FreeIPA 4.9.12#
The FreeIPA team would like to announce FreeIPA 4.9.12 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora distributions will be available from the official repository soon.
Highlights in 4.9.12#
9287: [RFE] makeapi should validate the generated API doc vs stored doc
Enhancements#
Known Issues#
9298: [Tracker] Nightly test failure (updates-testing) in test_acme.py::TestACME::test_certbot_certonly_standalone
With Certbot update to 2.0.0, Certbot defaults to ECDSA certificate private keys for all new certificates. PKI ACME cert profile supports only rsa private keys, meaning that the key type needs to be forced to rsa when requesting an ACME certificate, using certbot –key-type rsa […]
Bug fixes#
FreeIPA 4.9.12 is a stabilization release for the features delivered as a part of 4.9.0 version series.
There are more than 30 bug-fixes since FreeIPA 4.9.11 release. Details of the bug-fixes can be seen in the list of resolved tickets below.
Upgrading#
Upgrade instructions are available on Upgrade page.
Feedback#
Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/) or #freeipa channel on libera.chat.
Resolved tickets#
#5130 (rhbz#1243261) non-admin users cannot search hbac rules
#6044 (rhbz#1353899) ipa-advise: object of type ‘type’ has no len()
#9195 (rhbz#2158775) Hiding a server does not completely clean up DNS records
#9226 (rhbz#2124547) Infinite redirect loop in the WebUI for user root
#9238 Nightly test failure (rawhide) in test_ipahealthcheck.py::TestIpaHealthCheck::test_ds_configcheck_passwordstorage
#9279 ipa-otpd@.service: deprecated syslog setting
#9282 Nightly test failure in test_webui/test_subid.py/test_subid/test_subid_range_deletion_not_allowed
#9285 ipa-certupdate restarts HTTPd too early
#9286 (rhbz#2056009) memberManager ACIs aren’t allowing group-based manager access due to missing upgrade code
#9287 [RFE] makeapi should validate the generated API doc vs stored doc
#9290 (rhbz#2149889) idm:client is missing dependency on krb5-pkinit.
#9291 Nightly test failure (rawhide) in test_ipa_dns_systemrecords_check
#9306 (rhbz#2160389) ‘ERROR Could not remove /tmp/tmpbkw6hawo.ipabkp’ can be seen prior to ‘ipa-client-install’ command was successful.
#9310 (rhbz#2162335) ipa-trust-add with –range-type=ipa-ad-trust-posix fails while creating an ID range
#9314 Redundant build dependency on python3-paste (if with lint)
#9315 [tests] test_ipa_healthcheck_fips_enabled fails on system without fips-mode-setup
#9316 (rhbz#2166324) Passwordless (GSSAPI) SSH login with AD user
#9318 Incomplete fast lint/codestyle check if both Python template files and Python modules were changed
#9319 [tests] TestDNSResolver failures on systems without or empty /etc/resolv.conf
#9320 (rhbz#2018198) RFE - Add a warning note about possible performance impact of the Auto Member rebuild task.
#9324 ipatests: Frequent timeout of test_acme
#9326 ipatests: timeout of test_trust
#9329 Azure test: WebUI_Unit_Tests are failing
#9333 ipa-client-install –pkinit-identity can block in unattended mode
#9338 Update ‘Auth indicators’ doc string to show ‘ipd’ usage
#9339 Broken support for dnspython < 2
#9349 (rhbz#2180914) Sequence processing failures for group_add using server context
#9355 support python cryptography 40.0
#9358 update_dna_shared_config sometimes blocks installation for 2 minutes
Detailed changelog since 4.9.11#
Alexander Bokovoy (6)#
ipalib/x509: Implement abstract method Certificate.verify_directly_issued_by commit #9355
Don’t fail if optional RPM macros file is missing commit #9347
ipa-kdb: PAC consistency checker needs to handle child domains as well commit #9316
updates: fix memberManager ACI to allow managers from a specified group commit #9286
Anuja More (4)#
Antonio Torres (8)#
Extend API documentation commit
doc: allow notes on Param API Reference pages commit
ipaserver: deepcopy objectclasses list from IPA config commit #9349
API doc: add usage guides for groups, HBAC and sudo rules commit
API doc: add note about ipa show-mappings to usage guide commit
API doc: add basic user management guide commit
Back to git snapshots commit
Carla Martinez (1)#
Christian Heimes (3)#
Chris Kelley (1)#
Check that CADogtagCertsConfigCheck can handle cert renewal commit
David Pascual (2)#
Erik Belko (1)#
Florence Blanc-Renaud (16)#
ipatests: remove wrong job definition TestACMEPrune commit #9324
automember-rebuild: add a notice about high CPU usage commit #9320
server install: remove error log about missing bkup file commit #9306
ipatests: update the xfail annotation for test_number_of_zones commit #9135
Spec file: bump krb5_kdb_version on rawhide commit
FIPS setup: fix typo filtering camellia encryption commit
cert utilities: MAC verification is incompatible with FIPS mode commit
ipatests: update the fake fips mode expected message commit #9002
Spec file: ipa-client depends on krb5-pkinit-openssl commit #9290
PRCI: update memory reqs for each topology commit
mbhalodi (4)#
Michal Polovka (1)#
Rob Crittenden (3)#
Stanislav Levin (9)#
Sumedh Sidhaye (1)#
Sudhir Menon (1)#
Thorsten Scherf (1)#
external-idp: change idp server name to reference name commit