Privacyidea

Fixes:
* Fix LDAP Resolver for old Python versions like in CentOS 7 2835
* Fix typo in pi-manage that breaks config restore 2829

Fixes:
* Remove importlib-metadata from doc requirements
* Add a safe_store feature 2794
* Decode URL parameters for forms 2800
* Prepare ADFS subscription 2801

Features:
* Add custom user attributes that can be managed within privacyIDEA 680
* Extended policy conditions can match on any token attribute 2590

Enhancements:
* Allow to use Push tokens without Firebase 2720
* privacyidea-cron allow to choose retry if action failed 1179
* UI: allow token rollover e.g. for smartphone swap 2613
* pi-manage: allow configuration export and import 2467
* Allow different PIN policies for different token types 2142
* UI: Search in policy description, not only in policy action 2574
* UI: Highlight found locations of search term in web UI 2577
* UI: Allow configurable entry point for custom web UI 2592
* UI: Add more descriptive tooltip to token when assigning to machine 2516
* Import AES mode yubikeys created with Yubico Personalization tool 2594
* token janitor can export arbitrary user fields 2569
* token janitor: CSV token export can either export hex or base32 encoded seeds 2648
* token janitor: CSV token export contains token owner 2664
* Remote Token can now be configured with a privacyIDEA configuration
instead of a distinct URL 2124
* Allow additional tags like {username} in SMS token 2677
* improve privacyidea-diag 2555
* auth_cache can now cache the credentials for a certain number of usages 1059
* Policy "add_user_in_response" also checks for user-realms 2642
* Stamp the database version automatically during installation 2708
* Audit Rotation is automatically added on new installation 1427

Documentation:
* Add note about SMS text formats 2151
* Rewrite Yubikey enrollment documentation 2318

Hardening:
* Replace ecdsa module with stable pyca module 2410
* LDAP resolver supports TLS 1.3 2637
* Update dependencies / requirements 2570
* Choose more secure configuration defaults 2408

Fixes:
* Do not trigger disabled PUSH tokens 2723
* Configuration default truncate Audit log 2699
* Policy: Fix problems with extended policy conditions 2676
* UI: Remove table borders in list views 2585
* UI: Do not translate date in audit log 2579
* Remove deprecated oauth2client 1990
* Fix visibility of subscription for administrator 2609
* Remove non-existing getOTP from documentation 2636
* Remove undocumented and unused parameter aladdin_hashlib in token import 2634
* Fix visibility of token wizard 2632
* Create policy button is disabled if no scope is selected 1888
* Re-enable enroll button in case of error during token enrollment 2717
* Save fractions of seconds in the audit log 2706
* Fix pi-manage restore 2728

Fixes:
* Add serial to the request object in /ttype/ endpoint (2605)
* Fix missing audit entries missing_line and sig_check (2627)
* Fix backup on Ubuntu 20.04 (2646)
* Fix missing priority in policy import (2643)
* Fix DB migrate URI if it contains char % (2661)
* Fix long default POOLING_LOOP_TIMEOUT (2662)

Fixes:
* Fix DB migration script for update from prior of 3.3. (2582)
* Fix the internal interface of container audit module (2562)
* Add missing headers to /auth request (2599)
* Fix tokeninfo value filter with Oracle db (2602)

Features:
* 4Eyes token uses multi challenge authentication (2317)
* Require attestation certificate when enrolling
certificate token (2152)

Enhancements:
* Tokens
* Allow to update firebase_token of a Push Token (2436)
* Support WebAuthn tokens without sign_count (2361)
* PSKC import now verifies the MAC of the token secrets (2312)
* Configure length and contents of registration token via policy (2284)
* The questionnaire token can now ask several questions from the list (2137)
* Event handler:
* Choose SMS Gateway Identifier in Tokenhandler
when enrolling SMS token (2506)
* Choose SMTP Identifier in Tokenhandler
when enrolling Email token (2452)
* Increase or decrease failcounter in Tokenhandler (2402)
* Allow to set maxfail counter in event handlers (2541)
* Policies:
* Add extended conditions for tokeninfo (1947)
* Web UI
* PIN can be changed with Challlenge Response when authenticating
at the WebUI (2474)
* Hide some audit log columns for service desk users (2372)
* Allow to configure a link to a policy statement/GDPR (2325)
* Audit log now contains start time, end time and
duration of a request (2254)
* The length of the audit columns to be truncated can be
configured in pi.cfg (1756)
* Action grouping in scope authorization (2438)
* Redesign welcome message for community version (2397)
* Add usernames and serials of failed authentications
as shortlink into dashboard (2475)
* Policy to add node name in the web UI (1961)
* Make event conditions searchable (2148)
* Align search layout in event conditions and policy actions (2557)
* pi-manage: export resolver configuration (1329)
* Documentation:
* Add note about SELinux and using non-standard ports (2459)
* Explain sync_to_database for script handlers (2450)
* Add documentation for RADIUS configuration (2448)

Fixes:
* Allow equal signs in policy actions (2494)
* Challenge Response is now checked independently on the presence
of a challenge in the database (2491)
* Fix enrollment of two tokens using double click (2487)
* Fix wrong (to few) number of authentication requests
in the dashboard (2473)
* Allow setting an empty PIN in the UI (2472)
* The dashboard only displays information, which an admin is
allowed to see, without throwing errors (2456)
* Fix length of hashed password column in auth_cache table (2446)
* Fix url_decode (2345)
* Fix missing adminuser when importing policies (2340)
* Hide browser autocomplete in user search field (2292)
* Disable browser autocomple fields that clash with
search fields in the UI (2401)
* Fix challenge response with multiple FIDO2 tokens (2092)