FreeIPA 4.13.1

FreeIPA 4.13.1#

The FreeIPA team would like to announce FreeIPA 4.13.1 release!

It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora distributions will be available from the official repository soon.

Highlights in 4.13.1#

  • 9839: [RFE] Allow ipa-certupdate to force specific server to get updates from

    ipa-certupdate now provides the option –force-server SERVER.FQDN that can be used for disaster recovery or situation with replication issues, when only one server is fixed/working and is a source of truth about CA certs for all the other replicas and clients.

  • 9895: Memory leaks in IPA plugins

    Multiple memory leaks have been fixed across various IPA plugins.

Enhancements#

Known Issues#

Bug fixes#

FreeIPA 4.13.1 is a stabilization release for the features delivered as a part of 4.13 version series.

There are more than 10 bug-fixes since FreeIPA 4.13.0 release. Details of the bug-fixes can be seen in the list of resolved tickets below.

Upgrading#

Upgrade instructions are available on Upgrade page.

Feedback#

Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/) or #freeipa channel on libera.chat.

Resolved tickets#

  • #9839 [RFE] Allow ipa-certupdate to force specific server to get updates from

  • #9842 Add ability to configure external password reset agents with ipa_pwd_extop

  • #9876 Incorrect exception type in remove_edge()

  • #9884 test_integration/test_ipa_ipa_migration.py::TestIPAMigrationProdMode fails in local setup

  • #9891 Incorrect error type when user logs in multiple times with wrong password

  • #9892 After upgrade from 9.7 to 9.8 ipactl restart fails to restart winbind service

  • #9895 Memory leaks in IPA plugins

  • #9902 Nightly test failure in test_installation.py::TestInstallWithCA_DNS4::test_number_of_zones

  • #9910 Test failure in TestIPAMigratewithBackupRestore::test_ipa_migrate_stage_mode

  • #9913 Upgrade from RHEL 9.4 to 9.6+ breaks ipa-dnskeysyncd

  • #9914 AddressSanitizer: SEGV ipa-pwd-extop/common.c:584 in ipapwd_gen_checks

  • #9915 Support replaceable artwork for modern-ui

Detailed changelog since 4.13.0#

MOHAMMAD SAMI (1)#

  • Fix incorrect error handling in ipapython/graph.py commit #9876

Anuja More (2)#

  • ipatests: sysaccounts: add missing integration/webui/xmlrpc tests commit #9842

  • sysaccount_mod: Use object.__setattr__ to set allow_empty_update in exception handler commit

Antonio Torres (1)#

  • Back to git snapshots commit

Aleksandr Sharov (1)#

  • Adding option –force-server to specify a server to ipa-certupdate tool. commit #9839

Carla Martinez (1)#

David Hanina (2)#

Florence Blanc-Renaud (6)#

  • ipa-migrate: avoid KeyError before attributes are normalized commit #9910

  • Upgrade: use openssl_engine on rhel9 commit #9913

  • ipatests: do not allow zone overlap for TestInstallWithCA_DNS4 commit #9902

  • ipatest: add an integration test for samba upgrade commit #9892

  • Trust: fix tdo with WITH_FOREST commit #9892

  • Nightly test definitions: configure 4.13 branch commit

Mohammad Rizwan (1)#

  • ipatests: allow dns zone overlap where dns is handled externaly commit

PRANAV THUBE (2)#

  • ipatests: Refactor and port hbac functional tests. commit

  • Extended eDNS testsuite with Enforced DNS policy testcases. commit

Rob Crittenden (2)#

  • ipa-pwd-extop: Don’t manipulate the config if not retrieved commit #9914

  • ipatests: Add the remote IP before running ipa-migrate commit #9884

Viktor Ashirov (17)#

  • ipa-pwd-extop: fix valueset memory leak in `ipapwd_get_cur_kvno()` commit #9895

  • ipa-pwd-extop: fix memory leaks in `ipapwd_gen_hashes()` error path commit #9895

  • ipa-pwd-extop: fix password history values memory leak commit #9895

  • ipa-pwd-extop: fix NT hash string memory leak commit #9895

  • ipa-pwd-extop: fix bind DN memory leaks in pre-op handlers commit #9895

  • ipa-pwd-extop: fix memory leaks in `ipapwd_pre_add()` commit #9895

  • ipa-pwd-extop: fix memory leaks of bind DN commit #9895

  • ipa-pwd-extop: fix memory leaks commit #9895

  • ipa-pwd-extop: free krbcfg in all exit paths commit #9895

  • topology: fix memory leaks commit #9895

  • ipa-enrollment: fix memory leaks commit #9895

  • ipa-extdom-extop: fix memory leaks commit #9895

  • ipa-range-check: fix memory leak commit #9895

  • ipa-sidgen: fix memory leaks commit #9895

  • ipa-pwd-extop: fix memory leaks commit #9895

  • ipa-lockout: fix memory leaks commit #9895

  • ipa-graceperiod: fix memory leaks commit #9895

Contents