1 | New in 2.1.12 |
---|
2 | ------------- |
---|
3 | * Distribute in Solaris tar (not GNU tar format) |
---|
4 | * Fix a number of build/configure related issues. |
---|
5 | |
---|
6 | New in 2.1.11 |
---|
7 | ------------- |
---|
8 | * Add the fastbind auth method to the saslauthd LDAP module. |
---|
9 | * Fix a potential memory leak in the doors version of saslauthd. |
---|
10 | * NTLM now only requires one of LM or NT, not both. |
---|
11 | * Fix a variety of Berkeley DB, LDAP, OpenSSL, and other build issues. |
---|
12 | * Win32 support compiles, but no documentation as of yet. |
---|
13 | |
---|
14 | New in 2.1.10 |
---|
15 | ------------- |
---|
16 | * Further DIGEST-MD5 DES interoperability fixes. Now works against Active |
---|
17 | Directory. |
---|
18 | * Fix some potential buffer overflows. |
---|
19 | * Misc. cleanups in the saslauthd LDAP module |
---|
20 | * Fix security properties of NTLM and EXTERNAL |
---|
21 | |
---|
22 | New in 2.1.9 |
---|
23 | ------------ |
---|
24 | * Include missing lib/staticopen.h file. |
---|
25 | |
---|
26 | New in 2.1.8 |
---|
27 | ------------ |
---|
28 | * Support for the NTLM mechanism (Ken Murchison <ken@oceana.com>) |
---|
29 | * Support libtool --enable-shared and --enable-static |
---|
30 | (Howard Chu <hyc@highlandsun.com>) |
---|
31 | * OS/390 Support (Howard Chu <hyc@highlandsun.com>) |
---|
32 | * Berkeley DB 4.1 Support (Mika Iisakkila <mika.iisakkila@pingrid.fi>) |
---|
33 | * Documentation fixes |
---|
34 | * The usual round of assorted other minor bugfixes. |
---|
35 | |
---|
36 | New in 2.1.7 |
---|
37 | ------------ |
---|
38 | * Add SASL_AUTHUSER as a parameter to sasl_getprop |
---|
39 | * Allow applications to require proxy-capable mechanisms (SASL_NEED_PROXY) |
---|
40 | * Performance improvements in our treatment of /dev/random |
---|
41 | * Removal of buggy DIGEST-MD5 reauth support. |
---|
42 | * Documentation fixes |
---|
43 | * Assorted other minor bugfixes. |
---|
44 | |
---|
45 | New in 2.1.6 |
---|
46 | ------------ |
---|
47 | * Security fix for the CRAM-MD5 plugin to check the full length of the |
---|
48 | digest string. |
---|
49 | * Return of the Experimental LDAP saslauthd module. |
---|
50 | * Addition of Experimental MySQL auxprop plugin. |
---|
51 | * Can now select multiple auxprop plugins (and a priority ordering) |
---|
52 | * Mechanism selection now includes number of security flags |
---|
53 | * Mac OS X 10.1 Fixes |
---|
54 | * Misc other minor bugfixes. |
---|
55 | |
---|
56 | New in 2.1.5 |
---|
57 | ------------ |
---|
58 | * Remove LDAP support due to copyright concerns. |
---|
59 | * Minor bugfixes. |
---|
60 | |
---|
61 | New in 2.1.4 |
---|
62 | ------------ |
---|
63 | * Enhancements and cleanup to the experimental LDAP saslauthd module |
---|
64 | (Igor Brezac <igor@ipass.net>) |
---|
65 | * Addition of a new sasl_version() API |
---|
66 | * Misc. Bugfixes |
---|
67 | |
---|
68 | New in 2.1.3-BETA |
---|
69 | ----------------- |
---|
70 | * Significant amount of plugin cleanup / standardization. A good deal of code |
---|
71 | is now shared between them. (mostly due to Ken Murchison <ken@oceana.com>) |
---|
72 | * DIGEST-MD5 now supports reauthentication. Also has a fix for DES |
---|
73 | interoperability. |
---|
74 | * saslauthd now supports the Solaris "doors" IPC method |
---|
75 | (--with-ipctype=doors) |
---|
76 | * Significant GSSAPI fixes (mostly due to Howard Chu <hyc@highlandsun.com>) |
---|
77 | * Auxprop interface now correctly deals with the * prefix indicating |
---|
78 | authid vs. authzid. (May break some incompatible auxprop plugins). |
---|
79 | * We now allow multiple pwcheck_method(s). Also you can restrict auxprop |
---|
80 | plugins to the use of a single plugin. |
---|
81 | * Added an experimental saslauthd LDAP module (Igor Brezac <igor@ipass.net>) |
---|
82 | * Removed check for db3/db.h |
