diff --git a/CHANGELOG.md b/CHANGELOG.md index fde576c13e..5dbab12de9 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,14 +1,19 @@ ## 3.27.1 + - Added 2FA support and configurable admin username for distributed cleanup setup (ENT-12129) - Added dnf package module (ENT-11784) - Added workaround for set_variable_values_ini with missing sections (CFE-3866) -- Changed distributed_cleanup.py to issue a real DELETE FROM __hosts instead of soft deletion via INSERT with a deleted timestamp +- Changed distributed_cleanup.py to issue a real DELETE FROM `__hosts` instead of soft deletion via INSERT with a deleted timestamp (ENT-12129) - Fixed bad regex in packages promise method for pip (ENT-13667) +- Fixed maximum recursion errors in modules_presence for CFEngine versions + unaffected by CFE-4623 (CFE-2852) +- Added dnf_group package module for managing DNF package groups (CFE-2852) ## 3.27.0 + - Fixed cfruncommand for Windows causing "Too many arguments" error (ENT-13530) - Added $(paths.dmidecode) for Red Hat (ENT-12988) - Added fsattrs bodies to manage the immutable bit (CFE-4582) @@ -50,6 +55,7 @@ (ENT-13173) ## 3.26.0 + - Inhibited management of share config.php file when mpf_disable_mission_portal_docroot_sync_from_share_gui is defined (ENT-12658) - Switched to using current process ID to investigate proc filesystem to workaround in-container non-root owned symlinks @@ -61,6 +67,7 @@ (ENT-11440) ## 3.25.0 + - Data dumping on Federated Reporting feeders no longer uses an AWK filter to merge INSERT lines in the dumps - Made system_log_level configurable via Augments (CFE-4452) @@ -78,6 +85,7 @@ - Fixed issues with loading images from raw.github.com inside CFEngine Build application in Mission Portal (ENT-12531) ## 3.24.0 + - AIX watchdog now handles stale PIDs (CFE-4335) - Aligned ownership and permission expectations between Mission Portal and MPF (ENT-11941) @@ -122,7 +130,7 @@ (ENT-8785) - Added set_escaped_user_field complementing set_user_field (CFE-4377) - Added setup-feeder option to distributed cleanup script (ENT-11844) -- Fixed comparison that caused control_executor_mailfilter_*_configured to never be set +- Fixed comparison that caused `control_executor_mailfilter_*_configured` to never be set (CFE-4374) - Fixed distributed_cleanup policy for feeders and rhel-8 superhubs (ENT-10960) @@ -130,6 +138,7 @@ (ENT-10962) ## 3.23.0 + - Added ability to disable plain http for CFEngine Enterprise Mission Portal (ENT-10411) - Added ability to enable backup archives during policy update @@ -177,6 +186,7 @@ (ENT-10951) ## 3.22.0 + - Added inventory for policy version (ENT-9806) - Added condition to runalerts service to require stamp directory (ENT-9711) @@ -232,6 +242,7 @@ - body package_method pacman - body package_method zypper - body package_method generic + Additionally note that the package related bundles use the package_method bodies mentioned above and are similarly influenced. - bundle agent package_present(package) @@ -240,7 +251,9 @@ - bundle agent package_specific_absent(packageorfile, package_version, package_arch) - bundle agent package_specific_latest(packageorfile, package_version, package_arch), - bundle agent package_specific(package_name, desired, package_version, package_arch) + (CFE-4178) + - Prevented management of runagent socket users when no users are listed (ENT-9535) - Removed specific old CFEngine version package module handling for windows @@ -249,6 +262,7 @@ (ENT-8338) ## 3.21.0 + - Added inventory for Raspberry Pi and DeviceTree devices (ENT-8628) - Added policy to enforce proper permissions on Mission Portal ldap directory (ENT-9693) - Added check to make sure cf-execd is running after attempting self upgrade on Windows @@ -290,6 +304,7 @@ - Ensured manual edits to httpd.conf are reverted (ENT-9686) ## 3.20.0 + - Renamed bundle agent main to bundle agent mpf_main (CFE-3947) - Added prelink to paths.cf - Added Enterprise Hub postgresql.conf to files monitored for diffs by default @@ -342,6 +357,7 @@ - Now clean_when_off FR bundle is only run when needed (ENT-8294) ## 3.19.0 + - Added interpreter attribute to standalone self upgrade package_module bodies (CFE-3703, ENT-5752) - Added almalinux as a know derivative of rhel (ENT-7644) @@ -362,7 +378,7 @@ This change adds the classes services_autorun_inputs and services_autorun_bundles for independently enabling addition of .cf files in services/autorun and