New features and bug fixes for v2.1.0

Features:
- Flexible e-mail preferences: Users can select different e-mail addresses
  for password reset and the services they have access to.
- New remailer address format: The old format was case-sensitive which caused
  problems with some services. The new format is case-insensitive and generally
  more robust. The old format is still supported.
- New service setting to make testing remailer easier (extends/replaces
  REMAILER_LIMIT_TO_USERS).
- Admins can now deactivate user accounts.
- Prometheus metrics: If the required dependencies are installed, an
  experimental metrics endpoint is available.
- Unique user e-mail addresses: If enabled, uffd enforces e-mail address
  uniqueness. Can be enabled/disabled with "uffd-admin unique-email-addresses".

Bug fixes:
- MariaDB support: In older versions MariaDB support was broken. Starting
  with this release MariaDB support is CI tested.
- New UID/GID allocation approach prevents UID/GID reuse

New features and bug fixes for v2.0.1

Features:
- Configurable site title (SITE_TITLE)
- Configure page after login to service overview (DEFAULT_PAGE_SERVICES)
- Configurable banner above login form (LOGIN_BANNER)
- Hide user email addresses with remailer (REMAILER_*)
- Use permanent rather than session cookies

Bug fixes:
- Fix group/role update command clearing description
- Support SMTP without authentication
- Fix "new invite" form resetting on error
- Fix redirect_uris having trailing \r or blank entries
- Typos/translation fixes

Minor bug and regression fixes for v2.0.0

Value formatting of OAuth2 logout URIs in the service admin interface did
not add separating newlines. The service overview page returned 404
(Not Found) in cases it previously did not. The behavior was changed for
consistency with other pages.

Major release removing LDAP support

Added:

* Service and non-service users may use the same Unix UID range
* CLI commands for managing users, groups and roles
* 2FA status of users is visible in admin interface
* Database-stored service objects that group OAuth2 and API clients
  together

Removed:

* Support for old invite, selfservice and signup links (deprecated in
  v1.1.1)
* ENABLE_INVITE, ENABLE_PASSWORDRESET, ENABLE_ROLESELFSERVICE config
  options

Changed:

* User, group and mail alias data is stored in the database instead
  of an LDAP server. Existing objects are imported. All LDAP support
  is removed.
* Receive addresses of mail aliases are subject to alphabet
  constraints and converted to lower-case on import
* Group names are subject to alphabet and length constraints
* OAuth2 clients
  * Removed parameter "login_message"
  * Parameter "group_required" no longer supports AND/OR conjunctions
    of multiple groups, only a single group name
  * Clients defined with OAUTH2_CLIENTS config option moved to
    database. Existing clients are imported.
  * Service name is displayed in place of the client_id during device
    login
  * OAuth2 userinfo endpoint no longer exposes "ldap_dn"
* API clients
  * Removed API_CLIENTS config option (deprecated in v1.2.0)
  * Clients defined with API_CLIENTS_2 config option moved to
    database. Existing clients are imported.
* Argon2 replaces salted SHA256 for hashing user passwords. Existing
  passwords are gradually migrated on login. Argon2 has a significant
  impact on CPU and memory utilization.
* Default UWSGI config uses multiple workers
* Enabled foreign key support for SQLite
* Expired objects are no longer deleted during request processing.
  Instead the CLI command "cleanup" must be run at least daily. The
  Debian package includes a cron job for this.
* Environment variable CONFIG_PATH superseds CONFIG_FILENAME
* The default value of config option ACL_ACCESS_GROUP changed

See UPGRADE.md for detailed upgrade instructions.

New API auth mechanism, deprecation of old one

The old Bearer-based authentication (config key API_CLIENTS) is deprecated
and will be removed in v2.0.0. The new auth mechanism uses config key
API_CLIENTS_2.

Minor bugfix

Security and regression fixes for v1.1.0

Security fixes for v1.0.1

Support for Debian Bullseye and MySQL, bug fixes and new features

Security fixes for v1.0.x

First stable release