2024.1 Series Release Notes

25.0.0-8

New Features

  • Added a new command to the admin cli tool: keystone-manage reset_last_active. This new command updates the database to overwritet any NULL values in last_active_at in the user table to the current time. This is a necessary step to fix Bug #2074018. See launchpad for details.

Security Issues

  • The new keystone-manage rest_last_active command resets all NULL values in last_active_at in the user table to help fix Bug #2074018. Running this command may be necessary in environments that have been deployed for a long time and later decide to adopt the [security_compliance disable_user_account_days_inactive = X option. See Bug #2074018 for details.

    A side-effect of this command is that it resets the amount of time that an unused account is active for. Unused accounts will remain active until the configured days have elapsed since the day the command is run.

Bug Fixes

  • Fixed Bug #2074018: Changed the user model to always save the date of the last user activity in last_active_at. Previous to this change, the last_active_at field was only updated when the option for [security_compliance] disable_user_account_days_inactive was set. If your deployment is affected by this bug, you must run keystone-manage reset_last_active before setting the disable_user_account_days_inactive option.

25.0.0

New Features

  • Added support for the bcrypt_sha256 password hashing algorythm, which does workaround limitation on a password length BCrypt have by running the password through HMAC-SHA2-256 first.

Upgrade Notes

  • The following deprecated options in the [memcache] section have been removed.

    • dead_retry

    • pool_maxsize

    • pool_unused_timeout

    • pool_connection_get_timeout

  • The following options have been removed.

    • [eventlet_server] public_bind_host

    • [eventlet_server] public_bind_port

    • [eventlet_server] public_admin_host

    • [eventlet_server] public_admin_port

  • The following command line options have been removed. These options were used by Keystone eventlet model which was removed in Newton release.

    • standard-threads

    • pydev-debug-host

    • pydev-debug-port

  • Keystone no longer substitute the following string interpolations in catalog information. Replace string interpolations by hard-coded strings before upgrade.

    • public_bind_host

    • public_bind_port

    • public_admin_host

    • public_admin_port

Deprecation Notes

  • The templated catalog driver has been deprecated and will be removed in a future release.

Bug Fixes

  • [bug 2052916] Fixed a bug where a HTTP GET request against /v3/s3tokens or /v3/ec2tokens would return HTTP 500 instead of HTTP 405.