| | 1 | = OpenPAM Ourouparia = |
| | 2 | |
| | 3 | OpenPAM Ourouparia was released on 2014-09-12. |
| | 4 | |
| | 5 | - '''ENHANCE''' When executing a chain, require at least one service function to succeed. This mitigates fail-open scenarios caused by misconfigurations or missing modules. |
| | 6 | |
| | 7 | - '''ENHANCE''' Make sure to overwrite buffers which may have contained an authentication token when they're no longer needed. |
| | 8 | |
| | 9 | - '''BUGFIX''' Under certain circumstances, specifying a non-existent module (or misspelling the name of a module) in a policy could result in a fail-open scenario. (`CVE`-2014-3879) |
| | 10 | |
| | 11 | - '''FEATURE''' Add a search path for modules. This was implemented in Nummularia but inadvertently left out of the release notes. |
| | 12 | |
| | 13 | - '''BUGFIX''' The `is_upper()` predicate only accepted the letter A as an upper-case character instead of the entire A-Z range. As a result, service and module names containing upper-case letters other than A would be rejected. |
| | 14 | |
| | 15 | [http://sourceforge.net/projects/openpam/files/openpam/Ourouparia/ Download from Sourceforge] |
