The FreeIPA team would like to announce FreeIPA 4.9.2 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora distributions will be available from the official repository soon.
Highlights in 4.9.2
TODO RELEASE NOTES - put release notes (if any) to proper categories
- 8404: Detect and fail if not enough memory is available for installation
- FreeIPA server now requires at least 1.2 GiB RAM for installation to prevent performance degradation.
END TODO
Enhancements
Known Issues
Bug fixes
FreeIPA 4.9.2 is a stabilization release for the features delivered as a part of 4.9 version series.
There are more than 20 bug-fixes since FreeIPA 4.9.1 release. Details of the bug-fixes can be seen in the list of resolved tickets below.
Upgrading
Upgrade instructions are available on Upgrade page.
Feedback
Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/) or #freeipa channel on Freenode.
Resolved tickets
- #6739 Cannot login to replica's WebUI
- #8404 Detect and fail if not enough memory is available for installation
- #8452 update samba configuration on IPA master to explicitly use 'server role' setting
- #8506 Nightly failure in ipa-server-install --uninstall: org.freedesktop.DBus.Error.NoReply
- #8533 Nightly failure in ipa-replica-install configuring renewals: DBusException: org.freedesktop.DBus.Error.NoReply
- #8550 (rhbz#1902173) Uninstallation of server with KRA diplays error but proceeds successfully (unable to access security domain)
- #8554 (rhbz#1891056) ipa-kdb: support subordinate/superior UPN suffixes
- #8588 The 'ipactl status' command exit code does not fail on a partial error
- #8630 (rhbz#1909876) Do not resolve user/group UID/GID in the service constructors
- #8636 (rhbz#1923900) Samba on IdM member failure
- #8647 (rhbz#1912556) Incorrect DNSKEY created when DNSSEC enabled for zone
- #8658 (rhbz#1924501) Value stored to 'krberr' is never read in ipa-rmkeytab.c
- #8669 Reduce difference between upstream and downstream releases
- #8675 Update failed: NSS is built without support of the legacy database(DBM)
- #8683 [ipatests] `test_ipa_dns_systemrecords_check` and `test_ipa_healthcheck_no_errors` fail in Azure Pipelines
- #8685 KDC cert has no SAN DNSname
- #8686 (rhbz#1922955) Resubmitting KDC cert fails with internal server error
- #8689 Add centos platform module
- #8690 Add a tool to control interactive programs on remote hosts in IPA tests
- #8699 (rhbz#1926699) avc denial for gpg-agent with systemd-run
- #8704 (rhbz#1926910) ipa cert-remove-hold
returns an incorrect error message - #8712 Support new baseURL config option for ACME
Detailed changelog since 4.9.1
Alexander Bokovoy (14)
- Back to git commits commit
- Become IPA 4.9.2 commit
- po: refresh translations to remove outdated strings commit
- po: update translations template commit
- test_installutils: run gpg-agent under a specific SELinux context commit #8699
- Force-update translation after FreeIPA to IPA change: po/fr.po commit
- Force-update translation after FreeIPA to IPA change: po/es.po commit
- Force-update translation po/id.po commit
- Force-update translation po/fr.po commit
- Force-update translation po/es.po commit
- Force-update translation po/de.po commit
- client: synchronize ignored return codes with ipa-rmkeytab commit #8658
- ipa-sam: return NetBIOS domain name instead of DNS one commit #8636
- Back to git commits commit
Antonio Torres (4)
- ipatests: test addition of invalid sudo command commit
- sudocmd: ensure command doesn't contain trailing dot before adding it commit
- WebUI: change FreeIPA naming to IPA in About dialog commit #8669
- Update samba configuration on IPA master to explicitly use 'server role' setting commit #8452
Christian Heimes (4)
- configure: ipaplatform falls back to ID_LIKE commit #8689
- Don't install csrgen extra dependencies commit #8669
- Ensure that KDC cert has SAN DNS entry commit #8685
- Fix cert_request for KDC cert commit #6739, #8686
Florence Blanc-Renaud (8)
- ipatests: update expected error message commit #8704
- xmlrpc tests: add a test for cert-remove-hold commit #8704
- cert plugin: propagate the error for non-existent cert commit #8704
- ipatests: ipactl status now exits with 3 when a service is stopped commit #8588
- ipatests: fix ipahealthcheck fixture _modify_permission commit
- OpenDNSSEC: fix timezone in key creation date commit
- ipatests: add a test for ZSK/KSK keytype in DNSKEY record commit #8647
- dnssec: fix the key type with OpenDNSSEC 2.1 commit #8647
Mohammad Rizwan (1)
Rob Crittenden (20)
- Remove the option stop_certmonger from stop_tracking_* commit #8506, #8533
- Add some logging around initial ACME deployment commit #8712
- Add versions to the ACME config templates and update on upgrade commit #8712
- Set the ACME baseURL in order to pin a client to a single IPA server commit #8712
- Add RHEL 9 UI branding patch reference commit #8669
- Force-update translation after FreeIPA to IPA change: po/ipa.pot commit
- Remove references to rjsmin in UI compile.sh commit #8669
- Remove support for csrgen commit #8669
- Change FreeIPA references to IPA and Identity Management commit #8669
- ipatests: Handle non-zero return code in test_ipactl_scenario_check commit #8550
- Add exit status to the ipactl man page commit #8550
- Ensure IPA is running (ideally) before uninstalling the KRA commit #8550
- ipactl: support script status 3, program is not running commit #8588
- Use the new API introduced in PKI 10.8 commit
- Change CA profile migration message from info to debug commit
- Only build the UI with uglifyjs on RHEL 8 commit #8669
- Provide more detailed logging around memory detection commit #8404
- ipatests: Update NSSDatabase DBM test on non-DBM-capable installs commit #8675
- Ignore database errors when trying to extract ipaCert on upgrade commit #8675
- Report the NSS database directory if it cannot be opened commit #8675
Stanislav Levin (3)
- rpm-spec: Require crypto-policies-scripts commit
- ipatests: Handle AAAA records in test_ipa_dns_systemrecords_check commit #8683
- Azure: Populate containers with self-AAAA records commit #8683
Sergey Orlov (5)
- ipatests: use pexpect to control inetractive session of ipa-adtrust-install commit #8690
- ipatests: use pexpect to invoke ktutil commit #8690
- ipatests: add a tests-oriented wrapper for pexpect module commit #8690
- ipatests: rewrite test for requests routing to subordinate suffixes commit #8554
- fix collecting log files which are symlinks commit
Thorsten Scherf (1)
- man: fix ipa-client-samba.1 typos commit