The FreeIPA team is proud to announce version FreeIPA v2.2.2

This release contains Security Updates.

It can be downloaded from http://www.freeipa.org/page/Downloads.

Highlights

This release contains a Security Advisory:

• CVE-2012-5484: MITM Attack during Join process

The FreeIPA Team would like to thank the Red Hat Security Response Team and in particular Vincent Danen for the invaluable assistance provided for the assessment and resolution of these issues. For CVE-2012-5484 we would like to thank Petr Menšík for reporting the issue.

Upgrading

Please consult each CVE announcement for related Upgrading instructions.

An IPA server can be upgraded simply by installing updated rpms. The server does not need to be shut down in advance.

If you have multiple servers you may upgrade them one at a time. It is expected that all servers will be upgraded in a relatively short period (days or weeks not months). They should be able to co-exist peacefully but new features will not be available on old servers and enrolling a new client against an old server will result in the SSH keys not being uploaded.

Downgrading a server once upgraded is not supported.

Feedback

Please provide comments, bugs and other feedback via the freeipa-devel mailing list: http://www.redhat.com/mailman/listinfo/freeipa-devel

Detailed Changelog since 2.2.1

Alexander Bokovoy (1):

• Update plugin to upload CA certificate to LDAP

Jan Cholasta (1):

• Pylint cleanup

John Dennis (1):

• Use secure method to acquire IPA CA certificate

Martin Kosek (3):

• Run index task for new indexes

• Filter suffix in replication management tools

• Become IPA 2.2.2

Rob Crittenden (1):

• Do SSL CA verification and hostname validation.

Simo Sorce (1):

• Upload CA cert in the directory on install