PWM History/Changelog http://code.google.com/p/pwm [------legend----------------] [ + Added feature ] [ * Improved/changed feature ] [ - Bug fixed/refactoring ] [ !

security bug fix ] [ ~ partial implementation ] [----------------------------] v1.6.4 (August 23, 2012) build 1185 --+ Norwegian language support; thanks Izaz! (issue #261) + Configuration option to enable/disable eDirectory NMAS password reading - Workaround for Apace Tomcat v7.0.29 deployment bug (issue #244) ! increased hash loop count for credentials stored in shared history v1.6.3 (August 6, 2012) build 1181 --+ Improvements in monitoring and gauge presentation on PWM Admin and health page s. + Backup backup files. Saving config now keeps 5 previous PwmConfiguration.xml files as backups. + Added setting for show logout button. + Added export of statistics via CSV from PWM Admin GUI and PwmCommand utility. * Changed packaging structure to place pwm binaries in pwm-servlet.jar instead o f WEB-INF/classes * Refactored response save configuration settings to allow more flexibility and clarity - Change language on UpdateProfile no longer clears form values (issue #243) - Show/Hide Response button now toggles attribute values as well as responses (i ssue #246) - Forgotten Password not working when user attributes required but no responses are required (issue #245) - Password History not working (duplicate local variable error) (issue #240) ! Intruder lockout now backed by PwmDB instead of memory to prevent OOM under DD OS attack. v1.6.2 (July 14, 2012) build 1175 --+ Added token (email and sms) support for user activation + Added new user agreement support for user activation + Added crypto and ldap options for tokens + ConfigManager performance improvements for display value editing + Helpdesk random passsword generation and clear responses options + Helpdesk session timeout configuration option + "Force Profile Update" option added to route users through the Profile Update module + Added partial localizations for Thai, Korean, Japanese and Chinese (issue #184 ) + Support for token expiration to prevent re-use of tokens + Added option for forgotten password query match (issue #180)

+ + + s + + + +

Option for confirmation of Profile Update values Added several rest based web services Security option to disable external clients from using web services; default i disabled Improved token security by hashing stored keys and encrypting payloads Disallow (configurable) challenge text from being used as response text Added password strength meter check to helpdesk change password Added language updates for most PWM localizations (issue #232)

* Refactored all JSP pages to be HTML5 compliant (html tags and Doctypes) * Improved page load performance for most pages * Config menu re-ordering and text improvements * Locale list is now configurable (issue #181) * Changed chai ResponseSet save format to exclude carriage returns in the ldap v alue (issue #197) - Changed servlet version to v2.5, v2.5 container (tomcat 6) and java 6 is now m inimum requirement - Resolved issue where newuser agreement screen could be bypassed (issue #165) - Fixed url path issue (/private url required for public pages) (issue #154) - Issue where activate user wasn't performing LDAP compare on correct form value s (issue #153) - Update Query Match filter not being applied (issue #178) - Email address destination token not being inserted (issue #177) - Double nested form tags on ActiveUser data entry page (issue #175) - PwmMacro engine broken when multiple macros used in a single string (issue #20 0) - Incorrect email encoding for non-latin character sets (issue #190) - Novell UserApp responses rejected when using random responses (issue #188) - Fixed issue with double-URLDecoding for logoutURL and forwardURL (issue #216) - Attribute names with hyphen ("-") not working (issue #221) v1.6.1 (January 16, 2012) build 1123 --+ Added "application leave detection" to detect if user leaves PWM site. + Added settings to manage custom CSS & JavaScript from PwmApplication.xml + Added option to override Case Sensitivity detection (issue #127) + Option to skip success messages + Request Sequence detection (duplicate form submit detection) added with option to disable. + Added feature/option to trip a "bad password" auth to ldap in case of forgotte n password failure. + Password rule text configuration option to override auto-generated rule text. + Added finnish locale, thanks tami.rauhala! + Introduced PWM Macros for certain configuration settings and display fields. + Version checking and anonymous statistics publishing (configurable) * Improved helpdesk module and removed administrative "UserInformation" module d ue to redundancy * Idle authentication timeout now configurable, separate from http session timeo ut * Implemented Jersey framework for rest web services ! properly escape search strings during ldap username searches - Issue where change password page refresh would not properly show error (issue #131) - PwmCommand line broken with "cannot allow mutator operations" (issue #134) - Added multi-line option as default for SMS multi-line response (issue #132) - Broken responseSet.meetsRequirements() for userapp responses with user-defined

