Merge pull request #3147 from larsewi/changelog-3.27.x

CHANGELOG.md: updated changelog entries for 3.27.1

Author: olehermanse

CHANGELOG.md

@@ -1,14 +1,19 @@
 ## 3.27.1
+
 - Added 2FA support and configurable admin username for distributed cleanup setup
   (ENT-12129)
 - Added dnf package module (ENT-11784)
 - Added workaround for set_variable_values_ini with missing sections
   (CFE-3866)
-- Changed distributed_cleanup.py to issue a real DELETE FROM __hosts instead of soft deletion via INSERT with a deleted timestamp
+- Changed distributed_cleanup.py to issue a real DELETE FROM `__hosts` instead of soft deletion via INSERT with a deleted timestamp
   (ENT-12129)
 - Fixed bad regex in packages promise method for pip (ENT-13667)
+- Fixed maximum recursion errors in modules_presence for CFEngine versions
+  unaffected by CFE-4623 (CFE-2852)
+- Added dnf_group package module for managing DNF package groups (CFE-2852)
 
 ## 3.27.0
+
 - Fixed cfruncommand for Windows causing "Too many arguments" error (ENT-13530)
 - Added $(paths.dmidecode) for Red Hat (ENT-12988)
 - Added fsattrs bodies to manage the immutable bit (CFE-4582)
@@ -50,6 +55,7 @@
   (ENT-13173)
 
 ## 3.26.0
+
 - Inhibited management of share config.php file when mpf_disable_mission_portal_docroot_sync_from_share_gui is defined
   (ENT-12658)
 - Switched to using current process ID to investigate proc filesystem to workaround in-container non-root owned symlinks
@@ -61,6 +67,7 @@
   (ENT-11440)
 
 ## 3.25.0
+
 - Data dumping on Federated Reporting feeders no longer uses an AWK filter to merge INSERT
   lines in the dumps
 - Made system_log_level configurable via Augments (CFE-4452)
@@ -78,6 +85,7 @@
 - Fixed issues with loading images from raw.github.com inside CFEngine Build application in Mission Portal (ENT-12531)
 
 ## 3.24.0
+
 - AIX watchdog now handles stale PIDs (CFE-4335)
 - Aligned ownership and permission expectations between Mission Portal and MPF
   (ENT-11941)
@@ -122,14 +130,15 @@
   (ENT-8785)
 - Added set_escaped_user_field complementing set_user_field (CFE-4377)
 - Added setup-feeder option to distributed cleanup script (ENT-11844)
-- Fixed comparison that caused control_executor_mailfilter_*_configured to never be set
+- Fixed comparison that caused `control_executor_mailfilter_*_configured` to never be set
   (CFE-4374)
 - Fixed distributed_cleanup policy for feeders and rhel-8 superhubs
   (ENT-10960)
 - Fixed restoration of Mission Portal application to packaged content when modified
   (ENT-10962)
 
 ## 3.23.0
+
 - Added ability to disable plain http for CFEngine Enterprise Mission Portal
   (ENT-10411)
 - Added ability to enable backup archives during policy update
@@ -177,6 +186,7 @@
   (ENT-10951)
 
 ## 3.22.0
+
 - Added inventory for policy version (ENT-9806)
 - Added condition to runalerts service to require stamp directory
   (ENT-9711)
@@ -232,6 +242,7 @@
   - body package_method pacman
   - body package_method zypper
   - body package_method generic
+
   Additionally note that the package related bundles use the package_method bodies
   mentioned above and are similarly influenced.
   - bundle agent package_present(package)
@@ -240,7 +251,9 @@
   - bundle agent package_specific_absent(packageorfile, package_version, package_arch)
   - bundle agent package_specific_latest(packageorfile, package_version, package_arch),
   - bundle agent package_specific(package_name, desired, package_version, package_arch)
+
   (CFE-4178)
+
 - Prevented management of runagent socket users when no users are listed
   (ENT-9535)
 - Removed specific old CFEngine version package module handling for windows
@@ -249,6 +262,7 @@
   (ENT-8338)
 
 ## 3.21.0
+
 - Added inventory for Raspberry Pi and DeviceTree devices (ENT-8628)
 - Added policy to enforce proper permissions on Mission Portal ldap directory (ENT-9693)
 - Added check to make sure cf-execd is running after attempting self upgrade on Windows
@@ -290,6 +304,7 @@
 - Ensured manual edits to httpd.conf are reverted (ENT-9686)
 
 ## 3.20.0
+
 - Renamed bundle agent main to bundle agent mpf_main (CFE-3947)
 - Added prelink to paths.cf
 - Added Enterprise Hub postgresql.conf to files monitored for diffs by default
@@ -342,6 +357,7 @@
 - Now clean_when_off FR bundle is only run when needed (ENT-8294)
 
