Jump to: navigation, search


Release date Released 2013-02-13

The FreeIPA team is proud to announce version FreeIPA v2.2.2

This release contains Security Updates.

It can be downloaded from http://www.freeipa.org/page/Downloads.


This release contains a Security Advisory:

The FreeIPA Team would like to thank the Red Hat Security Response Team and in particular Vincent Danen for the invaluable assistance provided for the assessment and resolution of these issues. For CVE-2012-5484 we would like to thank Petr Menšík for reporting the issue.


Please consult each CVE announcement for related Upgrading instructions.

An IPA server can be upgraded simply by installing updated rpms. The server does not need to be shut down in advance.

If you have multiple servers you may upgrade them one at a time. It is expected that all servers will be upgraded in a relatively short period (days or weeks not months). They should be able to co-exist peacefully but new features will not be available on old servers and enrolling a new client against an old server will result in the SSH keys not being uploaded.

Downgrading a server once upgraded is not supported.


Please provide comments, bugs and other feedback via the freeipa-devel mailing list: http://www.redhat.com/mailman/listinfo/freeipa-devel

Detailed Changelog since 2.2.1

Alexander Bokovoy (1):

  • Update plugin to upload CA certificate to LDAP

Jan Cholasta (1):

  • Pylint cleanup

John Dennis (1):

  • Use secure method to acquire IPA CA certificate

Martin Kosek (3):

  • Run index task for new indexes
  • Filter suffix in replication management tools
  • Become IPA 2.2.2

Rob Crittenden (1):

  • Do SSL CA verification and hostname validation.

Simo Sorce (1):

  • Upload CA cert in the directory on install