---|
83 | * Misc. documentation updates. (Marshall Rose, and others) |
---|
84 | * Other misc. bugfixes. |
---|
85 | |
---|
86 | New in 2.1.2 |
---|
87 | ------------ |
---|
88 | * Mostly a minor-bugfix release |
---|
89 | * Improved documentation / cleanup of old references to obsolete |
---|
90 | pwcheck_methods |
---|
91 | * Better error reporting for auxprop password verifiers |
---|
92 | |
---|
93 | New in 2.1.1 |
---|
94 | ------------ |
---|
95 | * Many minor bugfixes throughout. |
---|
96 | * Improvements to OTP and SRP mechanisms (now compliant with |
---|
97 | draft-burdis-cat-srp-sasl-06.txt) |
---|
98 | * API additions including sasl_global_listmech, and a cleaner handling of |
---|
99 | client-first and server-last semantics (no application level changes) |
---|
100 | * Minor documentation improvements |
---|
101 | |
---|
102 | New in 2.1.0 |
---|
103 | ------------ |
---|
104 | * The Cyrus SASL library is now considered stable. It is still not backwards |
---|
105 | compatible with applications that require SASLv1. |
---|
106 | * Minor API changes occured, namely the canon_user callback interface. |
---|
107 | * saslauthd now preforks a number of processes to handle connections |
---|
108 | * Many bugfixes through the entire library. |
---|
109 | |
---|
110 | New in 2.0.5-BETA |
---|
111 | ----------------- |
---|
112 | * THIS IS A BETA-QUALITY RELEASE THAT IS NOT INTENDED FOR PRODUCTION USE. |
---|
113 | IT *WILL BREAK* ANY APPLICATION EXPECTING THE SASLv1 API. |
---|
114 | * Improved performance of security layers in KERBEROS_V4, GSSAPI, and DIGEST. |
---|
115 | * This release includes an OTP plugin that requires libopie. |
---|
116 | * SRP plugin now in alpha stage. |
---|
117 | * Includes many significant bugfixes throughout the library. |
---|
118 | |
---|
119 | New in 2.0.4-BETA |
---|
120 | ----------------- |
---|
121 | * THIS IS A BETA-QUALITY RELEASE THAT IS ONLY INTENDED FOR USE BY |
---|
122 | DEVELOPERS WHOSE APPLICATIONS MAKE USE OF THE CYRUS SASL LIBRARY. |
---|
123 | IT *WILL BREAK* ANY APPLICATION EXPECTING THE SASLv1 API. |
---|
124 | * This release now includes Mac OS 9 and Mac OS X support. |
---|
125 | * Significant new features include |
---|
126 | * DES and 3DES Encryption should now be working for DIGEST-MD5 |
---|
127 | * Improved configuration system |
---|
128 | * Improved documentation (now includes plugin writers guide) |
---|
129 | * Many other bugfixes (see ChangeLog) |
---|
130 | |
---|
131 | New in 2.0.3-BETA |
---|
132 | ----------------- |
---|
133 | * THIS IS A BETA-QUALITY RELEASE THAT IS ONLY INTENDED FOR USE BY |
---|
134 | DEVELOPERS WHOSE APPLICATIONS MAKE USE OF THE CYRUS SASL LIBRARY. |
---|
135 | IT *WILL BREAK* ANY APPLICATION EXPECTING THE SASLv1 API. |
---|
136 | * This library should be fairly close to the core features that will be |
---|
137 | released in a final version of Cyrus SASLv2. It very likely has bugs. |
---|
138 | * Major new features included in this release: |
---|
139 | - The glue code now correctly handles client-send-first and server-send-last |
---|
140 | situations based on what the protocol and mechanism each support. |
---|
141 | - The sasldb code has been extracted from the main library and now resides |
---|
142 | in a separate libsasldb.la that is available at build time. |
---|
143 | - SASLdb now supports multiple auxiliary properties, though as distributed |
---|
144 | only userPassword is implemented and used. |
---|
145 | - Much improved configure checking for various items, including |
---|
146 | Berkeley DB, Kerberos, and GSSAPI. |
---|
147 | - Better (more standard) handling of realms in DIGEST-MD5. |
---|
148 | - A new Plugin Programmer's guide. |
---|
149 | - IPv6 support. |
---|
150 | - Error reporting now works in the GSSAPI plugin. |
---|
151 | * See the ChangeLog for a more detailed list of changes. |