questions (issue #140) - NullPointerException on password requirements tag when a minimum-interval is s et in policy (issue #137) - SMTP Password encrypted in configuration (issue #144) NOTE: when upgrading from 1.6.0, the SMTP Password needs to be re-entered v1.6.0 (October 17, 2011) build 1096 --+ Added turkish locale, thanks erdem.bayer! (issue #86) + Added slovak locale, thanks svacko! (issue #87) + Added hebrew locale, thanks dordorqwerty! (issue #92) + Added helpdesk module for password resets (issue #99) + Support for customizable CSS themes, and several default themes included (issu e #103) + Support for SMTP authentication (issue #104) + Overhaul of the NewUser registration module, + Password field is now on initial new user password field + Form UI supports more fields in less space + Randomized DN generation + While-you-type form validation + Configurable password policy template user + Configurable minimum wait time on new user creation + Added stored token database (to PwmDB or RDBMS) for forgotten password and new user password + Updated look & feel for form tables throughout the application + UserReport module in /pwm/private/admin and from PwmCommand command line * Moved public menu options (ForgottenPassword, NewUser, Activate) to login page * Moved private menu options to /pwm/private url, and made menu visibility based on permission * Continued improvements in configmanager process - Fixed bug where unsupported browser locale results in blank page/null pointer (issue #83) - Fixed bug where non-english server locale results in configuration manager iss ues (issue #84) - Double-byte characters not stored properly in PwmConfiguration.xml (issue #100 ) - Issue where SMS Servlet Gateway URL couldn't be configured with a port number (issue #97) - Config file size limit of 50k characters increased to 10mb. - Current password required in some cases on forgotten password reset page. (iss ue #119) v1.5.5 (July 7, 2011) build 1056 --- Update profile error removing attribute on blank value (issue #74) - Responses required when not configured to be (issue #80) v1.5.4 (July 5, 2011) build 1054 --+ Storage of responses in RDBM database (useful for AD, or otherwise un-extensib le ldap directories) + Added guest account registration and management + Added "selectable" type configuration syntax, and applied as appropriate + Added SMS token integration to provide for text messaging (sms) of tokens duri ng forgotten password

+ Added Jasig CAS authentication server integration (http://www.jasig.org/cas) ( issue #54) + Improved new installation configuration experience * Can now use configuration gui to set all user-displayable text strings + Configurable form "reset" button (issue #71) + More control over pushing users to update profile (issue #72) + Localization updates - Update Profile now correctly deletes values when blanked by user (issue #59) - Renamed Update Attributes servlet to UpdateProfile and changed checkAttributes parameter to checkProfile - General refactoring to improve error messages, reporting and handling ~ Basic "PeopleSearch" module added ! Security issue (issue #73) v1.5.3 (April 2, 2011) build 1026 --+ Added locale selector menu to footer (issue #31) + Changed forgotten password sequence so email token is after response questions (issue #26) + Added option to disable reverse dns resolution (in advanced) (issue #35) + Added functionality for token-only, user attribute-only, or response-only forg otten password operation, or any combination of the three + Added support for locally stored (PwmDB) responses + Added command line interface (PwmCommand.bat) to manage locally stored respons es + Added forgotten username module * * * * * Added menu title for main index page (issue #30) Added i18n and Dutch localizations for index page (issue #27) Updated Dutch localizations (issue #32, #42, #47) Improved AD complexity password checking (issue #34) Improved health monitor checking and display screens

- Fixed broken login contexts option on activation page (issue #26) - Fixed issue with cookieless (URL) sessions not working since v1.5.2 - Fixed issue wih CommandServlet?processAction=checkExpire not working - Improved ConfigManager UI performance and layout, with simple/advanced mode - changed from simpleJson java library to google json (gson) library for flexibi lity and correctness ! Added url escaping to user input reflected html form values to prevent certain types of XSS attacks v1.5.2 (October 22, 2010) build 996 --+ Changed main menu to hide un-enabled functions + Added logout button to header when logged in + Added "Password Change Message" configuration option + Added java interfaces (and config settings) for ExternalChangeMethod, External JudgeMethod and ExternalRuleMethod + Strength meter on password page now has tooltip explaining the strength meter + Added config options to show/hide strength meter, random generator + Implemented method to retrieve password expiration time from DirectoryServer38 9 (chai) + Added change password policy settings for min/max non-alphabetic characters + Added "HealthMonitor" functionality to periodically test system health

