The FreeIPA team would like to announce FreeIPA 4.3.3 release!
It can be downloaded from http://www.freeipa.org/page/Downloads.
Please note that this is the last upstream release of FreeIPA 4.3.x branch.
Highlights in 4.3.3#
Enhancements#
Known Issues#
Bug fixes#
FreeIPA 4.3.3 is a stabilization release for the features delivered as a part of 4.3.0. There are more than 20 bug-fixes which details can be seen in the list of resolved tickets below.
Upgrading#
Upgrade instructions are available on Upgrade page.
Feedback#
Please provide comments, bugs and other feedback via the freeipa-users mailing list (http://www.redhat.com/mailman/listinfo/freeipa-users) or #freeipa channel on Freenode.
Resolved tickets#
#6774 FreeIPA client <= 4.4 fail to parse 4.5 cookies
#6561 CVE-2016-7030 freeipa: ipa: DoS attack against kerberized services by abusing password policy
#6560 CVE-2016-9575 freeipa: ipa: Insufficient permission check in certprofile-mod
#6485 Document make_delete_command method in UserTracker
#6378 Tests: Fix failing sudo test
#6317 backport #6213 Incorrect test for DNSForwardPolicyConflictWithEmptyZone warning in test_xmlrpc/test_dns_plugin
#6316 backport #6199 Received ACIError instead of DuplicatedError in stageuser_tests
#6311 Fix or remove the `LDAPUpdate.update_from_dict` method
#6287 Refer to nodes in TestWrongClientDomain replica promotion tests as replicas
#6284 Tests: avoid skipping tests because of missing files when running as outoftree
#6278 Use OAEP padding with custodia (to avoid CVE-2016-6298)
#6262 Fix integration sudo tests setup and checks
#6254 kinit_admin raises an exception if server uninstallation is called from test teardown with server not installed
#6244 build: add python-libsss_nss_idmap and python-sss to BuildRequires
#6205 The ipa-server-upgrade command failed when named-pkcs11 does not happen to run during dnf upgrade
#6177 ca-less test are broken - invalid usage of ipautil.run
#6167 Incorrect domainlevel info in tests
#6166 Subsequent external CA installation fails
#6147 Failing automember tests due to manager output normalization
#6134 Command “ipa-replica-prepare” not allowed to create line replication topology
#6120 ipa-adtrust-install: when running with –netbios-name=””, the NetBIOS name is changed without notification
#6076 Mulitple domain Active Directory Trust conflict
#6056 custodia.conf and server.keys file is world-readable.
#6016 ipa-ca-install on replica tries to connect to master:8443
#5696 Add conflicts with bind-chroot to spec.
Detailed changelog since 4.3.2#
Alexander Bokovoy (5)#
Christian Heimes (3)#
David Kupka (1)#
Fraser Tweedale (2)#
Ganna Kaihorodova (1)#
Fix for integration tests replication layouts commit
Jan Cholasta (2)#
Lenka Doudova (7)#
Document make_delete_command method in UserTracker commit #6485
Tests: Fix integration sudo tests setup and checks commit #6262
Tests: Avoid skipping tests due to missing files commit #6284
Raise error when running ipa-adtrust-install with empty netbios–name commit #6120
Tests: Remove DNS configuration from trust tests commit