The FreeIPA team would like to announce FreeIPA 4.9.0 release candidate 2!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora Rawhide will be available from the official repository soon.
We are not planning producing builds of release candidates for the Fedora 32/33 at this moment. Final FreeIPA 4.9.0 release might be produced for Fedora 33 depending on upgrade test results.
Highlights in 4.9.0 release candidate 2#
Bug fixes#
FreeIPA 4.9.0 release candidate 2 is a stabilization release for the features delivered as a part of 4.9 version series.
There are more than 10 bug-fixes since FreeIPA 4.9.0 release candidate 1. Details of the bug-fixes can be seen in the list of resolved tickets below.
Upgrading#
Upgrade instructions are available on Upgrade page.
Feedback#
Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/) or #freeipa channel on Freenode.
Resolved tickets#
#3299 [RFE] Switch the client to JSON RPC
#7534 (rhbz#1569011) Investigate failures to restore 389-ds attriubtes on upgrade failure
#7676 (rhbz#1544379) ipa-client-install changes system wide ssh configuration
#7975 Accept 389-ds JSON replication status messages
#8424 Add ipa.p11-kit to ipa-client-install man page files list
#8514 (rhbz#1885126) Nightly failure (enforcing mode) in test_acme.py::TestACME::test_mod_md
#8524 (rhbz#1851835) Deploy & manage the ACME service topology wide from a single system
#8531 RFE: Use host keytab to obtain ticket for ipa-certupdate
#8545 (rhbz#1869605) KRA Transport and Storage Certificates do not renew
#8554 (rhbz#1891056) ipa-kdb: support subordinate/superior UPN suffixes
#8581 Nightly test failure in test_acme.py::TestACME::test_third_party_certs (updates-testing)
#8587 client-only build fails due to unconditional use of pwquality features
#8589 (rhbz#1812871) Intermittent IdM Client Registration Failures
#8590 Nightly test failure in test_integration/test_krbtpolicy.py::TestPWPolicy::test_krbtpolicy_default::setup
#8595 Allow ipa-ca as a name for an IPA server
#8597 (rhbz#1901068) Traceback while doing ipa-backup
#8601 Nightly test failure in test_trust.py::TestTrust::test_subordinate_suffix
#8603 (rhbz#1902727) ipa-acme-manage enable fails after upgrade
Detailed changelog since 4.9.0rc1#
Armando Neto (1)#
ipatests: Bump PR-CI templates commit
Alexander Bokovoy (5)#
Antonio Torres Moríñigo (1)#
Florence Blanc-Renaud (2)#
Mark Reynolds (1)#
Mohammad Rizwan (1)#
Rob Crittenden (25)#
Skip the ACME mod_md test when the client is in enforcing mode commit #8514
ipatests: test that stale caches are removed using the sweeper commit #8589
Convert reset_to_default_policy into a pytest fixture commit #8589
VERSION: back to git snapshots commit
ipatests: Test that ipa-ca.$domain can retrieve CRLs without redirect commit #8595
Allow Apache to answer to ipa-ca requests without a redirect commit #8595
Move where the restore state is marked during IPA server upgrade commit #7534
Reorder when ACME is enabled to fix failure on upgrade commit #8603
Remove test for minimum ACME support and rely on package deps commit
Require PKI 10.10+ for KRA profile and ACME support commit #8524, #8545
Test that the KRA profiles can renewal its three certificates commit #8545
Change KRA profiles in certmonger tracking so they can renew commit #8545
ipatests: Increase timeout for ACME in gating.yaml commit #8581
ipatests: honor class inheritance in TestACMEwithExternalCA commit #8581
ipatests: configure MDStoreDir for mod_md ACME test commit #8581
ipatests: Clean up existing ACME registration and certs commit #8581
ipatests: Configure a replica in TestACMEwithExternalCA commit #8581
ipatests: call the CALess install method to generate the CA commit #8581
ipatests: Test that Match ProxyCommand masks on no shell exec commit #7676
Create IPA ssh client configuration and move ProxyCommand commit #7676
ipatests: Test that ipa-certupdate can run without credentials commit #8531
Use host keytab to obtain credentials needed for ipa-certupdate commit #8531