 ## 3.19.0
+
 - Added interpreter attribute to standalone self upgrade package_module bodies
   (CFE-3703, ENT-5752)
 - Added almalinux as a know derivative of rhel (ENT-7644)
@@ -362,7 +378,7 @@
   This change adds the classes services_autorun_inputs and
   services_autorun_bundles for independently enabling addition of .cf files in
   services/autorun and automatic execution of bundles tagged with autorun
-  respectively.  (CFE-3715)
+  respectively. (CFE-3715)
 - Added support for downloading community packages on hub in preparation for binary upgrades
 - Added variable for excluding files from Policy Analyzer (ENT-7684)
 - Adjusted badges for 3.18.0 release (ENT-6713)
@@ -373,11 +389,11 @@
   effect of this is that agent runs that happen close together would skip running
   bundles run within the last minute. Now autorun bundles no longer wait for a
   lock to expire, they will be actuated each agent execution. Note, promises
-  within those bundles have their own locks which still apply.  (CFE-3795)
+  within those bundles have their own locks which still apply. (CFE-3795)
 - Dropped un-necessary local variable
   The use of this local variable triggers a bug that prevents datastate() from
   printing. Since the variable is un-necessary, it's been removed and the
-  parameter is used directly.  (CFE-3776)
+  parameter is used directly. (CFE-3776)
 - Enforced permissions for Postgres log (ENT-7961)
 - Fixed package module augments settings usage for pre 3.15.3 binaries
   (ENT-7356, ENT-7358)
@@ -395,7 +411,7 @@
   (ENT-7714)
 - Promised permissions for Mission Portal application and Apache log files
   This change ensures that both Mission Portal and Apache log files have
-  restrictive permissions. Previously this was un-managed.  (ENT-7730)
+  restrictive permissions. Previously this was un-managed. (ENT-7730)
 - Reduced scope of report informing of missing systemd service
   (CFE-290, ENT-7360)
 - Removed build dir from install/dist targets (ENT-7359)
@@ -409,7 +425,7 @@
   permissions (600). The previous explicit permissions (755) are un-necessary as
   modules are not executed from within the inputs directory and have resulted in
   permission flip-flopping in some environments. Permissions on modules in the
-  modules dir (sys.workdir)/modules are still enforced.  (ENT-7733)
+  modules dir (sys.workdir)/modules are still enforced. (ENT-7733)
 - Switched from using package_method generic to default package_module
   for windows software inventory (ENT-2589)
 - Improved the reliability when detecting a Red Hat system.
@@ -428,6 +444,7 @@
   (ENT-7967)
 
 ## 3.18.0
+
 - Added .ps1 to list of file patterns considered during policy update
   (ENT-4094)
 - Added ability to specify additional directories to add autorun policy from
@@ -496,6 +513,7 @@
 - Guard again enforcing root ownership for CFEngine files on Windows (ENT-4628)
 
 ## 3.17.0
+
 - Added .csv to the list of file extensions considered by default during
   policy update (CFE-3425)
 - Added ability to extend known paths without modifying vendored policy
@@ -532,6 +550,7 @@
 - Replaced @ignore with useful doc strings (CFE-3378)
 
 ## 3.16.0
+
 - /var/cfengine/bin/python symlink creation on SLES was fixed
 - Added `data` shortcut to cf-serverd, defaults to sys.workdir/data
 - Added inventory for CFEngine Enterprise License information
@@ -554,17 +573,17 @@
 - Changed m_inventory dumping behavior to exclude when values is null
   (ENT-5562)
 - Corrected application/logs path to outside of docroot (ENT-5255)
-- Deleted deprecated __PromiseExecutionsLog from process that cleans
+- Deleted deprecated `__PromiseExecutionsLog` from process that cleans
   log tables (ENT-5170)
 - Fixed dmi inventory to prefer sysfs to dmidecode for most variables
   for improved performance and to handle CoreOS hosts that don't
-  have dmidecode.  (CFE-3249)
+  have dmidecode. (CFE-3249)
 - Fixed permission flipping when policy analyzer is enabled (ENT-5235)
 - Fixed runalerts processes promise on non-systemd systems (ENT-5432)
 - Fixed selection of standard_services when used from non-default
   namespace (ENT-5406)
 - Fixed system UUID inventory for certain VMWare VMs where dmidecode
-  gives UUID bytes in wrong order.  (CFE-3249)
+  gives UUID bytes in wrong order. (CFE-3249)
 - Fixed typo preventing recommendation bundles from running (CFE-3305)
 - HA setups no longer have flipping permissions on
   /opt/cfengine/notification_scripts
@@ -595,6 +614,7 @@
 - apt_get package module now checks package state (CFE-3233)
 