+ PWM now ignores Novell UP nspmComplexityRules that are customized (changed to other than default MS-AD 3of4 policy) + Replaced "challenge.forceAllRandoms" setting with "challenge.minRandomsSetup" to allow more flexibility. + Added "Show Password Guide" configuration and feature + Added "Display Show/Hide Password Fields" configuration and feature + Added "Show Cancel Button" configuration and feature + Added "eDirectory-UserApp Forgotten Password SOAP API" configuration and featu re + Updated setup responses to dynamically prevent duplicate questions in simple m ode + Added reset to default value for settings in configuration editor * Modified active user module to write ldap attributes after the first password change subsequent to a successful activate user event. (issue #17) * Refactored logging module to more efficiently store log events in the pwmDB * Updated setup response screen ajax code to be list 'jittery' like change passw ord screen - Updated reCaptcha urls and html to new google api - Refactored ExternalPasswordMethod to ExternalChangeMethod java interface - Fixed issue with LoginContexts setting not being parsed properly - Fixed issue where ldap urls could not contain a hyphen - Fixed issue where older/corrupt user history attribute would cause a NullPoint erException - Removed "dojo.css" include to prevent IE display issues (small fonts in IE) - Fixed issue where random generator would sometimes generate really long passwo rds (especially for complex policies) - Resolved issue where SharedHistory would not be purged correctly due to ClassC astException in PwmDBAdaptor - Fixed issue where clear button doesn't work on some pages in some browsers - Resolved issue where form buttons were overly wide in ie6/7 v1.5.1 (August 16, 2010) build 975 --+ Added idle timeout warning dialog + Added settings to control Admin Alerts for startup, shutdown, config changes, intruder detection, fatal events and daily stats. + Added setting to enable/disable session validation + Updated random password generator to show multiple randomly generated password s at once on change password screen * Improved statistics reliability and performance. - Fixed bug where forgotten password recovery would fail when no required attrib utes were configured - Fixed bug where forgotten password recovery would fail when DirectoryServer389 server was used - Fixed a bug where the configuration setting for multiple ldap login contexts c ould not be read properly v1.5.0 (July 6, 2010) build 959 --! Corrected a problem where XSS field inputs were not being properly validated a nd scrubbed ! Added form "nonce" validations to prevent certain types of XSS attacks ! Passwords stored in configuration file are now obfuscated (though config files still need to be protected securely)

+ Added graphical feedback on password confirmation field + Added web based configuration file editor (/pwm/config/ConfigManager) (issue # 4) + Switched configuration file format to PwmConfiguration.xml from pwmServlet.pro perties + Basic support for 389 Directory Server (http://directory.fedoraproject.org/) + Ability to send html email + Added send email option for user activation + Added smtp advanced properties configuration setting + Added ldap advanced properties configuration setting + Added send email token functionality during forgotten password reset + Added config option for "agreement" text to be shown prior to password change. + Added config option for ldap proxy connection idle timeout + Added option to require current password on change password screen - Replaced vertical strength meter with horizontal strength meter with better CS S degradation - Fixed issue with caps lock warning on IE browsers (issue #3) - Added/Updated some of the french localization strings (issue #5) - Fixed issue with User Information crashing if NMAS is not being used (issue #6 ) - Fixed issue with Log4j (issue #7) - Refactored ajax calls to use dojo api, and also to resolve issue with incorrec t encoding of i18n characters (issue #9) - Removed "aggressiveUrlParsing" setting, values for logoutURL/forwardURL now re ad url encoded values properly - Refactored idle counter javascript to be more efficient - Changed default location of pwmDB from META-INF to WEB-INF - Removed tabindex html attributes to allow proper tab behavior v1.4.3 (1/10/2010) build 922 --+ Improved handling of servlet container clustering and session pausing + Added caps-lock detector during password entry + Enhanced SetupResponses to show select lists when challenge.randomStyle=SETUP and there are no user defined random challenges + Added admin user information debugging page to aid in troubleshooting for admi ns + Added user user information debugging page to aid in troubleshooting for end u sers + Added daily stats viewer and chart history in administrator status screen * Refined password strength meter to allow full strength to be reached, and to b e more permissive * Tuned ajax communications to decrease request traffic. * Added "eventLog.localDbMaxAge" setting to control age of pwmDB event log stora ge * Added "ldapPromiscuousSSL" setting instead of using "autocert" param in the ld ap server url configuration * Refactored HTML/CSS to improve appearance, correctness of both normal and mobi le viewing - Fixed bug where "previously used" error incorrectly results in unknown error w hen using non-nmas password method (defect #51) - Removed setting "passwordSetMethod", for edirectory, this is replaced by "ldap .edirectory.enableNmas" - Refactored ajax channels to use JSON encoding - Fixed bug where WARN log status inaccurately reported no discovered nmas chall enge set policy (defect #50)

