16. Changelog

This page tracks notable release highlights for eduMFA. For version-to-version upgrade steps, see Migration.

Warning

eduMFA 3.0.0 is expected to remove multiple features. The current work in progress tracking issue is #875.

Caution

Due to new fields in edumfa.cfg, upgrading via Ubuntu packages can cause apt to prompt you to replace it. Replacing it will remove secrets from your current configuration, so keep your existing file and add only the new fields manually.

This is tracked in issue #1124.

16.1. eduMFA 2.9.3

This release fixes issues introduced in v2.9.2.

16.1.1. Bug Fixes

  • Fixed an incompatibility with PostgreSQL. To avoid issues like this in the future:

    • eduMFA will soon declare its supported databases. These will likely be MariaDB and PostgreSQL.

    • Unittests now additionally run against those supported DBs (instead of only SQLite as a development database).

  • Fixed dangling database sessions under high load when writing to the ClientApplication table.

  • Fixed an error message when trying to login with unassigned passkeys.

  • Fixed edumfa-pip-update when used with Python 3.14.

  • Fixed edumfa-manage in the container outside of the entrypoint (e.g. for interactive shells or cronjobs).

See full commit history.

16.2. eduMFA 2.9.2

This release contains no functional changes, but only docs related issues. This causes version 2.9.1 to not be available in docs.

16.3. eduMFA 2.9.1

Warning

Please see this important notice regarding Passkeys and users which are locked in a resolver. The Shibboleth plugin fudiscr will ship a feature for fudispasskeys which makes it easy to check for locked users. This will be in version 2.3.1 and has to be enabled first.

16.3.1. Bug Fixes

  • Fixed a vulnerability enabling the replay of Passkey logins, see advisory.

  • Fixed a vulnerability introduced by faulty snapshot isolation in MySQL and MariaDB, see advisory.

  • Fixed a denial-of-service vulnerability caused by a bug which increments all failcounters in a resolver, see advisory.

  • Fixed reset_all_user_tokens for Passkey login.

  • Fixed a possible pitfall during setup. Stamping is no longer done manually but with create_tables.

  • Fixes to the container image:

    • Fixed using EDUMFA_CONFIGFILE to override the default path.

    • Fixed the config check when using EDUMFA_CONFIGFILE.

    • Moved the config files to /opt instead of /etc to avoid changes to them not being applied during an upgrade.

    • Stopped logging the admin password if the password was set manually.

    • Fixed setting admin credentials from a file.

  • Applies security updates to multiple libraries.

See full commit history.

16.4. eduMFA 2.9.0

Warning

This release drops support for Python 3.9. Upgrade your runtime to Python 3.10 or newer before updating to this release.

16.4.1. Highlights

  • Added support for Python 3.14.

  • Added token creation timestamps.

  • Added a policy to enforce TOTP timeshift settings.

  • Added configurable timeouts for Firebase requests.

  • Added environment-variable-based container configuration.

  • Re-introduced the version number in the web UI footer.

  • Dropped support for Python 3.9.

See full changelog for 2.9.0 and commit history.

16.5. Release Archive

For previous releases, see eduMFA releases on GitHub.