NEWS for Qvisqve ============================================================================= This file has release notes for Qvisqve, an authorisation server and identity provider. Version 0.9+git, not yet released --------------------------------- * Disable gunicorn header size check. * Qvisqve can now manage clients, users, applications via the API. There is a command line tool, `qvisqvetool`, for doing that from the command line. * Bug fix: when Qvisqve redirects browser to the facade, after a successful user authentication, it now includes the `state` parameter from the original authorization request. Version 0.9, released 2018-02-09 --------------------------------- * Rename from Salami to Qvisqve, which is Latin for "each and every subject". Version 0.8, released 2018-02-03 --------------------------------- * Salami now expects client secrets to be stored hashed in the config file, instead of as cleartext, as previously. This is obviously better for security: previously, anyone who could read the config file would get the secret directly. Now they have to brute-force guess it by hashing all possibilities. The hashing method attempts to make such brute-forcing harder by using a carefully chosen hashing algorithm (scrypt), and using salting to prevent rainbow tables. For each client, a random 16 byte string is generated (by reading /dev/urandom) as the salt. * A new script `salami-hash` is included to generate the hashed client secrets for the Salami config file. * This release is made only to facilitate internal testing. Version 0.7, released 2018-02-01 --------------------------------- * Add support for OAuth2 client credential grant. Do NOT use this yet. The credential is stored in cleartext server-side. * This release is made only to facilitate internal testing. Version 0.6, released 2017-11-17 --------------------------------- * `start_salami` fixed to set the right environment variable to point at the configuration file when starting Salami. Version 0.5, released 2017-11-16 --------------------------------- * `start_salami` script can now start production or debugging variants. * Yarn scenario tests have been added. Version 0.4, released 2017-11-15 --------------------------------- * Fixed `start_salami` to use the right log file for gunicorn3. Version 0.3, released 2017-11-15 --------------------------------- Version 0.2, released 2017-11-14 --------------------------------- Version 0.1, released 2017-11-14 ---------------------------------- First release.