Security

'sss_simpleifp' library ('libsss_simpleifp' and 'libsss_simpleifp-devel' packages) has been deprecated and will be removed from future releases.

The SSSD 'files provider' that provides capability to handle local users has been deprecated and might be removed from future releases. It shouldn’t be an issue for vast majority of users since feature was disabled by default for a few releases already. Those who were configuring it explicitly, for example for the session recording of local users, might consider switching to 'proxy provider'. In case you have a strong use case not covered by 'proxy provider', please reach out to SSSD upstream at https://sssd.io/.

X server implementations (e.g. Xorg and Xwayland) no longer accept connections from remote clients with a byte endianess different from that of the X server by default. This removes a large attack surface in the X server that can be exploited by malicious clients. Users that require this particular use-case can re-enable this feature with the AllowByteSwappedClients option (see the xorg.conf man page), or passing +byteswappedclients to the X server invocation (see the Xserver man page). This change does users that do not use X forwarding (with or without ssh).