• Allow hostObject for groups and ":" in values
• Docker: added Let's Encrypt CA certificates
• LAM Pro:
  • Added support for simpleSecurityObject
  • Added support for Apache Guacamole
  • Group of Names: save last selected account type for new members/owners (170)
• Fixed bugs:
  • PHP 8.1 does not show proper error message when login failed with LDAP search method
  • Self service issues on PHP 8.1 (181)
  • Custom Fields: switch to Custom Fields tab was required to save an entry (258)
  • Group of unique names/members shared same configuration settings with group of names
  • Shadow last password change not updated during self service password change

Fixed bugs:

• Regression issues due to security fixes (e.g. module settings in server profile)
• Password change page not working for access level "Change passwords"

• PHP 8.1 compatibility
• Extended user account status and locking options
• Unix: added Gecos to profile editor
• 389ds: added hints why login failed if account is locked/deactivated/expired
• Removed Zarafa support (please switch to Kopano)
• Tree view: display binary data as base64 encoded text
• Tree view: better support for move operations and ordered attributes
• LAM Pro:
  • New captcha providers: hCaptcha and Friendly Captcha
  • PPolicy: allow to specify unlock value for "pwdAccountLockedTime"
• Fixed bugs:
  • Hidden account is displayed (257)
  • Change of RDN failed for OpenLDAP entries
  • Tree view issues with browser auto-completion (176)
  • Unauthenticated Arbitrary Object Instantiation / Unauthenticated Remote Code Execution (GHSA-r387-grjx-qgvw, CVE-2022-31084)
  • Incorrect Default Permissions (GHSA-q8g5-45m4-q95p, CVE-2022-31087)
  • Incorrect Regular Expressions (GHSA-q9pc-x84w-982x, CVE-2022-31086)
  • Unauthenticated LDAP Injection (GHSA-wxf8-9x99-6gp4, CVE-2022-31088)
  • Reflected XSS (Internet Explorer only) (GHSA-6m3q-5c84-6h6j, CVE-2022-31085)
     

• Fixed bugs:
  • Security issues in PDF editor and profile editor (170, CVE-2022-24851)

• Tree view:
  • Support multiple roots (e.g. add "cn=config")
  • Added function to check password hashes against a given password
• Shadow: allow to set shadowLastChange in file upload
• Docker: upgrade OS to Debian Bullseye
• LAM Pro:
  • Support multiple TO addresses for license expiration email
  • Custom scripts: $INFO.debug$ wildcard prints all possible wildcards and their values
  • Custom scripts: extra INFO wildcards for password change options
  • Configuration import: allow to select self service profiles to import (168)
• Fixed bugs:
  • Tree view: check session expiration

• Restyling of LAM
• Allow to override global password policy in server profile (160)
• Do not print random password if sent via email (165)
• LAM Pro:
  • PowerDNS support
  • Device: allow multiple cn values
• Fixed bugs:
  • PDF does not contain all group members (249)
  • File upload issue on PHP 8 (153)
  • Export issue on non-Pro version (155)

• 2-factor authentication with OpenID
• Send proper response code on failed login
• LAM Pro:
  • OpenLDAP 2FA support for TOTP
• Fixed bugs:
  • Issues with list filter if only one result is found (241)
  • Allow to sync empty list of groups in group of names user module (242)
  • Windows lockout duration and password maximum age computed incorrectly
  • Wrong status for nsAccountLock (245)

• Allow to store whole LAM configuration in MySQL database
• Docker: new options for configuration location and LAM Pro license
• Full PHP 8 compatibility
• Replaced tree view and moved it to tools menu
• Wildcards in edit screen support lower-case mode (e.g. "$_firstname")
• Windows: more fields can be hidden
• LAM Pro:
  • Export/Import of cron jobs
  • Mail server encryption type can be configured (TLS/SSL/none)
  • User self registration: support to define uid field to use constant or custom validation
  • Group of names user module: allow to sync memberships from other user
  • Custom fields:
    • Support password change dialog in user edit view
    • Added date and email validation for text fields
    • Support password reset page for password fields
    • New field types: LDAP date, LDAP date and time
  • Password self reset: fields on first page can be prefilled by URL parameter
• Fixed bugs:
  • Truncated mail text field in "LAM Pro password mail settings" and 2FA base URLs
  • 389ds: support password change and force password in one save action

• PHP 7.3 required
• PHP 8.0 compatibility (except tree view)
• Support copying LDAP entries from account list
• Account/PDF profiles: management of global templates and logos
• Group of names: allow filter by member/owner (#151)
• General information: link to groups (#152)
• LAM Pro:
  • Self registration: support binary attributes (e.g. for jpegPhoto)
  • Self registration: support custom mail attributes and mail from constant value (149)
  • Self registration: evaluate autorange at account creation (154)
  • MIT Kerberos: check Kerberos password policy on password change, better error handling
  • Self Service: new field to show user's quota values
  • Self Service: allow to create Unix home directory during registration
  • Custom type: allow for user/group/host to be able to reuse existing modules 

• Argond2id support for password hashes (requires PHP 7.3) (#113)
• 2-factor authentication:
  • Support for Okta
  • WebAuthn devices can be named in Self Service and WebAuthn tool
• LAM Pro:
  • MIT Kerberos policies support
  • User self registration: added admin approval option and info mail for user after creation