<div class="releasenotes">
</notextile>
+h2(#main). development main (as of 2022-12-22)
-h2(#main). development main (as of 2022-10-31)
+"previous: Upgrading to 2.5.0":#v2_5_0
+
+h2(#v2_5_0). v2.5.0 (2022-12-22)
"previous: Upgrading to 2.4.4":#v2_4_4
h3. Fixed PAM authentication security vulnerability
-In Arvados 2.4.2 and earlier, when using PAM authentication, if a user
-presented valid credentials but the account is disabled or otherwise
-not allowed to access the host, it would still be accepted for access
-to Arvados. From 2.4.3 onwards, Arvados now also checks that the
-account is permitted to access the host before completing the PAM login
-process.
+In Arvados 2.4.2 and earlier, when using PAM authentication, if a user presented valid credentials but the account is disabled or otherwise not allowed to access the host, it would still be accepted for access to Arvados. From 2.4.3 onwards, Arvados now also checks that the account is permitted to access the host before completing the PAM login process.
-Other authentication methods (LDAP, OpenID Connect) are not affected
-by this flaw.
+Other authentication methods (LDAP, OpenID Connect) are not affected by this flaw.
h2(#v2_4_2). v2.4.2 (2022-08-09)