All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
- Bump
spatie/laravel-permissionto 6.4.0 - Bump
yajra/laravel-datatables-oracleto 10.11.4 - Bump
bensampo/laravel-enumto 6.10.0
- Bump
phpseclib/phpseclibto 3.0.35 - Bump
larastan/larastanto 2.8.1 - Bump
bensampo/laravel-enumto 6.8.0 - Bump
laravel/sanctumto 3.3.3 - Bump
laravel/sailto 1.27.3 - Bump
laravel/frameworkto 10.43.0 - Bump
laravel/uito 4.4.0 - Bump
yajra/laravel-datatables-oracleto 10.11.3 - Bump
brianium/paratestto 7.4.1 - Bump
doctrine/dbalto 3.8.1 - Bump
laravel/pintto 10.13.10 - Bump
laravel/sail1.27.3 - Bump
phpunit/phpunit10.5.10 - Bump
spatie/laravel-ignitionto 2.4.2
- Error when updating own profile wo/ password change (#457)
- Bump
aglipanci/laravel-pint-actionto version 2.3.1 - Bump
yajra/laravel-datatables-oracleto version 10.11.3 - [DEV] Bump
phpunit/phpunitto version 10.5.5 - Bump
laravel/frameworkto version 10.40.0 - Bump
laravel/uito version 4.3.0 - Bump
spatie/laravel-permissionto version 6.3.0
- Important: The required minimum version of PHP is v8.2.
- Bump
bensampo/laravel-enumfrom 6.6.0 to 6.7.0 - Bump
laravel-json-api/laravelfrom 3.0.0 to 3.2.0 - Bump
laravel/frameworkfrom 10.17.0 to 10.37.0 - Bump
laravel/sanctumfrom 3.2.5 to 3.3.2 - Bump
laravel/uifrom 4.2.2 to 4.2.3 - Bump
pacoorozco/opensshfrom 0.5.0 to 0.5.1 - Bump
phpseclib/phpseclibfrom 3.0.19 to 3.0.34 - Bump
spatie/laravel-permissionfrom 5.10.0 to 5.11.0 - Bump
yajra/laravel-datatables-oraclefrom 10.4.2 to 10.11.2
- Bump
yajra/laravel-datatables-oraclefrom 10.4.0 to 10.4.2 - Bump
laravel/uifrom 4.2.1 to 4.2.2 - Bump
spatie/laravel-ignitionfrom 2.1.0 to 2.1.3 - Bump
bensampo/laravel-enumfrom 6.3.1 to 6.6.0 - Bump
doctrine/dbalfrom 3.6.2 to 3.6.5 - [CI] Bump
aglipanci/laravel-pint-actionfrom 2.1.0 to 2.3.0 - [CI] Bump
fakerphp/fakerfrom 1.21.0 to 1.23.0 - [CI] Bump
laravel/sailfrom 1.21.5 to 1.22.0 - [CI] Bump
brianium/paratestfrom 7.1.3 to 7.2.3 - [CI] Bump
laravel/pintfrom 1.10.0 to 1.10.5
- Control over the public key comment. Users can customize it with the key's name. (#353)
- Refactor to improve performance when generation
authorized_keysfiles.
- Dependencies are updated to the latest releases.
- Replace
laravelcollective/htmlbylaravel-form-componentspackage. (#394) - [CI] Use
RefreshDatabaseto enable refresh after each test. - [CI] Replace deprecated create release action
- Fix broken link on the CONTRIBUTING document.
- [CI] Fix deprecation message on GHA
- Possibility to set
Denyrules. Denial is intended by default.
NOTE: This release has non-backwards compatible changes. It may include some changes in the database tables.
- Important: The required minimum version of PHP is v8.1.
- Important: This application has been upgraded to Laravel 10.x.
- Important: Database schema has been modified in a non-backwards compatible way.
- The
password_resetstable renamed topassword_resets_tokens.
- The
- Test running against a real database instead of memory (SQLite).
- Unused
fuitcake/corsdependency.
- Support for
ed25519public keys. (#346)
- Updated dependencies to the latest versions.
- The bastion's public key will be created from the private key submitted in the
Settingspage. (#318) - The unused temporary dir has been removed from the
Settingspage. (#165)
- Everytime a user logs in, the model is updated (some date) on audit. (#163)
- PHPStan message about Yajra DataTables. (#331)
- Fix flaky test in
Feature/Http/Controllers/AuditDataTablesControllerTest.php.