- Fixed bug where forgotten password doesn't work when there are no required cha llenges configured (defect #52) - Renamed "password.readEdirectoryPasswordPolicy" setting to "ldap.edirectory.re adPasswordPolicies" - Added "ldap.edirectory.storeNmasResponses" setting, and removed nmas options f rom "challenge.storageMethod" - Replaced "authUsingBind" setting with "ldap.edirectory.alwaysUseProxy" setting - Fixed bug where newer Client32 clients forced users to configure responses aft er PWM saves responses using nmas (defect #53) - Refactored ant build.xml script to accommodate new layout used in google proje ct svn - Moved XForwardedFor setting to pwmServlet.properties from web.xml as "useXForw ardedForHeader" setting. - Fixed issue where random password generation sometimes generated out-of-policy passwords - Added "ldap.edirectory.readChallengeSets" and removed "challenge.policyMethod" setting - Added "ldap.edirectory.storeNmasResponses" setting, removing NMAS options from "challenge.storageMethod" setting

v1.4.2 (7/23/2009) build 842 -----+ Added "usernameSearchFilter" config property to allow non "cn" based usernames throught pwm + Added "challenge.requiredAttributes" config property to require ldap attribute values during forgotten password recovery + Added "forceBasicAuth" web.xml parameter + Added captcha functionality using reCaptcha with "recaptcha.privateKey" / "rec aptcha.publicKey" settings. + Added "activateUser.searchFilter" setting, and changed "activateUser.attribute s" functionality to allow arbitrary searching for users without having to know the username + Added "aggressiveUrlParsing" web.xml parameter + Added "password.ADComplexity" config property + PWM now honors universal password policy "AD Complexity" configurations + Added "challenge.forceSetup" config property + Added "challenge.allowDuplicateResponses" config property + Added "challenge.forgottenStyle" parameter to allow for mixing unlock/or passw ord reset options during forgotten password use. + Preliminary, undocumented, support for using Active Directory as the ldap dire ctory + Updated logging model to use local PWM database for persistance. Log4j interf ace is still available to support external log systems. * Moved misleading and infrequently changed config property 'userNameAttribute' to web.xml parameter 'ldapNamingAttribute' (defect #36) * ChangePassword doesn't work when the "password.WordlistFile" config property i s blank (defect #29) * ChangePassword screen only no longer shows expiration warning on new user crea tion, activation or forgotten password. ! Corrected a scenario where multiple forgotten password attempts could exceed p wm user intruder limits over different http sessions ! Change to prevent response values from being written to debug log. v1.4.1 (unreleased) v1.4.0 (10/4/2008) build 776

-----+ Added "cookie-less" functionality and "allowUrlSessions" web.xml setting. Hel p for restricted browsers which disallow cookies. + Added "expireWarnTime" setting and feature to pre-warn users of a soon to be e xpired pw * HTML look overhaul, now CSS based with graceful degradation for low-capability devices - Fixed a problem where email alerts are sent with a non-configurable from addre ss (defect #27) - Problem where "challenge.caseInsensitive" setting was not honored (defect #28) - "Bad Session Proxy" error during forgotten password recovery (defect #26) - Placed a commented out text string on the change password jsp to show grace lo gins remaining (defect #23) v1.3.1 (unpublished) -----+ Added "Shortcuts" servlet and "shortcut.query.[x]" settings * Added Shared Password History functionality and "password.sharedHistory.age" s etting * Updated BerkelyDB version to v3.6.74 to correct a DB corruption bug * Removed duplicates from published wordlist files to speed up imports * Added a "Apache Derby" implementation of PwmDB - Fixed password change screen so the clear 13) - Fixed password change screen so the clear password field (defect #14) - Minor log file output enhancements - Fixed password change screen to show "too ectly (defect #18) - Fixed password change screen to show "too t correctly (defect #18) button resets the strength (defect # button moves focus to the new soon for password change" error corr soon for password change" requiremen

