2.1.3 (September 5 2023)
     - Fixed empty TTY audi / log when user cancelled the MFA login.
     - Do not update fail counter or blocking timers with MFA is cancelled.
     - Return OpenOTP errors and messages when MFA authentication failed.
     - Added a configuration to send remote hosts' Auditd events to syslog.
2.1.2 (June 13 2023)
     - Enhanced the added user agreement functionality.
       > Update required with WebADM v2.3.1.

2.1.1 (May 30 2023)
     - Added support for WebADM v2.3 (this version requires WebADM v2.3).
     - Added user agreement / contract signing during login transaction.
       > With HTML documents, a user consent is shown for signed confirmation.
       > With other documents, the user has to sign the attached document.
       > These features are configured via Client Policies and provide eIDAS-
         compliant login terms and conditions signature with PaDES (PDF) or
         CaDES, during a user authentication worklow.

2.1.0 (January 19 2023)
     - Added compatibility with WebADM 2.2.
     - Updated the application icons.
     - Removed the XMLRPC service API.
     - Fixed password change and session unlock not working when require
       MFA option is enabled.
     - Removed deprecated FIDO U2F authentication and enrolment.
     - Added support for FIDO2 SSH keys.
     - Added support for password change with WebADM password reset app.
       > The linux 'passwd' command changesd the password remotely.
2.0.21 (November 11 2022)
     - Added compatibility with WebADM v2.1.16.
2.0.20 (September 2 2022)
     - Added SQL audit log event types (requires WebADM >= 2.1.15).
2.0.19 (January 13 2021)
     - Fixed several issues with user tag matching.
     - Removed debug output leftover in the tag verification code.

2.0.18 (December 16 2021)
     - Fixed authorized key files not working with Allowed Local Users.
2.0.17 (December 5 2021)
     - Added support for x.509 certificates with external certificates
       (ex. eIDAS ID cards).
     - Certificates from external CAs are verified using CRL or OCSP.

2.0.16 (October 21 2021)
     - Added Client ID chaining with OpenOTP.
     - Authorized keys return backup keys even on user key failure.
     - Added specific error for ActiveDirectory password lockout.
     - Added support for LDAP language attributes in the form 'FR-fr'.
     - Forced login shell now works dynamically per client policy.
     - Requested server tags can be provided as boolean expressions.
     - Non-absolute home directories are prepended with the HomeDir Prefix.
2.0.15 (September 13 2021)
     - Fixed issues with LDAP case in user and group names.

2.0.14 (April 13 2021)
     - Voice Biometric authentication forces Voice request via Mobile Push.
     - Non interractive session (ie. SCP/SFTP) removes the 'LDAP' factor
       requirement when 'LDAP' or 'LDAPOTP' MFA method is configured.
     - License checks now occurs at session start request time instead of
       authorized keys requests.
     - Added a new setting for configuring Forced OTP Type with SCP sessions.
     - Added per-domain email sender with service provider licenses.
2.0.13 (April 4 2021)
     - Added Client ID chaining with OpenOTP and SMSHub Web services.
       > When SpanKey sends a MFA request to OpenOTP, the client ID is
         forwarded. You can also implement cross services client policies.
     - Added %DATE% and %SERVICE% to the message templates' variables.
2.0.12 (March 8 2021)
     - Fixed broken contextual extra factors' feature.

     - Added compatifility with WebADM 2.0.11.

