2024.1 Series Release Notes¶
25.0.0-8¶
New Features¶
Added a new command to the admin cli tool: keystone-manage reset_last_active. This new command updates the database to overwritet any NULL values in last_active_at in the user table to the current time. This is a necessary step to fix Bug #2074018. See launchpad for details.
Security Issues¶
The new keystone-manage rest_last_active command resets all NULL values in last_active_at in the user table to help fix Bug #2074018. Running this command may be necessary in environments that have been deployed for a long time and later decide to adopt the [security_compliance disable_user_account_days_inactive = X option. See Bug #2074018 for details.
A side-effect of this command is that it resets the amount of time that an unused account is active for. Unused accounts will remain active until the configured days have elapsed since the day the command is run.
Bug Fixes¶
Fixed Bug #2074018: Changed the user model to always save the date of the last user activity in last_active_at. Previous to this change, the last_active_at field was only updated when the option for [security_compliance] disable_user_account_days_inactive was set. If your deployment is affected by this bug, you must run keystone-manage reset_last_active before setting the disable_user_account_days_inactive option.
25.0.0¶
New Features¶
Added support for the
bcrypt_sha256
password hashing algorythm, which does workaround limitation on a password length BCrypt have by running the password through HMAC-SHA2-256 first.
Upgrade Notes¶
The following deprecated options in the
[memcache]
section have been removed.dead_retry
pool_maxsize
pool_unused_timeout
pool_connection_get_timeout
The following options have been removed.
[eventlet_server] public_bind_host
[eventlet_server] public_bind_port
[eventlet_server] public_admin_host
[eventlet_server] public_admin_port
The following command line options have been removed. These options were used by Keystone eventlet model which was removed in Newton release.
standard-threads
pydev-debug-host
pydev-debug-port
Keystone no longer substitute the following string interpolations in catalog information. Replace string interpolations by hard-coded strings before upgrade.
public_bind_host
public_bind_port
public_admin_host
public_admin_port
Deprecation Notes¶
The templated catalog driver has been deprecated and will be removed in a future release.
Bug Fixes¶
[bug 2052916] Fixed a bug where a HTTP GET request against
/v3/s3tokens
or/v3/ec2tokens
would return HTTP 500 instead of HTTP 405.