automatic execution of bundles tagged with autorun - respectively. (CFE-3715) + respectively. (CFE-3715) - Added support for downloading community packages on hub in preparation for binary upgrades - Added variable for excluding files from Policy Analyzer (ENT-7684) - Adjusted badges for 3.18.0 release (ENT-6713) @@ -373,11 +389,11 @@ effect of this is that agent runs that happen close together would skip running bundles run within the last minute. Now autorun bundles no longer wait for a lock to expire, they will be actuated each agent execution. Note, promises - within those bundles have their own locks which still apply. (CFE-3795) + within those bundles have their own locks which still apply. (CFE-3795) - Dropped un-necessary local variable The use of this local variable triggers a bug that prevents datastate() from printing. Since the variable is un-necessary, it's been removed and the - parameter is used directly. (CFE-3776) + parameter is used directly. (CFE-3776) - Enforced permissions for Postgres log (ENT-7961) - Fixed package module augments settings usage for pre 3.15.3 binaries (ENT-7356, ENT-7358) @@ -395,7 +411,7 @@ (ENT-7714) - Promised permissions for Mission Portal application and Apache log files This change ensures that both Mission Portal and Apache log files have - restrictive permissions. Previously this was un-managed. (ENT-7730) + restrictive permissions. Previously this was un-managed. (ENT-7730) - Reduced scope of report informing of missing systemd service (CFE-290, ENT-7360) - Removed build dir from install/dist targets (ENT-7359) @@ -409,7 +425,7 @@ permissions (600). The previous explicit permissions (755) are un-necessary as modules are not executed from within the inputs directory and have resulted in permission flip-flopping in some environments. Permissions on modules in the - modules dir (sys.workdir)/modules are still enforced. (ENT-7733) + modules dir (sys.workdir)/modules are still enforced. (ENT-7733) - Switched from using package_method generic to default package_module for windows software inventory (ENT-2589) - Improved the reliability when detecting a Red Hat system. @@ -428,6 +444,7 @@ (ENT-7967) ## 3.18.0 + - Added .ps1 to list of file patterns considered during policy update (ENT-4094) - Added ability to specify additional directories to add autorun policy from @@ -496,6 +513,7 @@ - Guard again enforcing root ownership for CFEngine files on Windows (ENT-4628) ## 3.17.0 + - Added .csv to the list of file extensions considered by default during policy update (CFE-3425) - Added ability to extend known paths without modifying vendored policy @@ -532,6 +550,7 @@ - Replaced @ignore with useful doc strings (CFE-3378) ## 3.16.0 + - /var/cfengine/bin/python symlink creation on SLES was fixed - Added `data` shortcut to cf-serverd, defaults to sys.workdir/data - Added inventory for CFEngine Enterprise License information @@ -554,17 +573,17 @@ - Changed m_inventory dumping behavior to exclude when values is null (ENT-5562) - Corrected application/logs path to outside of docroot (ENT-5255) -- Deleted deprecated __PromiseExecutionsLog from process that cleans +- Deleted deprecated `__PromiseExecutionsLog` from process that cleans log tables (ENT-5170) - Fixed dmi inventory to prefer sysfs to dmidecode for most variables for improved performance and to handle CoreOS hosts that don't - have dmidecode. (CFE-3249) + have dmidecode. (CFE-3249) - Fixed permission flipping when policy analyzer is enabled (ENT-5235) - Fixed runalerts processes promise on non-systemd systems (ENT-5432) - Fixed selection of standard_services when used from non-default namespace (ENT-5406) - Fixed system UUID inventory for certain VMWare VMs where dmidecode - gives UUID bytes in wrong order. (CFE-3249) + gives UUID bytes in wrong order. (CFE-3249) - Fixed typo preventing recommendation bundles from running (CFE-3305) - HA setups no longer have flipping permissions on /opt/cfengine/notification_scripts @@ -595,6 +614,7 @@ - apt_get package module now checks package state (CFE-3233) ## 3.15.0 + - Added package_module for snap (CFE-2811) - Fixed pkgsrc in case where multiple Prefix paths are returned for pkg_install (CFE-3152) - Fixed pkgsrc module on Solaris/NetBSD (CFE-3151) @@ -620,7 +640,7 @@ - Added brief descriptions to bodies and bundles in cfe_internal/CFE_cfengine.cf (CFE-3220) - Added support for SUSE 11, 12 in standalone self upgrade (ENT-5045, ENT-5152) -- Changed policy triggering cleanup of __lastseenhostlogs to target only +- Changed policy triggering cleanup of `__lastseenhostlogs` to target only 3.12.x, 3.13.x and 3.14.x. From 3.15.0 on the table is absent. (ENT-5052) - Fixed agent disabling on systemd systems (CFE-2429, CFE-3416) - Ensured directory for custom action scripts is present (ENT-5070) @@ -631,10 +651,11 @@ (ENT-4331, ENT-4992) - Fixed re-spawning of cf-execd or cf-monitord after remediating duplicate concurrent processes (CFE-3150) -- Replaced /var/cfengine with proper $(sys.