Privacyidea

Features:
* Allow Offline Token without assigning to a specific IP address (2926)
* The enrollment of HOTP, TOTP, SMS and Email Tokens can be verified
by entering a valid OTP value after the enrollment. (2441)

Enhancements:
* Policies: Also honor the user resolver in policies, when administrator is managing tokens (2778)
* Token: Redesign the code logic of is_previous_otp and make it more robust for HOTP and TOTP tokens (2916)
* Add detailed log messages to track HSM sessions (3000)
* UI: If an adminitrator is allowed to manage only one realm, this realm is autoselected in the UI. (2908)
* UI: Rename buttons from "create" to "save" to avoid misunderstanding (2932)
* UI: Use new dependency injection in javascript code (1917)
* Tools: The tokenjanitor can check for the pure existence of a tokeninfo key (2753)
* Tools: Improve the token janitor documentation (2885)
* Add new translated languages from the community: cs, es, it nb_NO, pl, ru, si, tr, uk, zh_HANS
* Add nightly tests with a MySQL database (2477)
* Add extra_require in setup.py for PyKCS11 to allow installing via pip also in case of use with HSMs. (2951)
* Documentation: Add documentation for max_identifier_length for Oracle DBs (2986)
* Documentation: Improve Event Handler documentation
* Documentation: Add missing policy documentation (2768)

Fixes:
* Token: Remove the tokenowner entry after the automatic deletion of the registration token (2907)
* Fix the usage of secondary login attribute (2919)
* Fix removal of the "alembic_version" table with dropdb (2848)
* Fix "validate_mac no_check" when importing tokens with the token janitor (2755)
* Update dependencies
* UI: Fix reload of policy list (2967)
* UI: Remove the client side keygen tag for x509 certificates, since it is not supported by browsers anymore (2968)
* UI: Fix submenu links like "new" and the routing highlighting (2546)
* UI: Check the sanity of client IPs during creation of a policy (2949)
* Event Handler: Fix loading of boolean values in event handler options (2310)
* Token: Fix email token without an assigned user (2990)
* Token: Handle modhex error for invalid passwords in Yubikey token (2896)

Enhancements:
* Support SMTPS (2568)
* Add policy extended conditions of webserver environment (2510)

Fixes:
* Do not use not-readily enrolled tokens for auth (2852)
* Allow tokens in client_wait to be rolled over (2763)

Features:
Enhancements:
* Allow resyncing of a token via Multi-Challenge (2349)
* Token Handler can use the serial numbers of the tokens
during token import (2698)
* Notification Handler now allows placeholders like "tokenowner" in reply-to. (2711)
* LinOTP miration script now also works with PostgreSQL (2770)
* consolidate client_wait in token enrollment. All tokens now
get the rollout_state "clientwait" or "enrolled" which can
be used in Token Handlers and in the token-janitor (2784)
* The "orphaned" parameter of the token-janitor allows to use
0/False or 1/True to also search for non-orphaned tokens (2838)
* Add more export/import functions to pi-manage (2455)

Fixes:
* Make token-janitor robust against unknown chars in last_auth check (2780)
* Fix the manual setting of U2F tokens, which was overwritten by an
automatic description (2793)
* Improve parameter parsing and decoding (2810)
* Fix policy import with missing "condition" keyword (2829)
* Add failsafe to raise an exception on the lib level when trying to assign a token
to a user, if the token is already assigned. (2860)
* Fix AD little endian in objectGUID
* Fix upper case realm names in policy check (2869)
* Fix deleting expired auth_cache entries (2481)

Fixes:
* Fix endianess for certain GUID bytestrings in LDAP resovler returned from AD
* Fix problem with old OTP values of TOTP tokens in autoresync

Fixes:
* Fix LDAP Resolver for old Python versions like in CentOS 7 2835
* Fix typo in pi-manage that breaks config restore 2829

Fixes:
* Remove importlib-metadata from doc requirements
* Add a safe_store feature 2794
* Decode URL parameters for forms 2800
* Prepare ADFS subscription 2801