2025-11-05	Ondřej Gajdušek <ogajduse@redhat.com>
	* Release 3.16.1

2025-09-09	Ondřej Gajdušek <ogajduse@redhat.com>
	* Release 3.16.0

2025-08-26	Ondřej Gajdušek <ogajduse@redhat.com>
	* Release 3.16.0-rc2

2025-08-13	Ondřej Gajdušek <ogajduse@redhat.com>
	* Release 3.16.0-rc1

2025-07-16	Eric D. Helms <ericdhelms@gmail.com>
	* Fixes #38583: Allow mounting postgres as socket to container

2025-05-20	Lukas Hellebrandt <lhellebr@redhat.com>
	* Bump develop to 3.16.0-develop

2025-02-18	Cole Higgins <chiggins@redhat.com>
	* Bump develop to 3.15.0-develop

2025-01-08	PopiBrossard <24299127+PopiBrossard@users.noreply.github.com>
	* Fixes #37999 - allow smart-proxy with PuppetCA to read some etc files

2024-12-06	Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
	* Test on CentOS Stream 10

2024-11-21	Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
	* Drop EL 8 from Packit config
	* Fix indenting in Packit config

2024-11-18	Matthew Davis <fedoraproject@virtual.drop.net>
	* fixes #37968 - Remove dependancy on unconfined selinux module

2024-11-06	Cole Higgins <chiggins@redhat.com>
	* Bump develop to 3.14.0-develop

2024-10-30	Evgeni Golov <evgeni@golov.de>
	* drop loop around selinux variants, we only support targeted

2024-09-06	Evgeni Golov <evgeni@golov.de>
	* Fixes #37791 - use correct websockify path

2024-08-21	Cole Higgins <chiggins@redhat.com>
	* Bump develop to 3.13.0-develop

2024-06-03	Evgeni Golov <evgeni@golov.de>
	* Fixes #37497 - allow bootdisk to access /dev/shm
	* use AlmaLinux 8 for el8 tests

2024-05-22	Griffin-Sullivan <gsulliva@redhat.com>
	* Bump develop to 3.12.0-develop

2024-02-20	Griffin-Sullivan <gsulliva@redhat.com>
	* Bump develop to 3.11.0-develop

2024-02-09	Evgeni Golov <evgeni@golov.de>
	* make cockpit definition optional
	* drop the foreman-cockpit-session symlink rules

2024-02-02	Evgeni Golov <evgeni@golov.de>
	* add packit config

2023-11-29	Griffin Sullivan <gsulliva@redhat.com>
	* Bump develop to 3.10.0-develop

2023-10-13	dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
	* Bump actions/checkout from 2 to 4
	* Bump redhat-plumbers-in-action/differential-shellcheck from 4 to 5

2023-10-13	Evgeni Golov <evgeni@golov.de>
	* add dependabot

2023-08-25	Griffin Sullivan <gsulliva@redhat.com>
	* Bump develop to 3.9.0-develop

2023-08-22	Evgeni Golov <evgeni@golov.de>
	* drop old SCL path remains
	* add shellcheck
	* don't test on EL7

2023-05-23	Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
	* Bump develop to 3.8.0-develop

2023-03-05	Evgeni Golov <evgeni@golov.de>
	* don't set DISTRO in GHA

2023-02-22	Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
	* Bump develop to 3.7.0-develop
	* Fixes #35971 - Drop requirement to set DISTRO

2022-11-08	Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
	* Bump develop to 3.5.0-develop

2022-10-31	Evgeni Golov <evgeni@golov.de>
	* Fixes #35695 - allow foreman_rails_t to access syslog sockets

2022-08-25	Evgeni Golov <evgeni@golov.de>
	* Refs #35402 - allow Apache to read foreman_lib_t symlinks

2022-08-23	Evgeni Golov <evgeni@golov.de>
	* Fixes #35402 - allow apache to read /var/lib/foreman
	* Revert "Fixes #35402 - label /var/lib/foreman/public httpd_sys_content_t"

