IMPORTANT NOTE ON OPENJDK
with introduction of latest Jetty HTTP server (used by Unity) it was observed that Firefox browser have troubles connecting to Unity launched on some of the OpenJDK distributions (e.g. Fedora). This is due to disabling EC TLS ciphers in affected OpenJDK. In case of troubles please use Oracle Java RE.
GENERAL INFORMATION ABOUT THE RELEASE
There are two distribution formats:
- tar.gz bundle which can be unpacked and this way installed in a single directory,
- rpm which can be installed system-wide in the Linux standard locations.
The rpm is build and tested on Centos 7, noarch. It should work flawlessly also on SL7 and recent Fedora distributions. We may build packages for other distributions in future, however the tar.gz format should be fully portable. Java 8 JRE is the primary installation prerequisite. For more detailed installation information please check the Unity manual.
2.5.X RELEASE SERIES
Release 2.5.0 is a major Unity milestone with over 30 implemented tickets. The biggest changes are around credentials supported by Unity.
When installing this release as an update a complex migration will be performed and some configuration changes are necessary. Make sure to make backup and read update instructions in the documentation!
The highlights are:
- A new SMS credential is now available. It can be used to login to Unity by entering a code which was sent to a registered and confirmed mobile telephone. The credential is integrated with all Unity features: can be set up in registration forms, controlled on HomeUI, used as first and second factor, etc.
- A new attribute type is now available: verifiable mobile number. It is fully integrated with all standard Unity features. What is more SMS credential can be bootstrapped using one of its values (if present).
- SMS code verification is a new possibility when configuring password reset.
- Password credential received a new configuration setting: password quality factor. It can (and should!) take over the existing minimal password length, minimal character classes and deny popular sequences settings. The old ones are still supported and can be used together with the new quality factor (although typically this should not be necessary). The quality checking of a password is taking into account many factors together. With this new setting Unity can accept a complex but shorter password or a longer one which is using only lowercase letters. Note that you can easily test the meaning of the password settings directly from the password credential setup UI.
- Password edit dialog presented to users was redone. It now offers a good UX, with instant feedback on password quality, fulfillment of credential policies and additional suggestions how to improve the passphrase.
- End-user oriented credentials tab in HomeUI, as well as all other places where credentials are collected (e.g. the outdated credential dialog), were greatly simplified, cleaned and should be much easier to use.
- We are happy to announce a superb community contribution from D Baum: Unity contains now a German translation!
- Up to now Unity triggered sending of email confirmation messages automatically when a not confirmed email was added. Now it can be controlled:
- For attributes created via registration forms there is a new setting allowing admin to control when and if such attribute should be confirmed: at request submission, acceptance, never or perhaps attribute should be assumed to be confirmed. This new option also allows for similar control of mobile phone verification.
- Admin user can now change confirmation status of attribute without triggering the confirmation message being sent. If this is desired the confirmation sending should be triggered manually.
- Users can now resend their confirmation link from HomeUI.
- Message template is now bound to a channel (sms or email). This change simplifies configuration in other places (no channel setting in registration forms), allows for creating templates specialized to medium being used. As a side effect different channels can now be used for various messages. For instance admin can receive SMS with information on submitted registration request, while user is notified with email about accepted or denied request.
Other, smaller changes:
- It is now possible to brand not only Unity web interfaces but also error pages which are generated by Unity.
- Email identities are compared in a fully case insensitive way
- Older versions of MariaDB are now supported
- Password history checking was fixed and can be configured to be fully disabled.
DETAILED LIST OF CHANGES
Here you can download previous versions from the series and read their documentation: