The FreeIPA team would like to announce FreeIPA 4.8.4 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora 30 and 31 will be available in the official repositories.
Highlights in 4.8.4#
FreeIPA 4.8.4 uses system-provided crypto policy on Fedora and RHEL-based distributions. It enables TLS 1.3 support in its HTTPS end-points.
A support to manage list of group managers has been added to both IPA CLI and Web UI. A group now can have a list of group managers who are allowed to add and remove group members. This allows for a more complex per-group permission granting.
Enhancements#
Known Issues#
Bug fixes#
FreeIPA 4.8.4 is a stabilization release for the features delivered as a part of 4.8.0 series.
There are more than 20 bug-fixes details of which can be seen in the list of resolved tickets below.
Upgrading#
Upgrade instructions are available on Upgrade page.
Feedback#
Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/) or #freeipa channel on Freenode.
Resolved tickets#
#6951 Update samba config file and use sss idmap module
#7323 IPv6 hack for Travis CI
#7804 `ipa otptoken-sync` fails with stack trace
#7958 traceback in idview
#7985 test failure in test_dnssec.py::TestInstallDNSSECLast::()::test_disable_reenable_signing_replica::teardown
#8001 Need default authentication indicators for SPAKE, PKINIT and encrypted challenge preauth
#8082 Default client configuration breaks ssh in FIPS mode.
#8104 RFE: Disable Stale/Inactive Users - Upstream Design Document
#8118 Run smoke tests in FIPS mode
#8120 Invisible part of notification area in Web UI intercepts clicks of some page elements
#8122 group-add-member-manager does not report errors
#8123 [WebUI] Finish group membership management UI
#8125 Use default crypto policy for TLS and enable TLS 1.3 support
#8129 Tests: Replace paramiko with OpenSSH
#8131 covscan memory leaks report
#8133 check_client_configuration() no longer works with IPA_CONFDIR
#8134 ipa user-add is inefficient
#8137 reinstall failed in adding delegation layout
#8138 Man page ipa-cacert-manage does not display correctly on RHEL
#8142 check Not Before / Not After in externally signed CA sanity check
#8143 service.ldap_disable() does not remove “enabledService”
#8144 test_nfs.py: umount.nfs4: /home: device is busy
#8148 add “systemctl restart sssd” to warning message when adding trust agents to replicas
#8149 SIDs of AD domains do not display in ipa-client-samba installer
Detailed changelog since 4.8.2#
Armando Neto (1)#
Alexander Bokovoy (8)#
ipa-client-samba: map domain sid of trust domain properly for display commit #8149
DNS install check: allow overlapping zone to be from the master itself commit
covscan: free ucs2-encoded password copy when generating NTLM hash commit #8131
covscan: free encryption types in case there is an error commit #8131
Become FreeIPA 4.8.3 commit
Add Authentication Indicator Kerberos ticket policy options commit #8001
Do not run trust upgrade code if master lacks Samba bindings commit #8001
Anuja More (1)#
ipatests : Login via ssh using private-key for ipa-user should work. commit
Christian Heimes (18)#
Cédric Jeanneret (1)#
Update selinux-policy minimal requirement commit
François Cami (4)#
Florence Blanc-Renaud (7)#
MIZUTA Takeshi (1)#
Add config that maintains existing content to ipa-client-install manpage commit
Rob Crittenden (2)#
Sumit Bose (1)#
Sergey Orlov (1)#
Simo Sorce (1)#
Make sure to have storage space for tag commit
Serhii Tsymbaliuk (2)#
Timo Aaltonen (1)#
Debian: Fix font-awesome path. commit