Hello! The FreeIPA team would like to announce FreeIPA 4.8.10 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora distributions will be available from the official repository soon. Fedora 33: https://bodhi.fedoraproject.org/updates/FEDORA-2020-e9e815177e Fedora 32: https://bodhi.fedoraproject.org/updates/FEDORA-2020-6f072665c6 == Highlights in 4.8.10 * 8275: Support systemd-resolved FreeIPA DNS servers now detect systemd-resolved and configure it to pass through itself. * 8404: Detect and fail if not enough memory is available for installation FreeIPA server now requires at least 1.2 GiB RAM for installation to prevent performance degradation. * 8488: SELinux blocks custodia key replication / retrieval for sub-CAs SELinux: Make sure ipa_custodia_t has the necessary rights ; add dedicated policy rules for ipa-pki-retrieve-key. * 8490: It is not possible to edit KDC database when the FreeIPA server is running kadmin.local command 'getprincs' is now supported * 8503: pkispawn logs files are empty On recent versions of Dogtag PKI, pkispawn does not create logs by default, making debugging failed IPA installs impossible. Invoke pkispawn with --debug to revert to the previous behavior. * 8507: [WebUI] Backport jQuery patches from newer versions of the library (e.g. 3.5.0) Support reproducible builds for jQuery library === Enhancements === Known Issues === Bug fixes FreeIPA 4.8.10 is a stabilization release for the features delivered as a part of 4.8.10 version series. There are more than 20 bug-fixes details of which can be seen in the list of resolved tickets below. == Upgrading Upgrade instructions are available on Upgrade page. == Feedback Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/[email protected]/) or #freeipa channel on Freenode. == Resolved tickets * https://pagure.io/freeipa/issue/5914[#5914] (https://bugzilla.redhat.com/show_bug.cgi?id=1298288[rhbz#1298288]) invalid setting of DS lock table size * https://pagure.io/freeipa/issue/6115[#6115] (https://bugzilla.redhat.com/show_bug.cgi?id=1357495[rhbz#1357495]) ipa command provides stack trace when provided with single hypen commands * https://pagure.io/freeipa/issue/7125[#7125] (https://bugzilla.redhat.com/show_bug.cgi?id=1480102[rhbz#1480102]) ipa-server-upgrade failes with "This entry already exists" * https://pagure.io/freeipa/issue/8204[#8204] (https://bugzilla.redhat.com/show_bug.cgi?id=1810148[rhbz#1810148]) ipa-server-certinstall -> certmonger add_subject template-subject dbus 'unable to set arguments' a\{sv} * https://pagure.io/freeipa/issue/8248[#8248] httpd ccaches created during server upgrade aren't cleaned up on uninstall/install * https://pagure.io/freeipa/issue/8275[#8275] (https://bugzilla.redhat.com/show_bug.cgi?id=1880628[rhbz#1880628]) Support systemd-resolved * https://pagure.io/freeipa/issue/8344[#8344] Nightly test failure in test_smb.py::TestSMB::test_smb_service_s4u2self * https://pagure.io/freeipa/issue/8383[#8383] Test with dnspython 2.0 * https://pagure.io/freeipa/issue/8404[#8404] Detect and fail if not enough memory is available for installation * https://pagure.io/freeipa/issue/8443[#8443] ipa delegation-add can add permissions and attributes several times * https://pagure.io/freeipa/issue/8446[#8446] ipa dnszone-add ignores --name-from-ip option if name is given * https://pagure.io/freeipa/issue/8458[#8458] auto-upgrade will never happen for existing installations * https://pagure.io/freeipa/issue/8468[#8468] [pylint] new warnings on dev branch * https://pagure.io/freeipa/issue/8472[#8472] [tracker] Nightly test failure in test_ipahealthcheck.py::TestIpaHealthCheckWithExternalCA * https://pagure.io/freeipa/issue/8473[#8473] Nightly test failure in all webui tests: Invalid or corrupt jarfile /opt/selenium.jar * https://pagure.io/freeipa/issue/8474[#8474] Mozilla's NSS without DBM * https://pagure.io/freeipa/issue/8475[#8475] Azure: tox task and virtualenv 20+ * https://pagure.io/freeipa/issue/8481[#8481] Nightly test failure in rawhide in tasks.configure_dns_for_trust * https://pagure.io/freeipa/issue/8488[#8488] (https://bugzilla.redhat.com/show_bug.cgi?id=1868432[rhbz#1868432]) SELinux blocks custodia key replication / retrieval for sub-CAs * https://pagure.io/freeipa/issue/8490[#8490] (https://bugzilla.redhat.com/show_bug.cgi?id=1875001[rhbz#1875001]) It is not possible to edit KDC database when the FreeIPA server is running * https://pagure.io/freeipa/issue/8491[#8491] Unindexed searches in FreeIPA git master * https://pagure.io/freeipa/issue/8494[#8494] Azure Pipelines are broken due to docker compose tool upgrade * https://pagure.io/freeipa/issue/8503[#8503] (https://bugzilla.redhat.com/show_bug.cgi?id=1879604[rhbz#1879604]) pkispawn logs files are empty * https://pagure.io/freeipa/issue/8505[#8505] Nightly failure (fedora31) in test_integration/test_smb.py::TestSMB::test_smb_service_s4u2self * https://pagure.io/freeipa/issue/8507[#8507] [WebUI] Backport jQuery patches from newer versions of the library (e.g. 3.5.0) * https://pagure.io/freeipa/issue/8511[#8511] The selinux subpackage does not have a requirement to match the server install * https://pagure.io/freeipa/issue/8512[#8512] Import of psutil can trigger SELinux violation * https://pagure.io/freeipa/issue/8513[#8513] (https://bugzilla.redhat.com/show_bug.cgi?id=1868432[rhbz#1868432]) SELinux module fails to load: Re-declaration of type node_t * https://pagure.io/freeipa/issue/8515[#8515] (https://bugzilla.redhat.com/show_bug.cgi?id=1882340[rhbz#1882340]) nsslapd-db-locks patching no longer works == Detailed changelog since 4.8.9 Detailed changelog is available at https://www.freeipa.org/page/Releases/4.8.10 -- / Alexander Bokovoy Sr. Principal Software Engineer Security / Identity Management Engineering Red Hat Limited, Finland _______________________________________________ Freeipa-interest mailing list [email protected] https://www.redhat.com/mailman/listinfo/freeipa-interest
