The FreeIPA team would like to announce FreeIPA 4.8.10 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora distributions will be available from the official repository soon.
Highlights in 4.8.10#
8275: Support systemd-resolved
FreeIPA DNS servers now detect systemd-resolved and configure it to pass through itself.
8404: Detect and fail if not enough memory is available for installation
FreeIPA server now requires at least 1.2 GiB RAM for installation to prevent performance degradation.
8488: SELinux blocks custodia key replication / retrieval for sub-CAs
SELinux: Make sure ipa_custodia_t has the necessary rights ; add dedicated policy rules for ipa-pki-retrieve-key.
8490: It is not possible to edit KDC database when the FreeIPA server is running
kadmin.local command ‘getprincs’ is now supported
8503: pkispawn logs files are empty
On recent versions of Dogtag PKI, pkispawn does not create logs by default, making debugging failed IPA installs impossible. Invoke pkispawn with –debug to revert to the previous behavior.
8507: [WebUI] Backport jQuery patches from newer versions of the library (e.g. 3.5.0)
Support reproducible builds for jQuery library
FreeIPA 4.8.10 is a stabilization release for the features delivered as a part of 4.8.10 version series.
There are more than 20 bug-fixes details of which can be seen in the list of resolved tickets below.
Upgrade instructions are available on Upgrade page.
Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://firstname.lastname@example.org/) or #freeipa channel on Freenode.
#8248 httpd ccaches created during server upgrade aren’t cleaned up on uninstall/install
#8344 Nightly test failure in test_smb.py::TestSMB::test_smb_service_s4u2self
#8383 Test with dnspython 2.0
#8404 Detect and fail if not enough memory is available for installation
#8443 ipa delegation-add can add permissions and attributes several times
#8446 ipa dnszone-add ignores –name-from-ip option if name is given
#8458 auto-upgrade will never happen for existing installations
#8468 [pylint] new warnings on dev branch
#8472 [tracker] Nightly test failure in test_ipahealthcheck.py::TestIpaHealthCheckWithExternalCA
#8473 Nightly test failure in all webui tests: Invalid or corrupt jarfile /opt/selenium.jar
#8474 Mozilla’s NSS without DBM
#8475 Azure: tox task and virtualenv 20+
#8481 Nightly test failure in rawhide in tasks.configure_dns_for_trust
#8491 Unindexed searches in FreeIPA git master
#8494 Azure Pipelines are broken due to docker compose tool upgrade
#8505 Nightly failure (fedora31) in test_integration/test_smb.py::TestSMB::test_smb_service_s4u2self
#8507 [WebUI] Backport jQuery patches from newer versions of the library (e.g. 3.5.0)
#8511 The selinux subpackage does not have a requirement to match the server install
#8512 Import of psutil can trigger SELinux violation
Detailed changelog since 4.8.9#
Armando Neto (3)#
Alexander Bokovoy (6)#
Become IPA 4.8.10 commit
Return to git snapshots commit
Christian Heimes (11)#
Create systemd-resolved configuration on update commit
Make git a build requirement commit
François Cami (12)#
Florence Blanc-Renaud (4)#
Mohammad Rizwan (3)#
Rob Crittenden (19)#
Stanislav Levin (13)#
dns: Make use of `resolve_address` of a current resolver instead of the global one commit
Azure: Increase verbosity for Tox task commit
deps: Require `nss-tools` for make’s fasttest target commit
Azure: base: Collect both install and uninstall logs commit
Azure: Drop dependency on UsePythonVersion task commit
Azure: Add Rawhide definitions commit
Sergey Orlov (2)#
Sumedh Sidhaye (1)#
Serhii Tsymbaliuk (1)#
Sudhir Menon (1)#
ipatests: Install healthcheck pkg for TestIpaHealthCheckWithADtrust commit