Jump to: navigation, search


Release date Released 2017-03-23

The FreeIPA team would like to announce FreeIPA 4.4.4 release!

It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 24 will be available in the official COPR repository.

Highlights in 4.4.4


Known Issues

Bug fixes

FreeIPA 4.4.4 is a stabilization release for the features delivered as a part of 4.4.0.


Upgrade instructions are available on Upgrade page.


Please provide comments, bugs and other feedback via the freeipa-users mailing list (http://www.redhat.com/mailman/listinfo/freeipa-users) or #freeipa channel on Freenode.

Resolved tickets

  • #6776 krb5 1.15 broke DAL principal free
  • #6738 Ipa-kra-install fails with weird output when backspace is used during typing Directory Manager password
  • #6713 ipa: Insufficient permission check for ca-del, ca-disable and ca-enable commands (CVE-2017-2590)
  • #6647 batch param compatibility is incorrect
  • #6608 IPA server installation should check if IPv6 stack is enabled
  • #6600 Legacy client tests doesn't have tree domain role.
  • #6588 replication race condition prevents IPA to install
  • #6575 ipa-replica-install fails on requesting DS cert when master is not configured with IPv6
  • #6070 ipa-replica-install fails to install when resolv.conf incomplete entries

Detailed changelog since 4.4.3

Alexander Bokovoy (1)

David Kupka (1)

  • ipapython.ipautil.nolog_replace: Do not replace empty value commit #6738

Florence Blanc-Renaud (1)

  • Do not configure PKI ajp redirection to use "::1" commit #6575

Fraser Tweedale (2)

  • ca: correctly authorise ca-del, ca-enable and ca-disable commit #6713
  • Set up DS TLS on replica in CA-less topology commit #6226

Ganna Kaihorodova (1)

  • Tests: Add tree root domain role in legacy client tests commit #6600

Jan Cholasta (1)

  • compat: fix `Any` params in `batch` and `dnsrecord` commit #6647

Martin Basti (7)

  • Become IPA 4.4.4 commit
  • Update Contributors.txt commit
  • FreeIPA 4.4.4 translations commit
  • Bump python-dns to improve processing of non-complete resolv.conf commit #6070
  • Use proper logging for error messages commit
  • Wait until HTTPS principal entry is replicated to replica commit #6588
  • wait_for_entry: use only DN as parameter commit #6588

Stanislav Laznicka (2)

  • Add debug log in case cookie retrieval went wrong commit #6774
  • Fix cookie with Max-Age processing commit #6774

Tomas Krizek (1)

  • server install: require IPv6 stack to be enabled commit #6608

Thorsten Scherf (1)

  • added ssl verification using IPA trust anchor commit #6686