Ctrl+K

Highlights in 4.4.4

The FreeIPA team would like to announce FreeIPA 4.4.4 release!

It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 24 will be available in the official COPR repository.

Highlights in 4.4.4#

Enhancements#

Known Issues#

Bug fixes#

FreeIPA 4.4.4 is a stabilization release for the features delivered as a part of 4.4.0.

Upgrading#

Upgrade instructions are available on Upgrade page.

Feedback#

Please provide comments, bugs and other feedback via the freeipa-users mailing list (http://www.redhat.com/mailman/listinfo/freeipa-users) or #freeipa channel on Freenode.

Resolved tickets#

  • #6776 krb5 1.15 broke DAL principal free

  • #6738 Ipa-kra-install fails with weird output when backspace is used during typing Directory Manager password

  • #6713 ipa: Insufficient permission check for ca-del, ca-disable and ca-enable commands (CVE-2017-2590)

  • #6647 batch param compatibility is incorrect

  • #6608 IPA server installation should check if IPv6 stack is enabled

  • #6600 Legacy client tests doesn’t have tree domain role.

  • #6588 replication race condition prevents IPA to install

  • #6575 ipa-replica-install fails on requesting DS cert when master is not configured with IPv6

  • #6070 ipa-replica-install fails to install when resolv.conf incomplete entries

Detailed changelog since 4.4.3#

Alexander Bokovoy (1)#

David Kupka (1)#

  • ipapython.ipautil.nolog_replace: Do not replace empty value commit #6738

Florence Blanc-Renaud (1)#

  • Do not configure PKI ajp redirection to use “::1” commit #6575

Fraser Tweedale (2)#

  • ca: correctly authorise ca-del, ca-enable and ca-disable commit #6713

  • Set up DS TLS on replica in CA-less topology commit #6226

Ganna Kaihorodova (1)#

  • Tests: Add tree root domain role in legacy client tests commit #6600

Jan Cholasta (1)#

  • compat: fix `Any` params in `batch` and `dnsrecord` commit #6647

Martin Basti (7)#

  • Become IPA 4.4.4 commit

  • Update Contributors.txt commit

  • FreeIPA 4.4.4 translations commit

  • Bump python-dns to improve processing of non-complete resolv.conf commit #6070

  • Use proper logging for error messages commit

  • Wait until HTTPS principal entry is replicated to replica commit #6588

  • wait_for_entry: use only DN as parameter commit #6588

Stanislav Laznicka (2)#

  • Add debug log in case cookie retrieval went wrong commit #6774

  • Fix cookie with Max-Age processing commit #6774

Tomas Krizek (1)#

  • server install: require IPv6 stack to be enabled commit #6608

Thorsten Scherf (1)#

  • added ssl verification using IPA trust anchor commit #6686

Contents