Tags give the ability to mark specific points in history as being important
-
0.2.7
2befe6e6 · ·[0.2.7] - 2026-04-14 -------------------- Fixed ^^^^^ - LDAP default timeout. A default timeout of 0 would fail if server don't instantly respond.
-
0.2.6
2be67928 · ·[0.2.6] - 2026-04-14 -------------------- Fixed ^^^^^ - OIDC ``picture`` and SCIM ``photos`` claims now return absolute URLs.
-
0.2.5
75f07d92 · ·[0.2.5] - 2026-04-13 -------------------- Added ^^^^^ - SQL database configuration parameters. - Pooled LDAP connection support. - ``Backend.count()`` method for efficient entry counting. Fixed ^^^^^ - SCIM ``totalResults`` now returns the total number of matching entries instead of the page size. - Logo embedded in emails is now read from disk for application-local URLs instead of being fetched through an HTTP loopback. Fixes a hang when sending mail with the default ``EagerBroker`` on a single-threaded server :issue:`340`
-
0.2.4
d1d2eb85 · ·[0.2.4] - 2026-04-08 -------------------- Added ^^^^^ - SCIM ``attributes`` and ``excludedAttributes`` query parameter support. - SCIM ``POST /.search`` endpoint. - SCIM ETags support. :pr:`335` - Allow access to SCIM endpoints with admin access tokens. :pr:`336` - SCIM ``/Me`` endpoint. :pr:`336`
-
0.2.3
b8405ae0 · ·[0.2.3] - 2026-03-24 -------------------- Fixed ^^^^^ - SCIM server no longer crashes with a 500 error when querying or patching users that have a profile photo. - SCIM server no longer returns an ``invalidSyntax`` error when a user has an empty ``profile_url``.
-
0.2.2
7ef5e61d · ·[0.2.2] - 2025-03-20 -------------------- Fixed ^^^^^ - ``ui_locales_supported`` in OIDC well-known now uses BCP 47 language tags (hyphens) instead of POSIX locale codes (underscores).
-
0.2.1
c2fd98d6 · ·[0.2.1] - 2025-02-25 -------------------- Added ^^^^^ - Fix alg selection on JWT emission.
-
0.2.0
e0d51b7a · ·[0.2.0] - 2025-02-25 -------------------- Added ^^^^^ - CORS support for OIDC and SCIM endpoints. :issue:`332` - OIDC ``amr`` claim support. :issue:`302` - Server-side sessions. - Captcha protection. :issue:`211` :pr:`310` - Support for Python 3.14. :pr:`313` - Integration test suite. :issue:`320` - Requests are redirected to ``SERVER_NAME`` when the HTTP Host header does not match. - WebAuthn authentication factor implementation. :issue:`296` Fixed ^^^^^ - CSP violation caused by Fomantic-UI inline styles. - LDAP: OTP feature is now disabled when the OTP module is not loaded in OpenLDAP. - LDAP: ``PostReadControl`` only requests attributes that exist in the LDAP schema. - Password reset no longer bypasses MFA. - Usernames don't appear in the photos URLs. - Include missing Babel data in the pyinstaller binary. :issue:`318` - ID token signing now selects a key compatible with the client's ``id_token_signed_response_alg``. - OIDC discovery signing algorithm claims are now dynamically computed from server keys. :issue:`323` - Explicitly make RSA keys mandatory. - When the scope parameter is omitted from authorization requests, the client's configured scope is now used as the default value. - Password field autofocus. :issue:`325` - Broken photo upload. :issue:`327` - Disable HTMX boosting for redirections after redirections. :issue:`334` - Fix HTMX resetting inputs :issue:`335`
-
0.1.0
416ad951 · ·[0.1.0] - 2025-11-13 -------------------- Fixed ^^^^^ - Multiple account sessions. :issue:`100`
-
0.0.89
77f81872 · ·[0.0.89] - 2025-11-12 --------------------- Added ^^^^^ - Button to show and hide passwords. :issue:`160` Fixed ^^^^^ - Fixed proxy header handling to correctly generate HTTPS URLs when behind reverse proxies.