     - Fixed configured backup/recovery keys not beeing returned.
     - Added a 'Forced OTP Type' setting to force aspecific OTP method when
       OpenOTP Extra login factor is required.
     - Fixed some issues with the FIDO-U2F private bundle import.
     - Added support for OpenSSH v8.2 with FIDO U2F Devices.
       > FIDO device keys can either be enrolled graphically or imported.
     - Fixed client certificates not always working with shared accounts.
     - Certificate keys are now feeded as SSH public keys.
     - Added comatibility with WebADM v1.7.10.
     - Multiple code rewrites and optimizations.
     - Added contextual authentication when extra login factors is enabled.
       > Users do not need to re-enter the LDAP/MFA password for all servers
         for a limited period as long as the connect from the same source IP.
     - Added MaxUID and MaxGID setting for NSS account filtering.
     - Added support for SSH access with WebADM client certificates.
     - Optimizations to the tagging subsystem.
     - This update is required for WebADM version >= 1.7.6.
     - Fixed Sudo Commands not working when configured on both user/group and
       client policies.
     - Improved SSH generation time.
     - Highly improved ECC key support.
     - Allow existing key import for all supported key types.
     - Prevent import for key not matching the key lenght in self-services.
     - Added password change retries count (to be used in upcoming SpanKey agent).
     - Re-scoped some application settings.
       > If you configured blocking policies or geo-fencing on a user or group,
         please configure it in the application or client policy.
     - Added client server hostname in the SQL logs.
     - Added final support for Auditd dynamic rules.
     - Added support for variables in the welcome message.
     - Added support for WebADM cluster-level caching API.
     - Added support for external public key registration via self-services.
       > A new Manager method allows registration with external keys too.
     - Added support for sudo commands and privilege elevations in WebADM.
       > Sudo can be configured in client policies, users and groups.
       > The sudo feature will be available in SpanKey Client v2.1.2.
     - Added an options to limit the max usage count for a SSH public key.
       > Automatic re-enrolment email link via SelfReg is supported.
     - Added login statistics (login count, success and failures) to the
       SpanKey user data.
     - Fixed broken key export in PPK format (Putty).
     - Fixed key register with the Manager API when no key size is provided.
     - Added login shell per host via a Client policy configuration.
     - Added schedulable reporting utility in 'bin/report' with CSV output.
     - Added Auditd rule configuration for terminal and SCP sessions.
       > This feature will be available with SpanKey client v2.0.3.
     - Added support for WebADM v1.7 (it does not work with previous versions).
     - Fixed issues with ECC key management.
     - Fixed search base when the group search base is defined on the domain.
     - Added support for accounts with local authorized keys files.
       > Accounts list can be adjusted per client policy.
       > Authorized keys files can be configured on the server.
       > Authorized keys files can also be set per user and per group too.
     - Added NSS caching optimization under very high load.
     - Added support for records with Auditd event logs.
     - More and better SQL logs.
     - Added OTP challenge response support with the optional MFA login.
       > OTP retries are also supported.
     - Added LDAP and LDAPOTP options for MFA login.
     - Added a terminal session unlock feature.
     - Removed trust domain support (dropped in the upcoming WebADM 1.7.0).
     - Added LDAP password change feature via SpanKey PAM module.
     - Shared account login shows the real user identity in the audit log.
     - Unlock retries are limited to 3 LDAP password attempts.
     - Added support for MinUID and MinGID policy settings.
     - Added record session's data size limitation.
     - Added support for expired password reset links via email and SMS.
     - Added optional MFA login (only SimplePush is supported with the current
       SpanKey Client).
     - Added user notifications when password or SSH key expired.
     - Multiple code and performance enhancements.
     - Brand new version with compatibility break with SpanKey v1 branch.
     - Added session recording capabilities (WebADM 1.6 Record feature).
     - Added support for SpanKey client agent v2.0 for Linux.
     - New NSS integration.
     - Much faster response time.
     - Added support for SSH session lock screen.
     - Added support for offline SSH access.
     - Added the possiblity to import an existing RSA SSH public key.
       > Available under the admin portal actions only.
     - Added localized messages API compliance with WebADM v1.5.10.
     - Fixed an issue with NSS users missing login shell.

     - Added error IDs to the error reponses.
     - Added support for WebADM service protocol API version checking.
     - Fixed a NSS issue when no Posix user or no Posix group exists.
     - Added an option to download both the PEM and PPK SpanKey private
       keys bundled in a ZIP file.
     - Added the %GROUPS% variable to the Authe Success URL setting.
     - Added session monitoring with session start and stop audit.

     - Added the SpanKey NSS methods.
       > SpanKey is now a NSS provider for Posix users and groups.
       > Integrated Linux systems do not need NSS-LDAP anymore.
       > Note that SpanKey NSS functionalities requires SpanKey client
         v1.0.1 which will be release soon.
     - The authorized keys API does not append the username to the keys.
     - Many optimizations.

     Initial SpanKey release.