Skip to content
Tags give the ability to mark specific points in history as being important
  • v2.3.1 protected
    Security update for v2.3.0
    This update fixes two low-impact security-related bugs in uffd.
    1) TOTP code reuse: Uffd supports Time-based one-time password (TOTP) as a 2FA
    method. In addition to being short-lived (the "time-based" part), TOTP codes
    are supposed to be single-use (the "one-time" part) to be more resistant
    against phishing and eavesdropping. Until this release however, uffd allowed
    the same code to be used multiple times during it's validity period.
    2) Broken OAuth2 authorization code invalidation: When a user authenticates
    with an SSO-connected application, a secret is transported in an URL query
    parameter when the user is redirected back from the SSO to the application. The
    application then uses this secret, the authorization code, to establish the
    user's identity. Anyone in possession of a valid authorization code can use it
    to impersonate the user it was issue for at the application it was issued for.
    Authorization codes are supposed to be single-use. Due to a bug introduced in
    v1.1.0 however, authorization codes were not invalidated on use and remained
    valid until they expired. Thanks to the short lifetime of authorization codes,
    the security impact of this issue is relativly low, unless an attacker has
    live access to webserver or application logs which usually include URL query
  • v2.3.0 protected
    Support for Debian Bookworm and maintainance
    Dependency updates in Bookworm subtly change the behaviour of uffd's database
    migrations. This release fixes that. When upgrading a Debian Buster or
    Bullseye system to Bookworm, make sure to upgrade uffd to v2.3.0 first.
    Then upgrade the system to Bookworm.
  • v2.2.0 protected
    New features and bug fixes for v2.1.0
    - Flexible e-mail preferences: Users can select different e-mail addresses
      for password reset and the services they have access to.
    - New remailer address format: The old format was case-sensitive which caused
      problems with some services. The new format is case-insensitive and generally
      more robust. The old format is still supported.
    - New service setting to make testing remailer easier (extends/replaces
    - Admins can now deactivate user accounts.
    - Prometheus metrics: If the required dependencies are installed, an
      experimental metrics endpoint is available.
    - Unique user e-mail addresses: If enabled, uffd enforces e-mail address
      uniqueness. Can be enabled/disabled with "uffd-admin unique-email-addresses".
    Bug fixes:
    - MariaDB support: In older versions MariaDB support was broken. Starting
      with this release MariaDB support is CI tested.
    - New UID/GID allocation approach prevents UID/GID reuse
  • v2.1.0 protected
    New features and bug fixes for v2.0.1
    - Configurable site title (SITE_TITLE)
    - Configure page after login to service overview (DEFAULT_PAGE_SERVICES)
    - Configurable banner above login form (LOGIN_BANNER)
    - Hide user email addresses with remailer (REMAILER_*)
    - Use permanent rather than session cookies
    Bug fixes:
    - Fix group/role update command clearing description
    - Support SMTP without authentication
    - Fix "new invite" form resetting on error
    - Fix redirect_uris having trailing \r or blank entries
    - Typos/translation fixes
  • v2.0.1 protected
    Minor bug and regression fixes for v2.0.0
    Value formatting of OAuth2 logout URIs in the service admin interface did
    not add separating newlines. The service overview page returned 404
    (Not Found) in cases it previously did not. The behavior was changed for
    consistency with other pages.
  • v2.0.0 protected
    e00ea70d · Release preparations ·
    Major release removing LDAP support
    * Service and non-service users may use the same Unix UID range
    * CLI commands for managing users, groups and roles
    * 2FA status of users is visible in admin interface
    * Database-stored service objects that group OAuth2 and API clients
    * Support for old invite, selfservice and signup links (deprecated in
    * User, group and mail alias data is stored in the database instead
      of an LDAP server. Existing objects are imported. All LDAP support
      is removed.
    * Receive addresses of mail aliases are subject to alphabet
      constraints and converted to lower-case on import
    * Group names are subject to alphabet and length constraints
    * OAuth2 clients
      * Removed parameter "login_message"
      * Parameter "group_required" no longer supports AND/OR conjunctions
        of multiple groups, only a single group name
      * Clients defined with OAUTH2_CLIENTS config option moved to
        database. Existing clients are imported.
      * Service name is displayed in place of the client_id during device
      * OAuth2 userinfo endpoint no longer exposes "ldap_dn"
    * API clients
      * Removed API_CLIENTS config option (deprecated in v1.2.0)
      * Clients defined with API_CLIENTS_2 config option moved to
        database. Existing clients are imported.
    * Argon2 replaces salted SHA256 for hashing user passwords. Existing
      passwords are gradually migrated on login. Argon2 has a significant
      impact on CPU and memory utilization.
    * Default UWSGI config uses multiple workers
    * Enabled foreign key support for SQLite
    * Expired objects are no longer deleted during request processing.
      Instead the CLI command "cleanup" must be run at least daily. The
      Debian package includes a cron job for this.
    * Environment variable CONFIG_PATH superseds CONFIG_FILENAME
    * The default value of config option ACL_ACCESS_GROUP changed
    See for detailed upgrade instructions.
  • v1.2.0 protected
    New API auth mechanism, deprecation of old one
    The old Bearer-based authentication (config key API_CLIENTS) is deprecated
    and will be removed in v2.0.0. The new auth mechanism uses config key
  • v1.1.2 protected
    Minor bugfix
  • v1.1.1 protected
    c5b46c6c · Release v1.1.1 ·
    Security and regression fixes for v1.1.0
  • v1.0.2 protected
    Security fixes for v1.0.1
  • v1.1.0 protected
    c07193c6 · Release v1.1.0 ·
    Support for Debian Bullseye and MySQL, bug fixes and new features
  • v1.0.1 protected
    Security fixes for v1.0.x
  • v1.0.0 protected
    3abcbf20 · v1.0.0 release ·
    First stable release
  • v0.3.0 protected
  • v0.2.0 protected
  • v0.1.5 protected
    980ba3b2 · package uffd for apt ·
  • v0.1.4 protected
    43c09a8c · package uffd for apt ·
  • v0.1.2 protected
    05df7091 · package uffd for pip ·