The FreeIPA team would like to announce FreeIPA 4.9.2 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora distributions will be available from the official repository soon.
Bug fixes#
FreeIPA 4.9.2 is a stabilization release for the features delivered as a part of 4.9 version series.
There are more than 20 bug-fixes since FreeIPA 4.9.1 release. Details of the bug-fixes can be seen in the list of resolved tickets below.
Upgrading#
Upgrade instructions are available on Upgrade page.
Feedback#
Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/) or #freeipa channel on Freenode.
Resolved tickets#
#6739 Cannot login to replica’s WebUI
#8404 Detect and fail if not enough memory is available for installation
#8452 update samba configuration on IPA master to explicitly use ‘server role’ setting
#8506 Nightly failure in ipa-server-install –uninstall: org.freedesktop.DBus.Error.NoReply
#8533 Nightly failure in ipa-replica-install configuring renewals: DBusException: org.freedesktop.DBus.Error.NoReply
#8550 (rhbz#1902173) Uninstallation of server with KRA diplays error but proceeds successfully (unable to access security domain)
#8554 (rhbz#1891056) ipa-kdb: support subordinate/superior UPN suffixes
#8588 The ‘ipactl status’ command exit code does not fail on a partial error
#8630 (rhbz#1909876) Do not resolve user/group UID/GID in the service constructors
#8636 (rhbz#1923900) Samba on IdM member failure
#8647 (rhbz#1912556) Incorrect DNSKEY created when DNSSEC enabled for zone
#8658 (rhbz#1924501) Value stored to ‘krberr’ is never read in ipa-rmkeytab.c
#8669 Reduce difference between upstream and downstream releases
#8675 Update failed: NSS is built without support of the legacy database(DBM)
#8683 [ipatests] `test_ipa_dns_systemrecords_check` and `test_ipa_healthcheck_no_errors` fail in Azure Pipelines
#8685 KDC cert has no SAN DNSname
#8686 (rhbz#1922955) Resubmitting KDC cert fails with internal server error
#8689 Add centos platform module
#8690 Add a tool to control interactive programs on remote hosts in IPA tests
#8699 (rhbz#1926699) avc denial for gpg-agent with systemd-run
#8704 (rhbz#1926910) ipa cert-remove-hold returns an incorrect error message
#8712 Support new baseURL config option for ACME
Detailed changelog since 4.9.1#
Alexander Bokovoy (14)#
Back to git commits commit
Become IPA 4.9.2 commit
po: refresh translations to remove outdated strings commit
po: update translations template commit
test_installutils: run gpg-agent under a specific SELinux context commit #8699
Force-update translation after FreeIPA to IPA change: po/fr.po commit
Force-update translation after FreeIPA to IPA change: po/es.po commit
Force-update translation po/id.po commit
Force-update translation po/fr.po commit
Force-update translation po/es.po commit
Force-update translation po/de.po commit
client: synchronize ignored return codes with ipa-rmkeytab commit #8658
ipa-sam: return NetBIOS domain name instead of DNS one commit #8636
Back to git commits commit
Antonio Torres (4)#
Christian Heimes (4)#
Florence Blanc-Renaud (8)#
cert plugin: propagate the error for non-existent cert commit #8704
ipatests: ipactl status now exits with 3 when a service is stopped commit #8588
ipatests: fix ipahealthcheck fixture _modify_permission commit
OpenDNSSEC: fix timezone in key creation date commit
ipatests: add a test for ZSK/KSK keytype in DNSKEY record commit #8647
Mohammad Rizwan (1)#
Rob Crittenden (20)#
Remove the option stop_certmonger from stop_tracking_* commit #8506, #8533
Add some logging around initial ACME deployment commit #8712
Add versions to the ACME config templates and update on upgrade commit #8712
Set the ACME baseURL in order to pin a client to a single IPA server commit #8712
Force-update translation after FreeIPA to IPA change: po/ipa.pot commit
Change FreeIPA references to IPA and Identity Management commit #8669
ipatests: Handle non-zero return code in test_ipactl_scenario_check commit #8550
Ensure IPA is running (ideally) before uninstalling the KRA commit #8550
ipactl: support script status 3, program is not running commit #8588
Use the new API introduced in PKI 10.8 commit
Change CA profile migration message from info to debug commit
Provide more detailed logging around memory detection commit #8404
ipatests: Update NSSDatabase DBM test on non-DBM-capable installs commit #8675
Ignore database errors when trying to extract ipaCert on upgrade commit #8675
Report the NSS database directory if it cannot be opened commit #8675
Stanislav Levin (3)#
Sergey Orlov (5)#
Thorsten Scherf (1)#
man: fix ipa-client-samba.1 typos commit