Jump to: navigation, search


Revision as of 19:09, 15 February 2021 by Ab (talk | contribs) (Created page with " {{ReleaseDate|2021-02-15}} The FreeIPA team would like to announce FreeIPA 4.9.2 release! It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
Release date Released 2021-02-15

The FreeIPA team would like to announce FreeIPA 4.9.2 release!

It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora distributions will be available from the official repository soon.

Bug fixes

FreeIPA 4.9.2 is a stabilization release for the features delivered as a part of 4.9 version series.

There are more than 20 bug-fixes since FreeIPA 4.9.1 release. Details of the bug-fixes can be seen in the list of resolved tickets below.


Upgrade instructions are available on Upgrade page.


Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/) or #freeipa channel on Freenode.

Resolved tickets

  • #6739 Cannot login to replica's WebUI
  • #8404 Detect and fail if not enough memory is available for installation
  • #8452 update samba configuration on IPA master to explicitly use 'server role' setting
  • #8506 Nightly failure in ipa-server-install --uninstall: org.freedesktop.DBus.Error.NoReply
  • #8533 Nightly failure in ipa-replica-install configuring renewals: DBusException: org.freedesktop.DBus.Error.NoReply
  • #8550 (rhbz#1902173) Uninstallation of server with KRA diplays error but proceeds successfully (unable to access security domain)
  • #8554 (rhbz#1891056) ipa-kdb: support subordinate/superior UPN suffixes
  • #8588 The 'ipactl status' command exit code does not fail on a partial error
  • #8630 (rhbz#1909876) Do not resolve user/group UID/GID in the service constructors
  • #8636 (rhbz#1923900) Samba on IdM member failure
  • #8647 (rhbz#1912556) Incorrect DNSKEY created when DNSSEC enabled for zone
  • #8658 (rhbz#1924501) Value stored to 'krberr' is never read in ipa-rmkeytab.c
  • #8669 Reduce difference between upstream and downstream releases
  • #8675 Update failed: NSS is built without support of the legacy database(DBM)
  • #8683 [ipatests] `test_ipa_dns_systemrecords_check` and `test_ipa_healthcheck_no_errors` fail in Azure Pipelines
  • #8685 KDC cert has no SAN DNSname
  • #8686 (rhbz#1922955) Resubmitting KDC cert fails with internal server error
  • #8689 Add centos platform module
  • #8690 Add a tool to control interactive programs on remote hosts in IPA tests
  • #8699 (rhbz#1926699) avc denial for gpg-agent with systemd-run
  • #8704 (rhbz#1926910) ipa cert-remove-hold <invalid_cert_id> returns an incorrect error message
  • #8712 Support new baseURL config option for ACME

Detailed changelog since 4.9.1

Alexander Bokovoy (14)

  • Back to git commits commit
  • Become IPA 4.9.2 commit
  • po: refresh translations to remove outdated strings commit
  • po: update translations template commit
  • test_installutils: run gpg-agent under a specific SELinux context commit #8699
  • Force-update translation after FreeIPA to IPA change: po/fr.po commit
  • Force-update translation after FreeIPA to IPA change: po/es.po commit
  • Force-update translation po/id.po commit
  • Force-update translation po/fr.po commit
  • Force-update translation po/es.po commit
  • Force-update translation po/de.po commit
  • client: synchronize ignored return codes with ipa-rmkeytab commit #8658
  • ipa-sam: return NetBIOS domain name instead of DNS one commit #8636
  • Back to git commits commit

Antonio Torres (4)

  • ipatests: test addition of invalid sudo command commit
  • sudocmd: ensure command doesn't contain trailing dot before adding it commit
  • WebUI: change FreeIPA naming to IPA in About dialog commit #8669
  • Update samba configuration on IPA master to explicitly use 'server role' setting commit #8452

Christian Heimes (4)

Florence Blanc-Renaud (8)

  • ipatests: update expected error message commit #8704
  • xmlrpc tests: add a test for cert-remove-hold commit #8704
  • cert plugin: propagate the error for non-existent cert commit #8704
  • ipatests: ipactl status now exits with 3 when a service is stopped commit #8588
  • ipatests: fix ipahealthcheck fixture _modify_permission commit
  • OpenDNSSEC: fix timezone in key creation date commit
  • ipatests: add a test for ZSK/KSK keytype in DNSKEY record commit #8647
  • dnssec: fix the key type with OpenDNSSEC 2.1 commit #8647

Mohammad Rizwan (1)

  • ipatests: Test if server setup without dns uninstall properly commit #8630

Rob Crittenden (20)

  • Remove the option stop_certmonger from stop_tracking_* commit #8506, #8533
  • Add some logging around initial ACME deployment commit #8712
  • Add versions to the ACME config templates and update on upgrade commit #8712
  • Set the ACME baseURL in order to pin a client to a single IPA server commit #8712
  • Add RHEL 9 UI branding patch reference commit #8669
  • Force-update translation after FreeIPA to IPA change: po/ipa.pot commit
  • Remove references to rjsmin in UI compile.sh commit #8669
  • Remove support for csrgen commit #8669
  • Change FreeIPA references to IPA and Identity Management commit #8669
  • ipatests: Handle non-zero return code in test_ipactl_scenario_check commit #8550
  • Add exit status to the ipactl man page commit #8550
  • Ensure IPA is running (ideally) before uninstalling the KRA commit #8550
  • ipactl: support script status 3, program is not running commit #8588
  • Use the new API introduced in PKI 10.8 commit
  • Change CA profile migration message from info to debug commit
  • Only build the UI with uglifyjs on RHEL 8 commit #8669
  • Provide more detailed logging around memory detection commit #8404
  • ipatests: Update NSSDatabase DBM test on non-DBM-capable installs commit #8675
  • Ignore database errors when trying to extract ipaCert on upgrade commit #8675
  • Report the NSS database directory if it cannot be opened commit #8675

Stanislav Levin (3)

  • rpm-spec: Require crypto-policies-scripts commit
  • ipatests: Handle AAAA records in test_ipa_dns_systemrecords_check commit #8683
  • Azure: Populate containers with self-AAAA records commit #8683

Sergey Orlov (5)

  • ipatests: use pexpect to control inetractive session of ipa-adtrust-install commit #8690
  • ipatests: use pexpect to invoke ktutil commit #8690
  • ipatests: add a tests-oriented wrapper for pexpect module commit #8690
  • ipatests: rewrite test for requests routing to subordinate suffixes commit #8554
  • fix collecting log files which are symlinks commit

Thorsten Scherf (1)

  • man: fix ipa-client-samba.1 typos commit