2022-08-22	Evgeni Golov <evgeni@golov.de>
	* Fixes #35402 - label /var/lib/foreman/public httpd_sys_content_t

2022-08-18	Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
	* Fixes #34807 - Compatibility with systemd-resolved

2022-08-11	Amit Upadhye <upadhyeammit@gmail.com>
	* Update develop to 3.5.0-develop

2022-05-11	Amit Upadhye <upadhyeammit@gmail.com>
	* Bump develop to 3.4.0-develop

2022-04-25	Amit Upadhye <upadhyeammit@gmail.com>
	* Refs #34730 - Delete foreman_container_port_t before we stop assigning it

2022-04-19	Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
	* Refs #34730 - Remove leftover type definitions
	* Fixes #34730 - Drop docker/container integration

2022-04-06	Adam Ruzicka <a.ruzicka@outlook.com>
	* Fixes #34726 - Make git template sync work on EL8

2022-04-06	Evgeni Golov <evgeni@golov.de>
	* try to compile on EL9 too

2022-04-06	Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
	* Replace CentOS Linux 8 in CI with CentOS Stream 8

2022-02-10	Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
	* Pull images from quay.io

2022-02-10	Amit Upadhye <upadhyeammit@gmail.com>
	* Bump develop to 3.3.0-develop

2021-12-14	Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
	* Remove unused foreman_rails_can_connect_http tunable

2021-11-12	Amit Upadhye <upadhyeammit@gmail.com>
	* Bump develop to 3.2.0-develop

2021-08-06	Amit Upadhye <upadhyeammit@gmail.com>
	* Bump version to 3.1.0-develop

2021-07-22	Tomer Brisker <tbrisker@gmail.com>
	* Bump version to 3.0-develop

2021-05-04	Tomer Brisker <tbrisker@gmail.com>
	* bump version to 2.6-develop

2021-04-14	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #32316 - drop all passenger-related rules

2021-03-16	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #32110 - add passenger websockify transition
	* Fixes #32023 - logging, puppet, tftp, abrt optional
	* Fixes #32023 - make ipa macro optional

2021-03-08	Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
	* Refs #32022 - Remove Ruby 1.8 paths

2021-02-01	Amit Upadhye <upadhyeammit@gmail.com>
	* Bump version to 2.5.0-develop

2020-11-26	Evgeni Golov <evgeni@golov.de>
	* match /var/run, not /run
	* make /run/foreman.sock match ALL files, not only regular

2020-11-03	Tomer Brisker <tbrisker@gmail.com>
	* Bump version to 2.4-develop

2020-10-13	Lukas Zapletal <lzap+git@redhat.com>
	* Update compilation GH action
	* Add compilation GH action

2020-10-13	Eric D. Helms <ericdhelms@gmail.com>
	* Refs #30803: Allow Apache to connect to Unix socket

2020-09-18	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #30866 - enable and backport passenger rules

2020-09-15	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #30845 - allow DNS over TCP

2020-08-31	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #30657 - allow websockify to list bin

2020-08-21	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #30675 - allow readonly RPM commands

2020-08-11	Tomer Brisker <tbrisker@gmail.com>
	* Bump version to 2.3-develop

2020-07-20	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #30422 - Bootdisk EFI mkfs.msdos call

2020-07-01	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #30279 - allow http(s) proxy ports by default

2020-06-18	Lukas Zapletal <lzap+git@redhat.com>
	* Refs #30147 - allow accept to unconfined service

2020-06-17	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #30147 - allow connection to unconfined service

2020-06-09	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #30069 - allow reading puppet certs to httpd

2020-06-03	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #29778 - puma policy, passenger optional

2020-05-27	Lukáš Zapletal <lzap+git@redhat.com>
	* Fixes #29882 - allow cockpit connections (#101)

