commands.

Side note: tagged releases are now signed. This was a prerequisite to the upcoming integrated and secure adminUpgrade command.

A more complete list of changes can be found below, for an exhaustive (and boring) list, please refer to the commit log.

📌 Changes

• feat: add 2 configurable knobs to (self|account)AddPersonalAccess
• feat: plugins: add loadConfig parameter & config validator support
• chg: drop support for Debian 9, add support for Debian 12
• fix: accountList: crash in some cases
• fix: add missing autocompletions, readonly flags and help category for some plugins
• chore: fix GitHub actions under FreeBSD

⏩ Upgrading

• General upgrade instructions
• Specific upgrade instructions for v3.12.00

v3.11.02

⚡ Security

• No security fixes since previous release
• Oldest release with no known security issues: v3.00.00 (first public version)

💡 Highlights

Main changes from the previous version are:

• A new script bin/admin/check_uid_gid_collisions.pl has been added, to ease procedures such as HA setup and backup restoration. The documentation has been updated accordingly to reference the proper usage of this script at the right steps.
• We now support RockyLinux 9, OpenSUSE Leap 15.4. Debian 12 is also now part of the test workflows to ensure we support it as soon as it's officially released in the next few months.

A more complete list of changes can be found below, for an exhaustive (and boring) list, please refer to the commit log.

📌 Changes

• feat: add uid/gid collisions checking script & document it for HA cluster setup and backup restore (#378)
• fix: groupAddServer: --force-key wasn't working properly (#259)
• fix: groupInfo: reintroduce group name in human-readable output (mistakenly removed in v3.11.00)
• chg: add Debian 12 to tests (not released yet, so not officially supported for now)
• chg: add RockyLinux 9 support
• chg: bump OpenSUSE Leap tests from 15.3 to 15.4
• chg: push sandbox and tester images from Debian 10 to Debian 11
• remove: get rid of decade-old Debian openssh-blacklist logic
• remove: get rid of deprecated UseRoaming option from ssh_config

⏩ Upgrading

• General upgrade instructions
• Specific upgrade instructions for v3.11.02

v3.11.01

⚡ Security

• No security fixes since previous release
• Oldest release with no known security issues: v3.00.00 (first public version)

💡 Highlights

This is a hotfix release, the only fixed issue is a display issue introduced in v3.11.00 in the groupInfo command, which would always display an empty list for the gatekeepers of a group, along with "?" instead of the number of accesses for each guest.
Note that the JSON output was correct, only the human-readable output of groupInfo was impacted.

⏩ Upgrading

• General upgrade instructions

v3.11.00

⚡ Security

• No security fixes since previous release
• Oldest release with no known security issues: v3.00.00 (first public version)

💡 Highlights

Main changes from the previous version are:

• SFTP passthrough is now supported, all the commands manipulating accesses have been modified accordingly, to add the --sftp option. More information can be found in the documentation.
• The groupInfo and accountInfo commands have been augmented with a new --all option, reserved for bastion auditors, to dump detailed data about all the groups or accounts, respectively. The amount of information to be dumped can be controlled with a series of --with-* and --without-* options, more information can be found in each command's own documentation (groupInfo and accountInfo. Prefer the use of accountInfo --all instead of accountList --audit, as the latter will be deprecated soon.

Another change that should be noted is the removal of the implicit --port-any and --user-any to the self(Add|Del)PersonalAccess and account(Add|Del)PersonalAccess commands, when either --user or --port are omitted, to be consistent with group(Add|Del)Server which never had this behaviour. This always emitted a deprecation warning since the first publicly released version, encouraging the explicit use of --user-any and/or --port-any when this was desired. Now, omitting these options will simply return an error, as this has always been the case with group(Add|Del)Server.

A more complete list of changes can be found below, for an exhaustive (and boring) list, please refer to the commit log.

📌 Changes

• feat: add sftp support
• feat: add the possibility to auditors of listing all groups with groupInfo and all accounts with accountInfo,
  using --all, along with filtering additional data with --with-* and without-* new options
• enh: setup-encryption.sh: don't require install to be called before us
• enh: remove implicit --(user|port)-any if omitted when using (self|account)(Add|Del)PersonalAccess commands
• fix: race condition when two parallel account creations used the --uid-auto option
• doc: add restore from backup howto
• doc: add PuTTY connection setup howto

⏩ Upgrading

• General upgrade instructions
• Specific upgrade instructions for v3.11.00

v3.10.00

⚡ Security

• No security fixes since previous release
• Oldest release with no known security issues: v3.00.00 (first public version)

💡 Highlights

Main changes from the previous version are:

• Two new restricted commands: accountFreeze and accountUnfreeze, to temporarily disable an account, in a reversible way.
• New options to the accountInfo commands: --no-password-info and --no-output, to get a speed boost when those informations are not needed by the caller

A more complete list of changes can be found below, for an exhaustive (and boring) list, please refer to the commit log.

