A few bug fixes and new features:
2.4.7
- Bugfixes
- file authenticator: allow password hash of up to 128 characters
- libu: don't exit() on malloc errors
2.4.6
- Features
- Support large hashes (like SHA512) in file authentication
- use constant-time password compare to prevent brute-force attacks
- Create server-plugin-ruby as separate RPM
- Add Unisys namespace and CIM class prefix 'SPAR'
- Alias openwsman and openwsmand systemd services
- Also create respective rc-commands: rcopenwsman, rcopenwsmand
(SUSE only)
- Bugfixes
- Fix crash on invalide resource URI
- Fix resource namespace for DCIM_ classes
2.4.5
- Features
- enforce SSL operation in systemd service
- Add /usr/sbin/rcopenwsman for systemd environments
- New environment variable 'OPENWSMAN_CURL_TRANSPORT_SSLVERSION' to
select SSL protocol version. Set it to 'tlsv1.2' for TLS-v1.2
(anstein)
- Bugfixes
- Fix memory leaks in redirect plugin (Praveen K Paladugu)
- shttpd: Improve error reporting if SSL context fails
- Builds on Fedora 20 now
2.4.4
- Security update
- ws_xml_make_default_prefix() can overflow buf parameter via sprintf()
- ws_xml_make_default_prefix() can overflow buf parameter via sprintf()
- wsmc_create_request() potential buf[20] overflow via WSMAN_ACTION_RENEW
- LocalSubscriptionOpUpdate() unchecked fopen()
- Incorrect order of sanity guards in wsman_get_fault_status_from_doc()
- Unchecked memory allocation in wsman_init_plugins(), p->ifc
- Unchecked memory allocation in mem_double(), newptr
- Unchecked memory allocation in dictionary_new(), d, d->val, d->key, d->hash
- Unchecked memory allocation in u_error_new(), *error
- sighup_handler() in wsmand.c uses unsafe functions in a signal handler
- Features
- add rcopenwsman command to systemd environments
- add rcopenwsmand command for backwards compatibility
- Bindings
- support rdoc 2.1 in Ruby bindings
- cmake: use PYTHON_INCLUDE_DIRS
Packages are brewing here:
https:/