Releases/4.10.0

The FreeIPA team would like to announce FreeIPA 4.10.0 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora distributions will be available from the official repository soon.
Contents
- 1 Highlights in 4.10.0
- 2 Upgrading
- 3 Feedback
- 4 Resolved tickets
- 5 Detailed changelog since 4.9.10
- 5.1 Rob Crittenden (9)
- 5.2 Matthew Davis (1)
- 5.3 Anuja More (3)
- 5.4 Timo Aaltonen (2)
- 5.5 Michal Polovka (5)
- 5.6 Florence Blanc-Renaud (9)
- 5.7 Armando Neto (8)
- 5.8 Alexander Bokovoy (3)
- 5.9 Mohammad Rizwan (1)
- 5.10 Christian Heimes (2)
- 5.11 François Cami (1)
- 5.12 Antonio Torres (2)
- 5.13 Peter Keresztes Schmidt (3)
Highlights in 4.10.0
- 2016: [RFE] Support random serial numbers in IPA certificates
- RSN can be enabled in new server installations.
- 7404: Incorrect certs are being updated with "ipa-certupdate"
- ipa-cacert-manage command now supports the "prune" subcommand, that allows to remove the expired CA certificates.
Bug fixes
FreeIPA 4.10.0 is a stabilization release for the features delivered as a part of 4.10 version series.
There are 7 bug-fixes since FreeIPA 4.9.10 release. Details of the bug-fixes can be seen in the list of resolved tickets below.
Upgrading
Upgrade instructions are available on Upgrade page.
Feedback
Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/) or #freeipa channel on libera.chat.
Resolved tickets
- #2016 [RFE] Support random serial numbers in IPA certificates
- #2278 IPA needs better sudo option validation or better documentation
- #7404 Incorrect certs are being updated with "ipa-certupdate"
- #8544 After reboot: Replication bind with GSSAPI auth failed
- #8684 [WebUI] test_hostgroup::test_names_and_button - timeout reached
- #9035 Nightly failure (rawhide) in test_installation_client.py::TestInstallClient
- #9105 Review usage of quiet flag in ipa-join
Detailed changelog since 4.9.10
Rob Crittenden (9)
- Fix test_secure_ajp_connector.py failing with Python 3.6.8 commit
- Add tests for Random Serial Number v3 support commit #2016
- Add support for Random Serial Numbers v3 commit #2016
- Add a new parameter type, SerialNumber, as a subclass of Str commit #2016
- doc/designs: add Random Serial Numbers v3 support commit #2016
- Design for IPA-to-IPA migration commit
- Re-work the quiet option in ipa-join to not suppress errors commit #9105
- Improve sudooption docs, make the option multi-value commit #2278
- Design doc to allow LDAP bind using the RADIUS auth type commit
Matthew Davis (1)
- Add missing parameter to Suse modify_nsswitch_pam_stack commit
Anuja More (3)
- ipatests: Fix install_master for test_idp.py commit
- Add end to end integration tests for external IdP commit
- ipatests: update prci definitions for test_idp.py commit
Timo Aaltonen (2)
- ipaplatform/debian: Drop the path for ldap.so commit
- ipaplatform/debian: Use multiarch path for libsofthsm2.so commit
Michal Polovka (5)
- ipatests: Healthcheck use subject base from IPA not REALM commit
- ipatests: Increase expect timeout for interactive mode commit
- ipatests: Healthcheck should ignore pki errors when CA is not configured commit
- test_webui: test_hostgroup: Wait for modal dialog to appear commit #8684
- WebUI: Test if links are opened in new tab correctly commit
Florence Blanc-Renaud (9)
- xmlrpc tests: updated expected output for preserved user commit
- Preserve user: fix the confusing summary commit
- ipatests: update packages in rawhide test test_installation_client.py commit #9035
- ipatests: revert wrong commit on gating definition commit
- Design: Integrate SID configuration into base IPA installers commit
- Doc: add a design template commit
- ipatests: add test_acme.py in nightly previous commit
- ipatests: fix incomplete nightly def in nightly_previous commit
- ipatests: fix discrepancies in nightly defs commit
Armando Neto (8)
- ipatests: update prci template commit
- ipatests: update definitions for custom COPR nightlies commit
- ipatests: bump PR-CI rawhide template commit
- ipatests: bump rawhide template for PR-CI commit
- ipatests: Bump PR-CI rawhide template commit
- ipatests: Bump PR-CI Rawhide template commit
- ipatests: Update gating to Fedora 33 commit
- ipatests: update PR-CI templates to Fedora 33 commit
Alexander Bokovoy (3)
- Fix use of comparison functions to avoid GCC bug 95189 commit
- doc/designs: fix formatting in LDAPI autobind design commit
- Contributors: add new contributors to the list commit
Mohammad Rizwan (1)
- ipatest: Test ipa-cert-fix fails when startup directive is missing from CS.cfg commit
Christian Heimes (2)
- Add design for LDAPI autobind commit #8544
- LDAP autobind authenticateAsDN for BIND named commit #8544
François Cami (1)
- ipatests: fix nightly_latest_testing_selinux template commit
Antonio Torres (2)
- ipatests: add test for ipa-cacert-manage prune commit #7404
- ipa-cacert-manage: add prune option commit #7404