📌 Changes

• feat: add accountFreeze/accountUnfreeze commands
• enh: accountInfo: add --no-password-info and --no-output options
• enh: more precise matching of ssh client error messages
• enh: osh.pl: add the account name on each error message
• fix: invalid suffixed account creation (#357)

⏩ Upgrading

• General upgrade instructions
• Specific upgrade instructions for v3.10.00

v3.09.02

⚡ Security

• No security fixes since previous release
• Oldest release with no known security issues: v3.00.00 (first public version)

💡 Highlights

Previous version (v3.09.01) was tagged but not released, main change since last released version is a speedup of the internal execute() function, speeding up several portions of the code.

A more complete list of changes can be found below, for an exhaustive (and boring) list, please refer to the commit log.

📌 Changes

• fix: basic mitigation for scp's CVE-2020-15778 (upstream doesn't consider it a bug)
• fix: batch: don't attempt to read if STDIN is closed
• enh: make execute() way WAY faster

⏩ Upgrading

• General upgrade instructions
• Specific upgrade instructions for v3.09.02

v3.09.00

⚡ Security

• No security fixes since previous release
• Oldest release with no known security issues: v3.00.00 (first public version)

💡 Highlights

This version has quite a lot of commits. This includes a standardization of satellite scripts configuration format and standard parameters, hence some configuration review might need to be done after upgrading (detailed in the specific upgrades instructions below).

The 3 main changes of this version are:

• The osh-encrypt-rsync.pl script functionalities have been extended to not only cover the encryption/rotation/exporting of ttyrec files, but now also each user's local access logs and sql logs, where applicable. Previously, these logs where handled by the compress-old-logs.sh script, which was just compressing these files in-place. The latter script has now been removed in favor of the new features of osh-encrypt-rsync.pl, which not only handles compression/encryption, but also export of these files to the same remote escrow filer than you may have configured for your ttyrec files.

• The NRPE probes we use to monitor our bastion clusters have been added to the contrib/ folder, if you're using Nagios, Icinga or any other NRPE-compatible monitoring system, you might want to have a look to said folder.

• Ubuntu 22.04 LTS is now supported and part of the automated tests. CentOS 8 has been removed, as this distribution has been EOL for some time. The software might still work for the meantime, but any potential future incompatibility might go undetected, and is not guaranteed to be fixed. Note that however, RockyLinux 8 is supported and tested.

As a side note, an overhaul of the left menu of the documentation has been done, in an effort to enhance documentation navigation as the documentation book thickens.

A more complete list of changes can be found below, for an exhaustive (and boring) list, please refer to the commit log.

📌 Changes

• feat: osh-encrypt-rsync.pl: handle sqlite and user logs along with ttyrec files
• remove: compress-old-logs.sh script, as osh-encrypt-rsync.pl does the job now
• remove: delete CentOS 8 from tests (EOL)
• feat: add osh-cleanup-guest-key-access.pl script
• feat: add NRPE probes in contrib/
• enh: standardize snake_case for all system scripts json config files
• enh: cron scripts: factorize common code and standardize logging & config
• enh: osh-lingering-sessions-reaper.pl: make it configurable
• enh: osh-piv-grace-reaper.pl: run only on master, standardize config reading
• enh: add more info in syslog warnings for accountDelete
• enh: tests: faster perl-check script
• fix: accountInfo wasn't showing TTL account expiration #329
• fix: ping: force a deadline, and restore default sighandlers
• fix: accountInfo: missing creation date on non-json output
• fix: osh-remove-empty-folders.pl: fix folders counting (logging only)
• fix: osh-encrypt-rsync.pl: delete +a source files properly
• fix: osh-encrypt-rsync.pl: ensure $verbose is always set & make it configurable
• fix: install: ensure that the healthcheck user can always connect from 127.0.0.1
• fix: install: avoid cases of sigpipe on tr
• fix: don't emit a membership log when nothing changed
• fix: {group,account}Delete: move() would sometimes fail, replace by mv
• fix: workaround for undocumented caching in getpw/getgr funcs
• doc: better menu organization and more complete config files reference

⏩ Upgrading

• General upgrade instructions
• Specific upgrade instructions for v3.09.00