---|
152 | |
---|
153 | New in 2.0.2-ALPHA |
---|
154 | ------------------ |
---|
155 | * THIS IS AN ALPHA-QUALITY RELEASE THAT IS ONLY INTENDED FOR DEVELOPERS |
---|
156 | WHOSE APPLICATIONS MAKE USE OF THE CYRUS SASL LIBRARY. |
---|
157 | * This release is intended to show developers that use Cyrus SASL what |
---|
158 | direction we are planning on taking the library so that they can make |
---|
159 | plans to migrate their applications accordingly |
---|
160 | * Major new features included in this release: |
---|
161 | - Ability to compile a static library including all mechanisms. This |
---|
162 | means lower memory usage and faster mechanism loading time, but |
---|
163 | is not for everyone (or even many people). See doc/advanced.html, |
---|
164 | as well as the '--with-staticsasl' configure flag. |
---|
165 | - Man pages should now all be present and are close to being correct. |
---|
166 | - Can now build libsfsasl and the smtptest program (using the --with-sfio |
---|
167 | configure flag) |
---|
168 | - Reverted to the v1 entry points for mechanisms, to allow v1 mechanisms |
---|
169 | to fail loading cleanly. |
---|
170 | - Auxprop and canon_user plugins can now load from DSOs |
---|
171 | - Java code now compiles (but is not well tested, or up to date with the |
---|
172 | current Java API draft) |
---|
173 | - Error handling and use of sasl_errdetail has been fleshed out and |
---|
174 | should now work in most cases. |
---|
175 | * Still Coming: |
---|
176 | - Cleanup of the client-send-first and server-send-last situation |
---|
177 | - Error reporting in GSSAPI plugin |
---|
178 | - Move the sasldb code out of the main library and into plugins and |
---|
179 | utilities only. |
---|
180 | |
---|
181 | New in 2.0.0-ALPHA |
---|
182 | ------------------ |
---|
183 | * THIS IS AN ALPHA-QUALITY RELEASE THAT IS ONLY INTENDED FOR DEVELOPERS |
---|
184 | WHOSE APPLICATIONS MAKE USE OF THE CYRUS SASL LIBRARY. |
---|
185 | * This release is intended to show developers that use Cyrus SASL what |
---|
186 | direction we are planning on taking the library so that they can make |
---|
187 | plans to migrate their applications accordingly |
---|
188 | * This release implements the SASLv2 API. |
---|
189 | Some of the major improvements in the API include: |
---|
190 | - Memory management is now sane (whoever allocates the memory is responsible |
---|
191 | for freeing it) |
---|
192 | - Auxiliary Property plugin support (ability to interface with directory |
---|
193 | services as part of authentication) |
---|
194 | - Username canonification plugin support |
---|
195 | - Improved error reporting (not fully implemented in this release) |
---|
196 | - Database support has been simplified. We now maintain only a single |
---|
197 | store of plaintext passwords that is shared by all supplied plugins |
---|
198 | (using the auxiliary property interface). |
---|
199 | The new API is more fully documented in the header files sasl.h, saslplug.h |
---|
200 | saslutil.h, and prop.h. The man pages, programmers guide, and system |
---|
201 | administrators guide have also been rewritten to deal with the new API. |
---|
202 | * There is still a good amount of work to be done, and as this code is alpha |
---|
203 | quality, it has bugs, known and unknown. Please either use our bugzilla at |
---|
204 | http://bugzilla.andrew.cmu.edu, or email cyrus-bugs@andrew.cmu.edu with |
---|
205 | questions, comments, or bug reports. |
---|
206 | - Most notably, the Java bindings have not been converted to work with |
---|
207 | the new API, and thus will not compile successfully. |
---|
208 | - The current development branch with this source is in our |
---|
209 | cvs repository as the "sasl-v2-rjs3" branch of the "sasl" collection. |
---|
210 | (see http://asg.web.cmu.edu/cyrus/download/anoncvs.html for more info) |
---|