 ## 3.15.0
+
 - Added package_module for snap (CFE-2811)
 - Fixed pkgsrc in case where multiple Prefix paths are returned for pkg_install (CFE-3152)
 - Fixed pkgsrc module on Solaris/NetBSD (CFE-3151)
@@ -620,7 +640,7 @@
 - Added brief descriptions to bodies and bundles in cfe_internal/CFE_cfengine.cf
   (CFE-3220)
 - Added support for SUSE 11, 12 in standalone self upgrade (ENT-5045, ENT-5152)
-- Changed policy triggering cleanup of __lastseenhostlogs to target only
+- Changed policy triggering cleanup of `__lastseenhostlogs` to target only
   3.12.x, 3.13.x and 3.14.x. From 3.15.0 on the table is absent. (ENT-5052)
 - Fixed agent disabling on systemd systems (CFE-2429, CFE-3416)
 - Ensured directory for custom action scripts is present (ENT-5070)
@@ -631,10 +651,11 @@
   (ENT-4331, ENT-4992)
 - Fixed re-spawning of cf-execd or cf-monitord after remediating duplicate concurrent processes
   (CFE-3150)
-- Replaced /var/cfengine with proper $(sys.*) vars (ENT-4800)
-    - Fixed selection of standard_services when used from non-default namespace (ENT-5406)
+- Replaced /var/cfengine with proper `$(sys.*)` vars (ENT-4800)
+  - Fixed selection of standard_services when used from non-default namespace (ENT-5406)
 
 ## 3.15.0b1
+
 - Added continual checking for policy_server state (CFE-3073)
 - Added monitoring for PostgreSQL lock acquisition times (ENT-4753)
 - Added support for `awk` filters in the FR dump-import process (ENT-4839)
@@ -658,12 +679,13 @@
 - Added ssh_home_t type to cftransport .ssh dir (ENT-4906)
 - fix use of _stdlib_path_exists_<command> in FR transport_user policy
   bundle (ENT-4906)
-- partitioned __inventory table for federated reporting (ENT-4842)
+- partitioned `__inventory` table for federated reporting (ENT-4842)
 - psql_wrapper needed full path to psql binary (ENT-4912)
 - yum package_module gets updates available from online repos if local
   cache fails (CFE-3094)
 
 ## 3.14.0
+
 - Fixed isvariable syntax error in update_def.cf (CFE-2953)
 - Added path support for setfacl, timedatectl and journalctl (CFE-3013)
 - Added trailing slash to access promises expecting directories
@@ -711,6 +733,7 @@
 - redhat_pure is no longer defined on Fedora hosts (CFE-3022)
 
 ## 3.13.0
+
 - Added Debian 9 to the self upgrade package map (ENT-4255)
 - Added `system-uuid` to default dmidecode inventory (CFE-2925)
 - Added inventory of AWS EC2 linux instances (CFE-2924)
@@ -771,6 +794,7 @@
   (CFE-2855)
 
 ## 3.12.0b1
+
 - Avoided executing self upgrade policy unnecessarily (ENT-3592)
 - Added amazon_linux class to yum package module
 - Introduce ability to set policy update bundle via augments (CFE-2687)
@@ -840,10 +864,11 @@
 - Avoided self upgrade from triggering during bootstrap (ENT-3394)
 - Added json templates for rendering serial and multiline data (CFE-2713)
 - Removed unused libraries and controls
-- Fixed an error in the file_make_mustache_*, incorrect variable name used
+- Fixed an error in the `file_make_mustache_*`, incorrect variable name used
   (CFE-2714)
 
 ## 3.11.0
+
 - Renamed enable_client_initiated_reporting to client_initiated_reporting_enabled
 - Directories for ubuntu 16 and centos 7 should exist in master_software_updates
   (ENT-3136)
@@ -895,6 +920,7 @@
 - Ensure MP SSL Cert is readable (ENT-3050)
 
 ## 3.10.0
+
 - Added: Classes body tailored for use with diff
 - Changed: Session Cookies use HTTPOnly and secure attributes (ENT-2781)
 - Changed: Verify transferred files during policy update
@@ -932,6 +958,7 @@
   (CFE-2466)
 
 ## 3.7.0
+
 - Support for user specified overriding of framework defaults without modifying
   policy supplied by the framework itself (see example_def.json)
 - Support for def.json class augmentation in update policy
@@ -966,13 +993,13 @@
 - Move hub specific bundles from lib/VER/cfe_internal.cf into lib/VER/cfe_internal_hub.cf
   and load them only if policy_server policy if set.
 - Re-organized lib/VER/stdlib.cf from lists into classic array for use with getvalues
-- inform_mode classes changed to DEBUG|DEBUG_$(this.bundle):: (Redmine: #7191)
+- `inform_mode` classes changed to `DEBUG|DEBUG_$(this.bundle)::` (Redmine: #7191)
 - Enabled limit_robot_agents in order to work around multiple cf-execd
   processes after upgrade. (Redmine #7185)
 - Removed Diff reporting on /etc/shadow (Enterprise)
 - Update policy from promise.cf inputs. There is no reason to include the
   update policy into promises.cf, update.cf is the entry for the update policy
-- _not_repaired outcome from classes_generic and scoped_classes generic (Redmine: # 7022)
+- `_not_repaired` outcome from classes_generic and scoped_classes generic (Redmine: # 7022)
 - standard_services now restarts the service if it was not already running
   when using service_policy => restart with chkconfig (Redmine #7258)
 - Fixed process_result logic to match the purpose of body process_select