-
0.0.88
640f3bf3 · ·[0.0.88] - 2025-11-06 --------------------- Added ^^^^^ - Restored the support for string ``JWKS`` in configuration. Fixed ^^^^^ - Support OIDC ``ui_locales`` parameter. :issue:`108`
-
0.0.87
d9f1b011 · ·[0.0.87] - 2025-11-02 --------------------- .. warning:: - ``DYNAMIC_CLIENT_REGISTRATION_TOKENS`` removed in favor of JWT tokens. - ``MANAGE_GROUPS`` permission is renamed ``MANAGE_ALL_GROUPS``. - ``CONFIG`` environment variable renamed to ``CANAILLE_CONFIG``. - ``ENV_FILE`` environment variable renamed to ``CANAILLE_ENV``. Added ^^^^^ - Per-user group management. :issue:`95` :pr:`299` - ``OTP_LIFETIME`` configuration parameter. - ``TOTP_LIFETIME`` configuration parameter. - Task worker for long-running operations. :issue:`251` :pr:`300` Fixed ^^^^^ - Password autofill. - Conditionally load CLI to avoid crash when optional dependencies are missing. Changed ^^^^^^^ - Remove ``DYNAMIC_CLIENT_REGISTRATION_TOKENS`` in favor of JWT tokens. :issue:`272` - Rename ``CONFIG`` to ``CANAILLE_CONFIG`` and ``ENV_FILE`` to ``CANAILLE_ENV`` for consistency. Removed ^^^^^^^ - Remove the web interface to see authorization codes. -
0.0.86
f1adba53 · ·[0.0.86] - 2025-09-30 --------------------- Fixed ^^^^^ - Hypercorn launch with proxy settings turned on.
-
0.0.85
e38e796d · ·[0.0.85] - 2025-09-25 --------------------- Added ^^^^^ - Hypercorn can be configured by env vars, config file or CLI args. :issue:`280` :pr:`297` - Hypercorn ``PROXY_MODE`` and ``PROXY_TRUSTED_HOPS`` settings to handle deployment behind proxies.
-
0.0.84
386037cf · ·[0.0.84] - 2025-09-19 --------------------- Fixed ^^^^^ - The ``max_age`` parameter of session cookies is an int.
-
0.0.83
663f6d5c · ·[0.0.83] - Unreleased --------------------- .. warning:: Manual migration required for LDAP backend: remove any existing ``oauthTrusted`` attributes from client entries. Please follow the :ref:`ldap_schema_update` section. Added ^^^^^ - OIDC originated connections display information about the client application on all the authentication pages. :issue:`271` - Account selection screen on login page. Previously logged-in users are displayed as clickable cards with photos and names for quick re-authentication. :issue:`277` - "Remember me" checkbox on login page. When checked (default), creates a 365-day session and adds user to login history. When unchecked, session expires on browser close and user is not saved to login history. Changed ^^^^^^^ - Replace client ``trusted`` attribute with dynamic ``TRUSTED_DOMAINS`` configuration. Clients are now automatically trusted based on their ``client_uri`` domain matching patterns in the ``TRUSTED_DOMAINS`` setting. :issue:`290` Fixed ^^^^^ - The SCIM endpoint correctly manages patching user passwords. - Locale guessing prefer prefix matches. :issue:`128` - Make the ``get`` command flags accept negative boolean. :issue:`266` - The SQL backend can perform exact match searches on JSON list attributes. :issue:`278` - Fix HTMX swapping for inline validation on email fields. :issue:`279` - Fix Docker commands in the documentation. :issue:`283` - Remove deprecated ``X-XSS-Protection`` header example in web server configurations. :issue:`293` -
0.0.82
b3434825 · ·[0.0.82] - 2025-08-26 --------------------- Fixed ^^^^^ - Don't display the welcome flash when redirected to a client application after login. - Sign OIDC ``id_token`` according to ``id_token_signed_response_alg`` client metadata.
-
0.0.81
33c5ca18 · ·[0.0.81] - 2025-08-23 --------------------- Fixed ^^^^^ - JWK algorithm detection with OKP keys. - OIDC Client ``acess_token`` and ``refresh_token`` are unique in the SQL backend. - The OIDC metadata indicate that some more algs, including `EdDSA` are supported. Added ^^^^^ - OIDC ``iat`` claims are now float, with milli/micro-second precision. :issue:`292` - LDAP dates are stored with milliseconds precision and timezones.
-
0.0.80
fc842385 · ·[0.0.80] - 2025-08-22 --------------------- Fixed ^^^^^ - Error during JWK generation.
-
0.0.79
d6ce11a7 · ·[0.0.79] - 2025-08-22 --------------------- Changed ^^^^^^^ - Default JWK are OKP instead of RSA. Fixed ^^^^^ - SCIM server advertise that ``externalId`` fields are not supported. - Fix a bug happening at OIDC logout when ``post_logout_redirect_uri`` is empty. Added ^^^^^ - Deterministic default JWK generation base on the ``SECRET_KEY``. - Model management CLI have ``--quiet`` and ``--ignore_errors`` parameters. :issue:`291` - SCIM PATCH server-side operations support. :pr:`285`