We are proud to announce Topicus KeyHub 22. This release brings back the option for a password reset. We've also added some e-mail notifications and added several new commands to the CLI.
As usual, a number of assorted smaller changes and bug fixes are included.
TKH-2243 In Topicus KeyHub 18.2 we introduced our social password recovery. This allowed users to recover from a password loss without losing any access with a little help from two other users. In some cases however, this reliance on two other users can become a problem due to time constraints or availability. To prevent users from getting blocked, it is now possible to opt for a password reset. This will allow the user to regain access to Topicus KeyHub without help, but lose access to the vault.
TKH-2229 Users will now receive e-mail notifications on changes of group membership(s). This helps the user to detect mistakes and creates awareness of their membership(s).
Account provisioning via CLI
TKH-1290 A whole new set of commands was added to the
provisioning command group of the CLI to activate or deactivate groups directly from the command line. With
provisioning status, the status of the groups can be read.
The following smaller improvements and bug fixes were made:
TKH-1378It is now possible to share the credentials of an OAuth2 client in the vault.
TKH-1643The install link for the browser extension now leads the user directly to the stores of the browsers.
TKH-1763Handling of hidden or read-only fields was improved in the browser extension.
TKH-2099The installation license was renewed for another year.
TKH-2143Python was upgraded to 3.9.
TKH-2179An OAuth2 client can now rotate its own secret directly via the API.
TKH-2182The allocation of reserved space during an upgrade was improved to give more room to the root filesystem.
TKH-2185The OAuth2 Token Exchange endpoint was reimplemented to make it more compliant with RFC-8693.
TKH-2187Old synchronization logs for the provisioning are now removed automatically.
TKH-2303A dedicated set of pages was added to show the details of a group on a linked system.
TKH-2218The processor of a request can now get details about the subject of the request, such as a service account or an OAuth2 client.
TKH-2219It is now possible to share service account passwords or OAuth2 client secrets with personal vaults in addition to group vaults.
TKH-2223Users are now prompted for their KeyHub password at least once every 30 days to ensure all encrypted data remains up to date.
TKH-2226Salt was upgraded to 3005 and migrated to the new onedir installation.
TKH-2227The REST API now returns a reference to the shared vault records for service accounts and OAuth2 clients.
TKH-2230Error handling was improved for malformed URLs in licenses.
TKH-2232The TOTP field is now correctly displayed as read only for shared records.
TKH-2237The flow for password recovery on LDAP with reauthentication using 2FA and disabled password synchronization was fixed.
TKH-2239Error handling for license checks in the appliance manager was improved.
TKH-2242Some missing checks were added for enabling and disabling technical administration on a group.
TKH-2249All python dependencies are now served from our own repository.
TKH-2250Handling of reauthentication during a password change was improved.
TKH-2253An error was fixed when a non-admin user tried to view an account.
TKH-2263A regression on the manage layout page was fixed that caused display issues on moved groups.
TKH-2255An error message was missing in the browser extension when the user did not have the keys to read a vault record.
TKH-2256Support was added for the
TKH-2259Fixed an issue where, after restoring a backup of an older version, the pillar was not migrated to the new version.
TKH-2260The owner of a linked system now has permissions to view that system.
TKH-2261Permission checks for owners of clients were too strict.
TKH-2264A possible error was fixed when removing accounts.
TKH-2265A possible error was fixed when removing nested groups.
TKH-2266The package open-vm-tools is no longer installed on AWS.
TKH-2268The license is no longer cached, which could cause issues in clusters.
TKH-2270Several code improvements were made to the CLI.
TKH-2271Permission to read the dashboard folders was added to the provisioning scope.
TKH-2274The appliance can now be placed in the Azure marketplace again.
TKH-2278The direction of the requests to setup or disconnect extra authorization on groups was reversed.
TKH-2280Comments in the hosts file no longer cause an error in the Salt states.
TKH-2282The label for the service account DN was fixed.
TKH-2284Nesting service accounts inside the DN used for users could result in an error during provisioning.
TKH-2291An obsolete piece of code was removed from the snapshot recovery implementation.
TKH-2297A possible race condition was fixed during the upgrade of Salt.
TKH-2298OAuth2 clients with read or update permissions on service accounts now also have read permissions on linked systems.
TKH-2312The filter for the overview of groups on system for a service account was fixed.