- Stack trace is logged when server could not be reached bug. (#313)
- Testing for validation rules to improve test coverage.
- Testing for the Settings controller.
- Test roles and permission in all the controllers to ensure security.
- Updates dependencies.
- Moves language files to the Laravel 9.x default folder.
- Update docker versions to use latest ones.
- Use of internal Actions instead of Jobs for synchronous changes.
- ssh connection not work. (#307)
ssham:sendcommand was not working, several errors were found. (#305)
- Update dependencies to fix some security vulnerabilities.
Migrated to Laravel 9.x to take benefit of the new features. (#243)
- Bump
fruitcake/laravel-corstov3.0.0. - Bump
larapacks/settingtov3.0.1. - Promote
spatie/laravel-ignitioninstead offacade/ignition. - Bump
laravel/frameworktov9.2. - Bump
bensampo/laravel-enumtov5.1. - Bump
guilhermegonzaga/presentertov1.0.6. - Bump
spatie/laravel-permissiontov5.5.0. - Update dev dependencies
- Bump
nunomaduro/collisiontov6.1.
- Bump
- Dependency
fideloper/proxy, it's part of Laravel 9 core. Details.
- Validation errors when admin tries to edit itself. (#235)
- Bump
laravel/frameworktov8.82.0. - Bump
fruitcake/laravel-corstov2.0.5. - Bump
spatie/laravel-activitylogtov4.4.0. - Bump
spatie/laravel-searchabletov1.11.0. - Bump
yajra/laravel-datatables-oracletov9.19.0. - Bump
laravel-json-api/laraveltov1.1.0. - Bump
laravel/sanctumtov2.14.0. - Bump
phpseclib/phpseclibtov3.0.13. - Bump
laravel/uitov3.4.2. - Bump
pacoorozco/opensshtov0.2.1. - Update dev dependencies
- Bump
facade/ignitiontov2.17.4. - Bump
fakerphp/fakertov1.19.0. - Bump
laravel-json-api/testingtov1.0.0. - Bump
mockery/mockerytov1.5.0. - Bump
nunomaduro/collisiontov5.11.0. - Bump
phpunit/phpunittov9.5.13. - Bump
doctrine/dbaltov3.3.1.
- Bump
- Bump
laravel/frameworktov8.74. - Bump
laravel/sanctumtov2.12.2. - Bump
laravel/uitov3.4.0. - Bump
phpseclib/phpseclibtov3.0.12. - Bump
spatie/laravel-activitylogtov4.3.1. - Bump
spatie/laravel-permissiontov4.4.3. - Bump
yajra/laravel-datatables-oracletov9.18.2.
- Typo in the
docker-compose.yml. - Scrutinizer setup to use at least PHP 8.0.2.
- Bump
bensampo/laravel-enumtov3.4.2. - Bump
laravel-json-api/laraveltov1.0.0. - Bump
laravel/frameworktov8.63. - Bump
laravel/sanctumtov2.11.2. - Bump
phpseclib/phpseclibtov3.0.10. - Bump
spatie/laravel-activitylogtov4.2.0. - Bump
spatie/laravel-permissiontov4.4.1. - Bump
yajra/laravel-datatables-oracletov9.18.1. - Update dev dependencies
- Bump
facade/ignitiontov2.14.0. - Bump
fakerphp/fakertov1.16.0. - Bump
laravel-json-api/testingtov1.0.0. - Bump
mockery/mockerytov1.4.4. - Bump
nunomaduro/collisiontov5.10.0. - Bump
phpunit/phpunittov9.5.10. - Bump
doctrine/dbaltov3.1.3.
- Bump
- Reset password endpoint, which allow users to change its own password. (#112)
- Roles and permissions: ability to define users w/ different capabilities. (#113)
- OpenSSH are used by default know. We were using raw RSA keys before.
- Tests to improve code coverage, covering several fixed bugs.
- Design of almost all pages to improve UX.
- Improved code for better DX: less doc block, better var and method names. (#166)
- Application will use OpenSSH keys by default, instead of RSA ones.
- Migrate code to use phpseclib
v3. - Bump
bensampo/laravel-enumtov3.4. - Bump
laravel/frameworktov8.49. - Bump
laravel/uitov3.3. - Bump
spatie/laravel-activitylogtov4.0. - Bump
spatie/laravel-searchabletov1.10.