2020-05-13	Tomer Brisker <tbrisker@gmail.com>
	* Bump version to 2.2-develop

2020-02-13	Tomer Brisker <tbrisker@gmail.com>
	* bump version to 2.1-develop

2020-01-27	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #28847 - allow connections to Redis

2020-01-06	Tomer Brisker <tbrisker@gmail.com>
	* bump version to 2.0-develop

2019-11-29	Lukas Zapletal <lzap+git@redhat.com>
	* Refs #28252 - allow httpd_t to connect to cockpit session

2019-11-19	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #28252 - rules for foreman cockpit session

2019-10-29	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #28115 - policy for foreman-cockpit service

2019-10-28	Tomer Brisker <tbrisker@gmail.com>
	* bump version to 1.25-develop

2019-07-30	Tomer Brisker <tbrisker@gmail.com>
	* bump version to 1.24-develop

2019-06-26	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #19053 - allow logrotate to send signals

2019-06-06	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #26951 - allow execmem in passenger too
	* Fixes #26948 - added dac_override capability back

2019-05-09	Evgeni Golov <evgeni@golov.de>
	* Drop RHEL6 statements, EL7+ only
	* Fixes #26762 - move auth_read_passwd ouside the tunable_policy

2019-04-18	Tomer Brisker <tbrisker@gmail.com>
	* Bump version to 1.23-develop

2019-04-09	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #26534 - policy is now passenger6 compatible

2019-04-03	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #16273 - allow execmem

2019-01-14	Tomer Brisker <tbrisker@gmail.com>
	* Bump version to 1.22-develop

2019-01-08	Ben Meekhof <bmeekhof@users.noreply.github.com>
	* Fixes #25783: Allow websockify to read puppet_etc_t

2018-10-17	Tomer Brisker <tbrisker@gmail.com>
	* Bump version to 1.21-develop

2018-09-21	Ewoud Kohl van Wijngaarden <ewoud@kohlvanwijngaarden.nl>
	* Fixes #24952 - Check if the directory exists before executing

2018-08-01	Eric Helms <eric.d.helms@gmail.com>
	* Generate source with the actual version specified in VERSION (#85)

2018-07-17	Tomer Brisker <tbrisker@users.noreply.github.com>
	* Bump version to 1.20-develop (#83)

2018-06-29	Dirk Goetz <dirk.goetz@netways.de>
	* Fixes #11572 - add support for spool files

2018-06-28	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #23127 - docker upgrade path is correct

2018-06-01	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #23134 - support for plugin hooks

2018-05-31	Ondrej Prazak <oprazak@redhat.com>
	* Bump version to 1.19.0-develop

2018-05-30	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #22317 - introduced websockify_can_connect_all
	* Fixes #23619 - disable script removes foreman ports
	* Fixes #23700 - passenger/http can manage symlinks

2018-01-17	Sean O'Keeffe <seanokeeffe797@gmail.com>
	* Fixes #9407 - add Foreman Memcache support

2018-01-08	Lukas Zapletal <lzap+git@redhat.com>
	* Bump to version 1.18-develop

2017-12-19	Lukáš Zapletal <lzap@redhat.com>
	* Fixes #21887 - allow connecting to puppet master

2017-11-21	Lukáš Zapletal <lzap@redhat.com>
	* Refs #18284 - added foreman_container_port_t

2017-09-21	Lukáš Zapletal <lzap@redhat.com>
	* Refs #21052 - workaround missing docker macro
	* Fixes #21052 - compile policy with docker macros

2017-09-08	Lukáš Zapletal <lzap@redhat.com>
	* Fixes #18284 - removed docker_t port

2017-08-31	Lukáš Zapletal <lzap@redhat.com>
	* Fixes #9805 - fixed file_contexts: invalid context (#67)

2017-08-28	Daniel Lobato Garcia <me@daniellobato.me>
	* Bump to version 1.17-develop

