release v3.18.00

contrib/git/pre-commit

@@ -123,6 +123,11 @@ if [ -n "$reldate" ] && ! grep -Eq "^v$ver - $reldate" doc/sphinx/installation/u
     echo "ERROR: version '$ver' was not released at $reldate as said in doc/CHANGELOG.md (not seen in upgrading.rst)"
     isbad=1
 fi
+if ! test -f doc/release-notes/v$ver.md; then
+    echo
+    echo "ERROR: detected version '$ver', but no release notes file found in doc/release-notes/v$ver.md"
+    isbad=1
+fi
 
 # Is this file up to date?
 if ! cmp "$0" contrib/git/pre-commit >/dev/null; then

doc/CHANGELOG.md

@@ -1,3 +1,9 @@
+## v3.18.00 - 2024/12/10
+- feat: add assetForgetHostKey
+- fix: scp: downloads would sometimes stall (fix #486)
+- chore: add release notes to doc/
+- chore: add check of release-notes file in pre-commit
+
 ## v3.17.01 - 2024/10/23
 - enh: interactive: handle CTRL+C nicely (fix #497)
 - fix: osh.pl: remove a warning on interactive mode timeout

doc/release-notes/v3.18.00.md

@@ -0,0 +1,23 @@
+# :zap: Security
+
+- No security fixes since previous release
+- Oldest release with no known [security issue](https://github.com/ovh/the-bastion/security/advisories) is `v3.14.15` (2023-11-08)
+
+# :bulb: Highlights
+
+A new restricted command has been added: [assetForgetHostKey](https://ovh.github.io/the-bastion/plugins/restricted/assetForgetHostKey.html), which is the bastion-wide version of the [selfForgetHostKey](https://ovh.github.io/the-bastion/plugins/restricted/selfForgetHostKey.html) command. In other words, it removes a given asset's hostkey from all the bastion accounts' personal `known_hosts` file. This is particularely useful when a given asset is reinstalled or its IP is being reallocated, and you've left the bastion-wide default of `StrictHostKeyChecking` to 'ask': in that case, if this command is not used after the asset hostkeys have changed, each account will have to use [selfForgetHostKey](https://ovh.github.io/the-bastion/plugins/restricted/selfForgetHostKey.html) on their own, to tell the bastion that the previously known hostkey should be forgotten.
+
+This new command makes it possible to sync the reinstallation of an asset with a bastion-wide reset of its hostkeys (e.g. using an automation account that will be granted the use of the [assetForgetHostKey](https://ovh.github.io/the-bastion/plugins/restricted/assetForgetHostKey.html) command), without requiring all the other accounts to do it on their own. On their next connection, the other accounts will just have to accept the new hostkey (if `StrictHostKeyChecking` is set to `ask`, which is the default), or the new hostkey will be auto-accepted in the absence of a known one (if `StrictHostKeyChecking` is set to `accept-new`).
+
+A long-standing but has also been fixed with stalling downloads using `scp` (#486).
+
+The list of changes can be found below, for an exhaustive (and boring) list, please refer to the [commit log](https://github.com/ovh/the-bastion/compare/v3.17.01...v3.18.00).
+
+# :pushpin: Changes
+- feat: add assetForgetHostKey
+- fix: scp: downloads would sometimes stall (fix #486)
+
+# :fast_forward: Upgrading
+
+- [General upgrade instructions](https://ovh.github.io/the-bastion/installation/upgrading.html)
+- [Specific upgrade instructions for v3.18.00](https://ovh.github.io/the-bastion/installation/upgrading.html#v3-18-00-2024-12-10)

doc/sphinx/installation/upgrading.rst

@@ -27,6 +27,11 @@ See the ``--help`` for a more fine-grained upgrade path if needed.
 Version-specific upgrade instructions
 =====================================
 
+v3.18.00 - 2024/12/10
+*********************
+
+No specific upgrade instructions.
+
 v3.17.01 - 2024/10/23
 *********************
 

lib/perl/OVH/Bastion.pm

@@ -5,7 +5,7 @@ use common::sense;
 use Fcntl;
 use POSIX qw(strftime);
 
-our $VERSION = '3.17.01';
+our $VERSION = '3.18.00';
 
 BEGIN {
     # only used by the handler below