release v3.16.99-rc2

contrib/git/pre-commit

@@ -105,7 +105,7 @@ for f in $(git diff --cached --name-only --diff-filter=ACM $against); do
 done
 
 # check versions and docs
-ver=$(grep -F 'our $VERSION =' lib/perl/OVH/Bastion.pm | cut -d"'" -f2 | cut -d- -f1)
+ver=$(grep -E '^our \$VERSION = .[0-9]+\.[0-9]+\.[0-9]+(-rc[0-9]+)?.;$' lib/perl/OVH/Bastion.pm | cut -d"'" -f2)
 if ! grep -Eq "^## v$ver - 202./[01][0-9]/.." doc/CHANGELOG.md; then
     echo
     echo "ERROR: detected version '$ver', but no matching entry in doc/CHANGELOG.md"

doc/CHANGELOG.md

@@ -1,3 +1,12 @@
+## v3.16.99-rc2 - 2024/09/17
+feat: add rsync support through the ``--protocol rsync`` option in all plugins
+feat: add ``--egress-session-multiplexing`` option to ``accountModify``
+feat: add ``groupSetServers`` to entirely change a group ACL in one shot
+enh: add lock for group ACL change to avoid race conditions on busy bastions
+enh: ``selfPlaySession``: remove sqliteLog.ttyrecfile dependency
+chore: FreeBSD: ignore OS version mismatch with packages
+chore: ``selfMFASetupPassword``: clearer message
+
 ## v3.16.99-rc1 - 2024/07/04
 feat: support wildcards in --user for ACL management plugins (fix #461)
 feat: accountFreeze: terminate running sessions if any

doc/sphinx/installation/upgrading.rst

@@ -27,13 +27,12 @@ See the ``--help`` for a more fine-grained upgrade path if needed.
 Version-specific upgrade instructions
 =====================================
 
-v3.16.99-rc1 - 2024/07/04
+v3.16.99-rc2 - 2024/09/17
 *************************
 
 This release drops support for Ubuntu 16.04 and CentOS 7. If you're still using these EOL OS releases (which is
 obviously discouraged), proper functioning of The Bastion is no longer tested or guaranteed.
-
-This release adds official support for Ubuntu 24.04 LTS and OpenSUSE Leap 15.6, these were already working but
+It also adds official support for Ubuntu 24.04 LTS and OpenSUSE Leap 15.6, these were already working but
 are now part of the integration tests.
 
 This release adds support of wildcards (also called "shell-style globbing characters"), namely ``?`` and ``*``,
@@ -41,9 +40,13 @@ when using the ``--user`` option for plugins such as ``groupAddServer``, ``group
 ``groupDelGuestAccess``, ``accountAddPersonalAccess``, ``accountDelPersonalAccess``, ``selfAddPersonalAccess``,
 ``selfDelPersonalAccess``.
 
-This release adds support of the ``sntrup761x25519-sha512@openssh.com`` KEX algorithm by default on shipped versions
-of ``sshd_config`` and ``ssh_config``. If you're upgrading, these files won't be touched, so if you want to add
-support, you'll need to modify them manually by prepending ``sntrup761x25519-sha512@openssh.com`` to the
+We also deprecate all the ``--sftp``, ``--scpdown``, ``--scpup`` options that are now replaced by a more generic
+``--protocol`` option, which supports ``sftp``, ``scpdown ``, ``scpup`` and now also ``rsync`` as parameters.
+The use of rsync is similar to sftp and scp, and is detailed here: :doc:`/plugins/open/rsync`.
+
+Last but not least, the ``sntrup761x25519-sha512@openssh.com`` KEX algorithm is now enabled by default on shipped
+versions of ``sshd_config`` and ``ssh_config``. If you're upgrading, these files won't be touched, so if you want to
+add support, you'll need to modify them manually by prepending ``sntrup761x25519-sha512@openssh.com`` to the
 ``KexAlgorithms`` line. Verify that the OpenSSH version shipped by your OS does support it (run ``ssh -Q kex``).
 
 v3.16.01 - 2024/04/17

lib/perl/OVH/Bastion.pm

@@ -5,7 +5,7 @@ use common::sense;
 use Fcntl;
 use POSIX qw(strftime);
 
-our $VERSION = '3.16.99-rc1';
+our $VERSION = '3.16.99-rc2';
 
 BEGIN {
     # only used by the handler below