2017-04-06	Dominic Cleal <dominic@cleal.org>
	* Bump version to 1.16-develop

2016-12-06	Dominic Cleal <dominic@cleal.org>
	* Bump version to 1.15-develop

2016-11-25	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #17460 - added puppet4 node.rb context

2016-11-24	Dominic Cleal <dominic@cleal.org>
	* fixes #17324 - set has_docker when container.if is found

2016-10-20	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #16263 - fixed corenet_tcp_connect_neutron_port for 6.5

2016-09-09	Dominic Cleal <dominic@cleal.org>
	* fixes #16492 - add Gemfile to install rake (#60)

2016-09-07	Dominic Cleal <dominic@cleal.org>
	* Bump version to 1.14-develop

2016-08-10	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #15640 - added neutron port

2016-07-13	Lukáš Zapletal <lzap@redhat.com>
	* Fixes #15639 - OpenStack port assigned on RHEL6 (#58)

2016-05-31	Dominic Cleal <dominic@cleal.org>
	* Bump version to 1.13-develop

2016-05-04	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #9126 - moved Katello policy to a separate repo

2016-05-03	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #10443 - added OpenStack nova rules
	* Fixes #14811 - passenger paths for EPEL7 fixed

2016-03-17	Lukas Zapletal <lzap+git@redhat.com>
	* fixes #13502 - introduced has_docker definition

2016-02-19	Dominic Cleal <dominic@cleal.org>
	* Bump version to 1.12-develop

2016-02-08	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #13041 - passenger var context fix

2016-01-06	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #12990 - allow reading of puppet symlinks

2015-10-07	Dominic Cleal <dcleal@redhat.com>
	* Bump version to 1.11-develop

2015-09-28	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #11934 - docker rules are in optional block now

2015-09-21	Dominic Cleal <dcleal@redhat.com>
	* fixes #11608 - permit Foreman/passenger_t to bind to VNC ports

2015-08-27	Dominic Cleal <dcleal@redhat.com>
	* refs #4841 - change ruby193 SCL paths to tfm SCL

2015-06-26	Dominic Cleal <dcleal@redhat.com>
	* Bump version to 1.10-develop

2015-04-23	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #9791 - removed unused apache_template macro and types
	* Fixes #9825 - foreman can connect to remote SMTP

2015-03-09	Gerwin Krist <gerwin@linqhost.nl>
	* fixes #9523 - Allow passenger_t access to puppet_log_t

2015-03-03	Dominic Cleal <dcleal@redhat.com>
	* Bump version to 1.9-develop

2015-02-19	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #8989 - Add docker_port_t port and boolean

2014-12-15	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #8241 - added rules for local sockets libvirt connections
	* Fixes #8030 - allow UDP port binds for ruby net package

2014-11-28	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #4464 - policy for foreman-proxy

2014-10-28	Dominic Cleal <dcleal@redhat.com>
	* Bump version to 1.8-develop

2014-10-21	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #7932 - added LDAP support for passenger
	* Refs #7719 - added websockify rules for VNC console
	* Fixes #7719 - added ssh rules for libvirt CR

2014-09-30	Dominic Cleal <dcleal@redhat.com>
	* refs #7388 - make foreman-selinux-enable upgrade-safe

2014-09-29	Stephen Benjamin <stbenjam@redhat.com>
	* fixes #7729 - allow websockify to read certs

2014-09-26	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #7346 - Added OpenStack port 5000 via boolean
	* Refs #7178 - removed passenger_t execmem rule

2014-09-09	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #7198 - allowed httpd_t to read/write to passenger socket

2014-08-20	Lukáš Zapletal <lzap@redhat.com>
	* Merge pull request #28 from lzap/execmem-7178

2014-08-20	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #7178 - allowed passenger_t to execmem

2014-08-12	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #7036 - allow log files creation for Rails app
	* Fixes #7034 - added RHEL7 support to relabel script
	* Fixes #6013, #6014, #6979 - changes for RHEL7

