Jump to: navigation, search


Release date Released 2022-06-29

The FreeIPA team would like to announce FreeIPA 4.10.0 release!

It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora distributions will be available from the official repository soon.

Highlights in 4.10.0

  • 2016: [RFE] Support random serial numbers in IPA certificates
RSN can be enabled in new server installations.

  • 7404: Incorrect certs are being updated with "ipa-certupdate"
ipa-cacert-manage command now supports the "prune" subcommand, that allows to remove the expired CA certificates.

Bug fixes

FreeIPA 4.10.0 is a stabilization release for the features delivered as a part of 4.10 version series.

There are 7 bug-fixes since FreeIPA 4.9.10 release. Details of the bug-fixes can be seen in the list of resolved tickets below.


Upgrade instructions are available on Upgrade page.


Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/) or #freeipa channel on libera.chat.

Resolved tickets

  • #2016 [RFE] Support random serial numbers in IPA certificates
  • #2278 IPA needs better sudo option validation or better documentation
  • #7404 Incorrect certs are being updated with "ipa-certupdate"
  • #8544 After reboot: Replication bind with GSSAPI auth failed
  • #8684 [WebUI] test_hostgroup::test_names_and_button - timeout reached
  • #9035 Nightly failure (rawhide) in test_installation_client.py::TestInstallClient
  • #9105 Review usage of quiet flag in ipa-join

Detailed changelog since 4.9.10

Rob Crittenden (9)

  • Fix test_secure_ajp_connector.py failing with Python 3.6.8 commit
  • Add tests for Random Serial Number v3 support commit #2016
  • Add support for Random Serial Numbers v3 commit #2016
  • Add a new parameter type, SerialNumber, as a subclass of Str commit #2016
  • doc/designs: add Random Serial Numbers v3 support commit #2016
  • Design for IPA-to-IPA migration commit
  • Re-work the quiet option in ipa-join to not suppress errors commit #9105
  • Improve sudooption docs, make the option multi-value commit #2278
  • Design doc to allow LDAP bind using the RADIUS auth type commit

Matthew Davis (1)

  • Add missing parameter to Suse modify_nsswitch_pam_stack commit

Anuja More (3)

  • ipatests: Fix install_master for test_idp.py commit
  • Add end to end integration tests for external IdP commit
  • ipatests: update prci definitions for test_idp.py commit

Timo Aaltonen (2)

  • ipaplatform/debian: Drop the path for ldap.so commit
  • ipaplatform/debian: Use multiarch path for libsofthsm2.so commit

Michal Polovka (5)

  • ipatests: Healthcheck use subject base from IPA not REALM commit
  • ipatests: Increase expect timeout for interactive mode commit
  • ipatests: Healthcheck should ignore pki errors when CA is not configured commit
  • test_webui: test_hostgroup: Wait for modal dialog to appear commit #8684
  • WebUI: Test if links are opened in new tab correctly commit

Florence Blanc-Renaud (9)

  • xmlrpc tests: updated expected output for preserved user commit
  • Preserve user: fix the confusing summary commit
  • ipatests: update packages in rawhide test test_installation_client.py commit #9035
  • ipatests: revert wrong commit on gating definition commit
  • Design: Integrate SID configuration into base IPA installers commit
  • Doc: add a design template commit
  • ipatests: add test_acme.py in nightly previous commit
  • ipatests: fix incomplete nightly def in nightly_previous commit
  • ipatests: fix discrepancies in nightly defs commit

Armando Neto (8)

  • ipatests: update prci template commit
  • ipatests: update definitions for custom COPR nightlies commit
  • ipatests: bump PR-CI rawhide template commit
  • ipatests: bump rawhide template for PR-CI commit
  • ipatests: Bump PR-CI rawhide template commit
  • ipatests: Bump PR-CI Rawhide template commit
  • ipatests: Update gating to Fedora 33 commit
  • ipatests: update PR-CI templates to Fedora 33 commit

Alexander Bokovoy (3)

  • Fix use of comparison functions to avoid GCC bug 95189 commit
  • doc/designs: fix formatting in LDAPI autobind design commit
  • Contributors: add new contributors to the list commit

Mohammad Rizwan (1)

  • ipatest: Test ipa-cert-fix fails when startup directive is missing from CS.cfg commit

Christian Heimes (2)

François Cami (1)

  • ipatests: fix nightly_latest_testing_selinux template commit

Antonio Torres (2)

Peter Keresztes Schmidt (3)

  • configure: Do not set -Wno-strict-aliasing -Wno-sign-compare commit
  • build: Unify compiler warning flags used commit
  • configure: Fix source tree detection to enable more warnings commit