CFEngine 3.25 released - Auditability

January 6, 2025

Today, we are pleased to announce the release of CFEngine 3.25.0! The code word for this release is auditability. Being a non-LTS (not supported) release, this release allows users to test the new functionality we’ve been working on before it arrives in an LTS release ~1 year from now.

What’s new

The audit log

CFEngine Mission Portal now logs user actions in a structured audit log. This means you can go back and see who edited group data, who deleted a host, who created a user, etc. The audit log can be filtered by time and date, resource type, who performed the action, and what was affected.

Screenshot of the audit log, showing actions of users creating, updating, and deleting groups.

To make it easy for users to download, process, back up, or ingest logs into other systems, there is a button to download in CSV format, and a REST API for retrieving entries programmatically.

You can also click View details for individual entries to get more detailed information about exactly what was changed.

Screenshot of the details of one audit log event, showing the example variable which was changed.

In order to reduce noise and ensure the audit log has the most valuable information possible, it focuses on changes made by users through the Mission Portal API and UI.

3.25 sneak peek webinar episode

In our latest episode of “The agent is in” webinar series, we took a sneak peek at 3.25.0 and the audit log:

2-factor authentication and password security improvements

As mentioned in the recent 3.24.1 release blog, we’re making several improvements to the authentication security of Mission Portal, including:

  • 2-factor authentication via time-based one time password (TOTP) app
  • Password complexity measurement and stricter requirements / defaults
  • More customizability and settings to enforce the use of 2FA, strong passwords, etc.

Changelogs

As always, you can see a full list of changes and improvements in our changelogs:

Please note that the Enterprise changelogs contain only changes specific to enterprise. To get a full overview of all changes in a version, read all 3 changelogs.

Dependency updates

Compared to 3.24.0, these dependencies have been updated:

CFEngine version 3.24.0 3.25.0
Git 2.45.2 2.47.1
libcurl 8.8.0 8.11.1
libexpat 2.5.0 2.6.3
libxml2 2.13.1 2.13.5
OpenLDAP 2.6.8 2.6.9
OpenSSL 3.3.1 3.4.0
PCRE2 10.44 10.44
PHP 8.3.8 8.3.15
PostgreSQL 16.3 17.2

Thank you to all the developers and maintainers of Open Source Software which make CFEngine possible!

Downloads

CFEngine Enterprise is free for up to 25 hosts, click here to go to the download pages with new packages. If you are using cf-remote, you can specify version to install with the --version option:

command
cf-remote --version 3.25.0 install --hub hub --bootstrap hub

Contributions

We encourage all of our users to get involved in the community and contribute. Feel free to use one of the following avenues: