![]() Updated versions of packages, such as pip, requests, or Cython Improved support for optional static type hintsĪn addition of the = specifier to formatted string literals (f-strings) for easier debugging Improved developer experience with the breakpoint() built-in function, the = format string specification, and compatibility between debug and non-debug builds of Python and extension modules New language features, such as assignment expressions (the so-called walrus operator, :=) or positional-only parameters New Python modules, for example, contextvars, dataclasses, or importlib.resources The support for transport header port matching has been added.įor further information about notable changes, read the upstream release notes before updating: ![]() The support for dynamic sets updates has been improved to set updates from the packet path. The security mark support has been added. For details, see the Standard priority values and textual names section. To view standard priority numerical values, use the -y option. For details, see the tproxy statement section in the nft(8) man page.īy default, nft displays textual names of the priority set while creating the nft chains. Transparent proxy support has been added to redirect packets to a local socket without changing the packet header in any way. For further details, see the osf expression section in the nft(8) man page. Support for operating system fingerprints has been added to mark packets based on the guessed operating system. To use the new API in Python, install the python3-nftables package. This library provides a high-level interface to manage nftables rule sets from third-party applications. You can enable it with the runas_allow_unknown_id setting (CVE-2019-19232).Ī JSON API has been added to the libnftables library. The use of unknown user and group IDs for permissive sudoers entries, for example using the ALL keyword, is now disabled. Previously, you could only do so if the group matched the target user’s primary group.įixed a bug that prevented sudo from matching the host name to the value of ipa_hostname from nf, if specified.Ī vulnerability that allowed a sudo user to run a command as root when the Runas specification disallowed root access with the ALL keyword is now fixed (CVE-2019-14287). You can now use sudo with the -g option to specify a group that matches any of the target user’s groups even if no groups are present in the runas_spec specification. With the new log_allowed and log_denied settings for sudoers, you can disable logging and auditing of allowed and denied commands. The cvtsudoers command now rejects non-LDAP Data Interchange Format (LDIF) input when converting from LDIF to sudoers and JSON formats. The notBefore and notAfter options from LDAP and SSSD now work and display correctly with the sudo -l command. This prevents possible confusion of PAM output and command output sent to files and pipes.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |