220e791048
- Generate internal CA + CA-signed web TLS cert in postinst (port 443 was falling back to plain HTTP because no cert files existed) - Repair stale sqlx migration checksums for upgrades from <= 1.1.7 - Restore health check as advisory only (never fails the install) - Use runuser instead of sudo (sudo is not guaranteed on minimal images) - Replace predictable /tmp password file with mktemp under /run - Frontend assets root-owned read-only (security) - Drop Pre-Depends: postgresql-16 (misuse); drop argon2 dep (unused) - Add openssl, curl, cron, util-linux as proper dependencies
126 lines
4.0 KiB
Plaintext
126 lines
4.0 KiB
Plaintext
linux-patch-manager (1.1.13-1) unstable; urgency=low
|
|
|
|
* Release v1.1.13
|
|
|
|
-- git-echo <git-echo@moon-dragon.us> Wed, 10 Jun 2026 09:16:34 -0500
|
|
|
|
linux-patch-manager (1.1.12-1) unstable; urgency=low
|
|
|
|
* Release v1.1.12
|
|
|
|
-- git-echo <git-echo@moon-dragon.us> Tue, 09 Jun 2026 22:14:03 -0500
|
|
|
|
linux-patch-manager (1.1.11-1) unstable; urgency=low
|
|
|
|
* Release v1.1.11
|
|
|
|
-- git-echo <git-echo@moon-dragon.us> Tue, 09 Jun 2026 15:57:10 -0500
|
|
|
|
linux-patch-manager (1.1.10-1) unstable; urgency=low
|
|
|
|
* Release v1.1.10
|
|
|
|
-- git-echo <git-echo@moon-dragon.us> Tue, 09 Jun 2026 14:11:31 -0500
|
|
|
|
linux-patch-manager (1.1.9-1) unstable; urgency=low
|
|
|
|
* Release v1.1.9
|
|
|
|
-- git-echo <git-echo@moon-dragon.us> Tue, 09 Jun 2026 13:05:59 -0500
|
|
|
|
linux-patch-manager (1.1.8-1) unstable; urgency=low
|
|
|
|
* Release v1.1.8
|
|
|
|
-- git-echo <git-echo@moon-dragon.us> Tue, 09 Jun 2026 11:47:58 -0500
|
|
|
|
linux-patch-manager (1.1.7-1) unstable; urgency=low
|
|
|
|
* Release v1.1.7
|
|
|
|
-- git-echo <git-echo@moon-dragon.us> Tue, 09 Jun 2026 09:11:11 -0500
|
|
|
|
linux-patch-manager (1.1.6-1) unstable; urgency=low
|
|
|
|
* Release v1.1.6
|
|
|
|
-- git-echo <git-echo@moon-dragon.us> Tue, 09 Jun 2026 08:10:52 -0500
|
|
|
|
linux-patch-manager (1.1.5-1) unstable; urgency=low
|
|
|
|
* Release v1.1.5
|
|
|
|
-- git-echo <git-echo@moon-dragon.us> Mon, 08 Jun 2026 20:15:50 -0500
|
|
|
|
linux-patch-manager (1.1.4-1) unstable; urgency=low
|
|
|
|
* Release v1.1.4
|
|
|
|
-- git-echo <git-echo@moon-dragon.us> Mon, 08 Jun 2026 17:30:35 -0500
|
|
|
|
linux-patch-manager (1.1.2-1) unstable; urgency=low
|
|
|
|
* Release v1.1.2
|
|
|
|
-- git-echo <git-echo@moon-dragon.us> Sun, 07 Jun 2026 21:19:18 -0500
|
|
|
|
linux-patch-manager (1.1.1-1) unstable; urgency=low
|
|
|
|
* Release v1.1.1
|
|
|
|
-- git-echo <git-echo@moon-dragon.us> Sun, 07 Jun 2026 18:55:59 -0500
|
|
|
|
linux-patch-manager (1.1.0-1) unstable; urgency=low
|
|
|
|
* Release v1.1.0
|
|
|
|
-- git-echo <git-echo@moon-dragon.us> Sun, 07 Jun 2026 16:47:03 -0500
|
|
|
|
linux-patch-manager (1.0.0-1) unstable; urgency=low
|
|
|
|
* Release v1.0.0
|
|
|
|
-- git-echo <git-echo@moon-dragon.us> Sun, 07 Jun 2026 12:58:46 -0500
|
|
|
|
linux-patch-manager (0.1.9-1) noble; urgency=medium
|
|
|
|
* Fix: Replace broken DashMap rate limiting with tower-governor middleware
|
|
* Fix: Enrollment rate limiting was global (0.0.0.0 fallback) instead of per-IP
|
|
* Fix: Use SmartIpKeyExtractor for proper X-Forwarded-For support behind HAProxy
|
|
* Add: Configurable rate limit tiers via [rate_limit] in config.toml
|
|
* Add: Standard X-RateLimit-* and Retry-After headers on 429 responses
|
|
|
|
-- Echo <echo@moon-dragon.us> Wed, 21 May 2026 02:38:00 +0000
|
|
|
|
linux-patch-manager (0.1.7-1) noble; urgency=medium
|
|
|
|
* Host Self-Enrollment: Added REST API and UI for automated agent enrollment
|
|
* Database: Added enrollment_requests table and migration 016
|
|
* Security: Implemented IP-based rate limiting on public enrollment endpoints
|
|
* Backend: Added background worker to purge expired enrollment requests (24h)
|
|
* Frontend: Integrated pending enrollment queue with conflict resolution modal
|
|
* Specs: Updated SPEC.md for manager and linux_patch_api self-enrollment workflows
|
|
|
|
-- Echo <echo@moon-dragon.us> Fri, 16 May 2026 11:44:08 -0500
|
|
|
|
linux-patch-manager (0.1.6-1) noble; urgency=medium
|
|
|
|
* Phase 4: Exhaustive analysis fixes, security hardening, and code quality improvements
|
|
* Implemented CRL generation and verification for mTLS agent certificates
|
|
* Added IP-based rate limiting middleware using governor crate
|
|
* Hardened error handling and removed silent unwrap_or_default failures
|
|
* Fixed blocking I/O in agent_loader to use async tokio::fs
|
|
* Made allow_reboot configurable per job via database column
|
|
* Improved audit integrity verification and reporting limits
|
|
|
|
-- Echo <echo@moon-dragon.us> Fri, 15 May 2026 22:11:45 +0000
|
|
|
|
linux-patch-manager (1.0.0-1) noble; urgency=medium
|
|
|
|
* Initial release of Linux Patch Manager
|
|
* Full M1-M12 feature set implemented
|
|
* MFA, RBAC, mTLS, CA, reporting, audit integrity
|
|
* HIPAA/PCI-DSS compliance mapping documented
|
|
|
|
-- Echo <echo@moon-dragon.us> Thu, 24 Apr 2026 00:00:00 +0000
|