2014-08-11	Dominic Cleal <dcleal@redhat.com>
	* Bump version to 1.7-develop

2014-08-06	Lukas Zapletal <lzap+git@redhat.com>
	* fixes #6961 - Allow websockify to read puppet cert
	* Fixes #6780 - Remove elasticsearch port on uninstall

2014-06-24	Lukas Zapletal <lzap+git@redhat.com>
	* fixes #5930 - fix katello-jobs domain

2014-06-19	Lukas Zapletal <lzap+git@redhat.com>
	* fixes #6162 - fixed websockify hidden denial
	* fixes #5930 - implement katello selinux policy

2014-05-30	Dominic Cleal <dcleal@redhat.com>
	* refs #5987 - remove unused packaging files

2014-05-30	Lukas Zapletal <lzap+git@redhat.com>
	* Fixes #5827 - Allowed port 9090 and new foreman_proxy_port_t introduced
	* Fixes #5910 - Puppetmaster allowed to set file contexts
	* Fixes #5808 - Allowed rails to read symlinks
	* Fixes #5870 - Foreman-tasks selinux policy added

2014-05-29	Dominic Cleal <dcleal@redhat.com>
	* refs #5793 - add pkg:generate_source rake task to create tar.bz2

2014-04-30	Lukas Zapletal <lzap+git@redhat.com>
	* fixes #5487 - fixed paths in selinux-relabel script

2014-04-28	Lukas Zapletal <lzap+git@redhat.com>
	* fixes #5466 - added new passenger file context path
	* Reformatting puppetmaster rules
	* fixes #4278 - policy for foreman_discovery
	* fixes #4280 - policy for foreman_setup
	* fixes #4279 - policy for foreman_hooks
	* fixes #4277 - policy for foreman_bookdisk
	* Fixes #4569 - websockify rules

2014-04-16	Dominic Cleal <dcleal@redhat.com>
	* Bump version to 1.6-develop

2014-02-26	Lukas Zapletal <lzap+git@redhat.com>
	* fixes #3465 - passanger spawns /bin/ps

2014-01-22	Lukas Zapletal <lzap+git@redhat.com>
	* fixes #4117 - added missing LICENSE file

2014-01-16	Dominic Cleal <dcleal@redhat.com>
	* Bump version to 1.5-develop

2013-11-21	Dominic Cleal <dcleal@redhat.com>
	* fixes #3712 - change develop versioning scheme to indicate next version

2013-11-08	Dominic Cleal <dcleal@redhat.com>
	* Fix concurrent execution of the release script during Jenkins builds

2013-10-08	Sam Kottler <shk@redhat.com>
	* Fixes #3159: prevent AVC denials related to passenger interaction with the puppet_*_t and a couple other domains

2013-09-30	Lukáš Zapletal <lzap@redhat.com>
	* Merge pull request #10 from skottler/bugs/3164

2013-09-27	Sam Kottler <shk@redhat.com>
	* Fixes #3164: use /bin/rpm instead of /usr/bin/rpm

2013-09-05	Lukas Zapletal <lzap+git@redhat.com>
	* Bump version to 1.3-develop
	* fixing comment in the release script

2013-07-24	Lukas Zapletal <lzap+git@redhat.com>
	* fixes #2789 - selinux denials, httpd_tmp_t, rlimits, postgresql sockets

2013-06-12	Lukas Zapletal <lzap+git@redhat.com>
	* adding ctags
	* fixing f18 compiler error

2013-06-07	Dominic Cleal <dcleal@redhat.com>
	* Add alphatag support to spec file

2013-06-07	Miroslav Grepl <mgrepl@redhat.com>
	* refactoring and adding SCL passenger support

2013-06-05	Lukas Zapletal <lzap+git@redhat.com>
	* adopting SPEC file from Katello project
	* adding SPEC file for RHEL6
	* initial import of the policy from foreman-rpm git repo

2013-05-30	Lukas Zapletal <lzap+git@redhat.com>
	* first commit