- Unused endpoints and methods.
- Validation for
usernamesfollowing POSIX definition, The Open Group Base Specifications Issue 7, 2018 edition. KeyControllertests for CRUD operations.- Add Personal Access Tokens to users to implement API authentication based on Bearer tokens.
- API accesses to Hosts and Hostgroups. It follows {json:api} specification. (#110)
- Settings package to
larapacks/setting. - Update dependencies to latest versions.
- Bump
AdminLTEfromv3.0.5tov3.1.0. - Bump
fruitcake/laravel-corstov2.0.4. - Bump
laravel/frameworktov8.41. - Bump
laravel/sanctumtov2.11. - Bump
phpseclib/phpseclibtov2.0.31. - Code to honor PHP 8.0 best practices.
- Refactor code to make it more readable (implementing Jobs and Observers).
- Bug using
php artisan ssham:sendcommand. - Scrutinizer findings to improve code quality.
- PHP 7.4 support. This application will need PHP 8.0 or higher to run. (#101)
- Remove unused
AdminLTEplugins frompublic/vendor/AdminLTEto reduce vulnerability surface. - Remove unused
jquery-ujslibrary.
- Log to audit all changes made in the application. (#86)
- Dashboard appearance to make include audit log. (#85)
- Some cookies are misusing the recommended “SameSite“ attribute. (#92)
- Error when creating a Control Rule. (#89)
- Migrated to Laravel 8.x to take benefit of the new features. (#81)
- Audit log: Actions are logged and shown on the Dashboard page.
- A docker with SFTP to test ssham locally. (#73)
- Updates
phpdependency to version7.4. - Updates
akaunting/settingtov1.2. - Updates
laravel/frameworktov6.20.15. - Updates
spatie/laravel-searchabletov1.9. - Updates
yajra/laravel-datatables-oracletov9.15. - Updates
fideloper/proxytov4.4.
- Warning when building docker images. (#74)
- Removes
laravel/tinker, it was not used.
- Docker creation has been changed to embed
composerinside the docker. - Updated
npmdependencies.
- Documentation site available at ssham.pacoorozco.info.
- Update dependencies to the latest versions.
- Namespaces for Feature tests has been fixed to
namespace Tests\Feature\.... - Namespace for Helper has been set to
App\Helpers. - Trait
UsesUUIDwas not PSR-4 compliant. - Issue: Keygroups error when the artisan job is executed. (#55)
- Configuration for putting this application behind a Load Balancer. See
config/trustedproxy.phpfor more details.
- Update vulnerable packages:
lodash,elliptic,dot-propandserialize-javascript.
- Port and Authorized keys file path could be configured at
Hostlevel. On settings section you can set the default values for them. - Script to release versions:
bumpversion.sh.
- Minimum supported version is PHP 7.4.
- Some unused code and routes.
NOTE: This version includes major changes, that are not backwards compatible. If you were using a previous version, please set-up a new database.
- A new
Keymode has been added.Usermodel will be used to manage SSHAM administrators, whileKeywill host the SSH Keys being pushed to theHost. - Change
idtype to UUID to implement more security in regards keys. UUID is more difficult to guess.
Roleswere partially implemented. It has been removed to simplify the application.FileEntryhas been removed. Private key could be downloaded only once fromkeyshow option.
- Refactor code to add Unit tests to improve code coverage.
- Add two values to
config/auth.phpto configure Login throttling:auth.login.max_attemptsandauth.login.decay_minutes.
Note: This application is now using Laravel 6.
- Copyright under GPLv3 license has been added to source code.
- Scrutinizer inside CI/CD process.
- Updated configuration for Travis-ci.com, Scrutinizer and Symfony Insight (setting PHP version to 7.2)
- Important: This application has been upgraded to Laravel 6. A lot of refactors has been done in order to adopt Laravel 6.x best practices. (#21)
- AdminLTE has been upgraded to version 3 to use bootstrap 4.
- All CSS and JS assets are now vendored and distributed with this code. It will avoid lack of assets in case of source deprecation. It uses webpack to vendor dependencies.
- Fix PHPUnit configuration.
- Fix CI configuration. Now it's using travis-ci.com.
- Fix
webdocker configuration in order to allowdocker-composerun. (#18)
- N/A
- The most important change is a licensing one. SSH Access Manager is now licensed under GPLv3 license.
- This release adds support for docker. Now you can test this application running a docker, see README for more information.