v1.3.0 (1/14/2008) -----+ PWM Responses are now case-insensitive (defect#1) + can now read challenge set policy from Universal Password policy + added "challenge.randomStyle" setting to change random behavior + can set c/r min/max length in pwmServlet.properties local and i18n files + localized nmas challenge policies are now supported + PWM Admin status is now determined by ldap query string instead of configured uid/pwd + rebuilt password wordlist checker, supports massive wordlists and doesn't require gobs of memory (uses pluggable DB type, default is embedded berkelyD B), tested with 20 million word dictionary. + added animated gif to pwd sync wait page + support for user-selectable random questions at population time + added password.allowChange.queryMatch setting, to control which user populatio ns can use pwm for changing password. + added UserDebugServlet for checking user password debug info + all user-related log events now use syntax of '{1} event text [ip]' where {1} is a session number, and [ip] is the user's IP/dns address. + added a unique "instanceID" value to all headers, to track which server a user

is accessing when multiple servers exsist. + updated ldapChai API to v0.4.1, moved all PWM c/r code into Chai. Thus, there is now a stand alone API available for manipulating PWM style c/r values in ldap. + upgraded JavaMail API to fix some i18n issues with email. + most URLs have been modified so "Servlet" isn't part of the name. For example , "ChangePasswordServlet" has been changed to "ChangePassword" + added "strength" meter to password change screen * random password generation is wordlist based instead of purely random characte rs, also one passsword is generated at a time instead of displaying a bunch to the us er at once. * enhanced ajax password verification to improve reliability with different type s of browsers * enhanced ajax password verification to clear "confirm password" field when "ne w password field" is modified. * added back capability to read NMAS challenge/response policies configured in e Directory. * added nmas check for password history during ajax password verification * "debugMode" setting removed from pwmServlet.properties, replaced with log4jcon fig.xml "trace" level. * XForwadedFor configuration now in web.xml, moved from pwmServlet.properties ! SHA1 Responses are now stored with a random salt to prevent dictionary attacks against response values in ldap ! disallow "<.*script.*>" and other junk in input feilds to combat against xss a ttacks, configurable in web.xml. ! refactored many operations to use the user's ldap bind instead of the proxy us er. v1.2.2 (6/20/2006) build 628 ------ Updated ldap api to prevent memory leaks - Fixed NPE while changing password when used with older eDirectory versions (pr e 8.6) v1.2.1 (1/21/2006) -----+ Optional NMAS functionality: + Added PWMSHA1+NMAS option for challenge/response storage in nmas to challe nge.storageMethod configuration. + Added nmasChange option to passwordSetMethod + Added nmas pre-change policy checker + Encoded language files properly with native2ascii - Fixed several encoding issues, UTF-8 is now used for all web traffic - Fixed idletimer (missing javascript) method in v1.2.0 distribution - Updated to LDAP Chai v0.1.1 (failover fixes to prevent intruder lockout when u sing authUsingBind option) + Added more configuration options + Added buildNumber information to build process v1.2.0 (12/8/2005)