*) vars (ENT-4800) - - Fixed selection of standard_services when used from non-default namespace (ENT-5406) +- Replaced /var/cfengine with proper `$(sys.*)` vars (ENT-4800) + - Fixed selection of standard_services when used from non-default namespace (ENT-5406) ## 3.15.0b1 + - Added continual checking for policy_server state (CFE-3073) - Added monitoring for PostgreSQL lock acquisition times (ENT-4753) - Added support for `awk` filters in the FR dump-import process (ENT-4839) @@ -658,12 +679,13 @@ - Added ssh_home_t type to cftransport .ssh dir (ENT-4906) - fix use of _stdlib_path_exists_ in FR transport_user policy bundle (ENT-4906) -- partitioned __inventory table for federated reporting (ENT-4842) +- partitioned `__inventory` table for federated reporting (ENT-4842) - psql_wrapper needed full path to psql binary (ENT-4912) - yum package_module gets updates available from online repos if local cache fails (CFE-3094) ## 3.14.0 + - Fixed isvariable syntax error in update_def.cf (CFE-2953) - Added path support for setfacl, timedatectl and journalctl (CFE-3013) - Added trailing slash to access promises expecting directories @@ -711,6 +733,7 @@ - redhat_pure is no longer defined on Fedora hosts (CFE-3022) ## 3.13.0 + - Added Debian 9 to the self upgrade package map (ENT-4255) - Added `system-uuid` to default dmidecode inventory (CFE-2925) - Added inventory of AWS EC2 linux instances (CFE-2924) @@ -771,6 +794,7 @@ (CFE-2855) ## 3.12.0b1 + - Avoided executing self upgrade policy unnecessarily (ENT-3592) - Added amazon_linux class to yum package module - Introduce ability to set policy update bundle via augments (CFE-2687) @@ -840,10 +864,11 @@ - Avoided self upgrade from triggering during bootstrap (ENT-3394) - Added json templates for rendering serial and multiline data (CFE-2713) - Removed unused libraries and controls -- Fixed an error in the file_make_mustache_*, incorrect variable name used +- Fixed an error in the `file_make_mustache_*`, incorrect variable name used (CFE-2714) ## 3.11.0 + - Renamed enable_client_initiated_reporting to client_initiated_reporting_enabled - Directories for ubuntu 16 and centos 7 should exist in master_software_updates (ENT-3136) @@ -895,6 +920,7 @@ - Ensure MP SSL Cert is readable (ENT-3050) ## 3.10.0 + - Added: Classes body tailored for use with diff - Changed: Session Cookies use HTTPOnly and secure attributes (ENT-2781) - Changed: Verify transferred files during policy update @@ -932,6 +958,7 @@ (CFE-2466) ## 3.7.0 + - Support for user specified overriding of framework defaults without modifying policy supplied by the framework itself (see example_def.json) - Support for def.json class augmentation in update policy @@ -966,13 +993,13 @@ - Move hub specific bundles from lib/VER/cfe_internal.cf into lib/VER/cfe_internal_hub.cf and load them only if policy_server policy if set. - Re-organized lib/VER/stdlib.cf from lists into classic array for use with getvalues -- inform_mode classes changed to DEBUG|DEBUG_$(this.bundle):: (Redmine: #7191) +- `inform_mode` classes changed to `DEBUG|DEBUG_$(this.bundle)::` (Redmine: #7191) - Enabled limit_robot_agents in order to work around multiple cf-execd processes after upgrade. (Redmine #7185) - Removed Diff reporting on /etc/shadow (Enterprise) - Update policy from promise.cf inputs. There is no reason to include the update policy into promises.cf, update.cf is the entry for the update policy -- _not_repaired outcome from classes_generic and scoped_classes generic (Redmine: # 7022) +- `_not_repaired` outcome from classes_generic and scoped_classes generic (Redmine: # 7022) - standard_services now restarts the service if it was not already running when using service_policy => restart with chkconfig (Redmine #7258) - Fixed process_result logic to match the purpose of body process_select