-----+ Integrated LDAP Chai v0.1.0 (Novell Forge LDAP library) (includes several fail -over and pooler fixes) - Codebase updated for Java 1.5 language specification + added checkAll command to CommandServlet. + password.MaximumOldPasswordChars option v1.1.4 (unpublished) -----+ All user-viewable screens are now internationalized + Added localizations for spanish, portugese, polish, italian, french, czech + Added support for enforcing universal password password policy option during l ogin + Enhanced idletimer + All HTML pages now use CSS properly, and all have the same borders and tables. v1.1.3 (9/30/2005) ------ fixed thread locked wordList issues under heavy load * general enhancements for performance - better ldap connection handling - "proper" session timeout handling - removed synchronization blocks for password checking * vastly improved performance of while-you-type javascript password checker + added Threads admin servlet to see the list of currently running JVM threads + added Configuration admin servlet to view (partially) the running PWM config - made PWM more freindly to container restarts (memory leak issues) * remove "wordListCache" option from pwmConfig, wordLists are now always cached + added thread list in the admin stats + more stats: users created, users activated - bugfix: account sessions stats goes negative after restarting pwm container - bugfix: logging timestamps using minutes in place of month field + added "passwordSetMethod" option pwmConfig ~ refactored all logging code to make replacing/improving log4j easier + removed scriptlets from most user-facing pages (replaced with taglibs) + html/jsp cleanup. Most pages pass w3c validation now + added idle timeout countdown timer in status bar - fixed problem where smtp email errors would backlog in the queue forever + added logout.jsp page (just for default, logout page should still be configure d to something else) + idle ldap connections are now closed quickly v1.1.2 (8/30/2005) -----+ random passwords on changepassword.jsp are now cached in the session (performa nce boost) + ip address intruder detection + userDN intruder detection (seperate from edirectory intruder detection) - newuserservlet and general intruder code refactoring + added newUser.writeAttributes option to write admin defined attributes during new user creation + added show/hide button on change password screen (not available in IE due to I E bug) - per-keystroke javascript refactoring to improve reliability + added admin-only section and configurable PWM admin username/password + added intruder-lockout status screen + added session monitor

+ + + e + -

added web-based log monitor increased scalability of ldap connector added update attributes functionality (companion checkAttributes function to b added in future) newuser, activate user and update attribute forms now automatically generated. loginContexts settings now are orderd properly

v1.1.1 (8/5/2005) ------ bugfix: "hint to long" error during setuphints ! security: recover password would allow reset password for users with no respon ses set in some cases v1.1.0 (8/3/2005) -----+ added support for reading universal password challenge/response sets from ldap + added javascript client side caching for changepassword page + added wordlist (dictionary) server-side caching + added support for multiple hints + added support for user defined hints + added support for random hints + hint answers are now stored using SHA1 hashes + changed default color scheme to more 'novellish' color + added per/user xml history log and viewing jsp + new "activateuser" servlet replaces "validation" functionality in "newuser" s ervlet. + support for location (context) selection list on login and password recovery s ervlets for ldap trees with duplicate userIDs - additional bugfixes v1.0.7 (07/11/05) ------ bugfix: tld.fmt caused jsp exceptions on tomcat 4.x - bugfix: null pointer when user's 'passwordMinimumLength' attr missing - bugfix: ldapchai: ldaps not working with > 1.4.1 jdk, also added more debug in fo to log v1.0.6 (07/06/05) -----+ bugfix: Passwords with any of these chars: "*()?/" (excluding quotes) would no t be able to auth using normal (non-bind) auth + bugfix: no longer confused by aliases. eDirectory user aliases are now comple tely ignored. + added auto-suggest passwords on change password page. + added ldap timeout setting v1.0.5 (unreleased) -----+ added real time check-while-typing functionality for password validations + renamed "nonAlphaNumeric" password rules to "special" to be in line with unive rsal password policies + added edirectory password policy reader, now will read per-user password polic ies from eDirectory (including universal password policies)) + added a pile of password rules to conform with universal password + added regular expression checks for password rules + new scheme for handling password recovery through ldap, should be more reliabl

e v1.0.4 (06/13/05) -----+ added externalPasswordMethods options + modified pwmSchema.ldif + On a clear day, you can refactor forever..... + added passwordSyncMaxWaitTime options, PWM now waits for the password to be sy nchronized accross all known servers + fixed bug where iChain SSO was dependent on ichain profile being configured us ing lowercase. + enhanced iChain auth intergration v1.0.3 (05/19/2005) -----+ fixed a bug where expireCheckDuringAuth didn't always work + updated ant script and zip distribution so war file is buildable v1.0.2 (05/11/2005) -----+ changed war packaging to remove compression to better support certain platform s (ie, NetWare) + added "authUsingBind" configuration option + changed default log4jconfig.xml to default logging to stdout + added footer.jsp + added auto-text for password rules on change password pages + added "expireCheckDuringAuth" configuration option - removed unused "expirePauseTime" configuration option ~ expiremental code for pre-expire password email notifications v1.0.1 (04/06/2005) -----first public release of PWM.