-
-
Save antoniotorresm/4551cbaeb7c97f873158c8fcf2409794 to your computer and use it in GitHub Desktop.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
The FreeIPA team would like to announce FreeIPA 4.9.12 release! | |
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds | |
for Fedora distributions will be available from the official repository | |
soon. | |
[[highlights_in_4.9.12]] | |
== Highlights in 4.9.12 | |
*TODO RELEASE NOTES - put release notes (if any) to proper categories* | |
* 9287: [RFE] makeapi should validate the generated API doc vs stored | |
doc | |
''''' | |
* 9298: [Tracker] Nightly test failure (updates-testing) in | |
test_acme.py::TestACME::test_certbot_certonly_standalone | |
:: | |
;; | |
With Certbot update to 2.0.0, Certbot defaults to ECDSA certificate | |
private keys for all new certificates. PKI ACME cert profile | |
supports only rsa private keys, meaning that the key type needs to | |
be forced to rsa when requesting an ACME certificate, using certbot | |
--key-type rsa [...] | |
''''' | |
*END TODO* | |
=== Enhancements | |
[[known_issues]] | |
=== Known Issues | |
[[bug_fixes]] | |
=== Bug fixes | |
FreeIPA 4.9.12 is a stabilization release for the features delivered as | |
a part of 4.9.0 version series. | |
There are more than 30 bug-fixes since FreeIPA 4.9.11 release. Details | |
of the bug-fixes can be seen in the list of resolved tickets below. | |
== Upgrading | |
Upgrade instructions are available on Upgrade page. | |
== Feedback | |
Please provide comments, bugs and other feedback via the freeipa-users | |
mailing list | |
(https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahosted.org/) | |
or #freeipa channel on libera.chat. | |
[[resolved_tickets]] | |
== Resolved tickets | |
* https://pagure.io/freeipa/issue/5130[#5130] | |
(https://bugzilla.redhat.com/show_bug.cgi?id=1243261[rhbz#1243261]) | |
non-admin users cannot search hbac rules | |
* https://pagure.io/freeipa/issue/6044[#6044] | |
(https://bugzilla.redhat.com/show_bug.cgi?id=1353899[rhbz#1353899]) | |
ipa-advise: object of type 'type' has no len() | |
* https://pagure.io/freeipa/issue/9002[#9002] Nightly failure in | |
test_fips.py::TestInstallFIPS::test_basic::setup | |
* https://pagure.io/freeipa/issue/9124[#9124] Nightly test failure in | |
test_smb.py::TestSMB::test_smb_service_s4u2self | |
* https://pagure.io/freeipa/issue/9135[#9135] Nightly test failure | |
(f37+): reverse zone not created | |
* https://pagure.io/freeipa/issue/9195[#9195] | |
(https://bugzilla.redhat.com/show_bug.cgi?id=2158775[rhbz#2158775]) | |
Hiding a server does not completely clean up DNS records | |
* https://pagure.io/freeipa/issue/9226[#9226] | |
(https://bugzilla.redhat.com/show_bug.cgi?id=2124547[rhbz#2124547]) | |
Infinite redirect loop in the WebUI for user root | |
* https://pagure.io/freeipa/issue/9238[#9238] Nightly test failure | |
(rawhide) in | |
test_ipahealthcheck.py::TestIpaHealthCheck::test_ds_configcheck_passwordstorage | |
* https://pagure.io/freeipa/issue/9279[#9279] ipa-otpd@.service: | |
deprecated syslog setting | |
* https://pagure.io/freeipa/issue/9282[#9282] Nightly test failure in | |
test_webui/test_subid.py/test_subid/test_subid_range_deletion_not_allowed | |
* https://pagure.io/freeipa/issue/9285[#9285] ipa-certupdate restarts | |
HTTPd too early | |
* https://pagure.io/freeipa/issue/9286[#9286] | |
(https://bugzilla.redhat.com/show_bug.cgi?id=2056009[rhbz#2056009]) | |
memberManager ACIs aren't allowing group-based manager access due to | |
missing upgrade code | |
* https://pagure.io/freeipa/issue/9287[#9287] [RFE] makeapi should | |
validate the generated API doc vs stored doc | |
* https://pagure.io/freeipa/issue/9290[#9290] | |
(https://bugzilla.redhat.com/show_bug.cgi?id=2149889[rhbz#2149889]) | |
idm:client is missing dependency on krb5-pkinit. | |
* https://pagure.io/freeipa/issue/9291[#9291] Nightly test failure | |
(rawhide) in test_ipa_dns_systemrecords_check | |
* https://pagure.io/freeipa/issue/9298[#9298] [Tracker] Nightly test | |
failure (updates-testing) in | |
test_acme.py::TestACME::test_certbot_certonly_standalone | |
* https://pagure.io/freeipa/issue/9306[#9306] | |
(https://bugzilla.redhat.com/show_bug.cgi?id=2160389[rhbz#2160389]) | |
'ERROR Could not remove /tmp/tmpbkw6hawo.ipabkp' can be seen prior to | |
'ipa-client-install' command was successful. | |
* https://pagure.io/freeipa/issue/9310[#9310] | |
(https://bugzilla.redhat.com/show_bug.cgi?id=2162335[rhbz#2162335]) | |
ipa-trust-add with --range-type=ipa-ad-trust-posix fails while creating | |
an ID range | |
* https://pagure.io/freeipa/issue/9314[#9314] Redundant build dependency | |
on python3-paste (if with lint) | |
* https://pagure.io/freeipa/issue/9315[#9315] [tests] | |
test_ipa_healthcheck_fips_enabled fails on system without | |
fips-mode-setup | |
* https://pagure.io/freeipa/issue/9316[#9316] | |
(https://bugzilla.redhat.com/show_bug.cgi?id=2166324[rhbz#2166324]) | |
Passwordless (GSSAPI) SSH login with AD user | |
* https://pagure.io/freeipa/issue/9318[#9318] Incomplete fast | |
lint/codestyle check if both Python template files and Python modules | |
were changed | |
* https://pagure.io/freeipa/issue/9319[#9319] [tests] TestDNSResolver | |
failures on systems without or empty /etc/resolv.conf | |
* https://pagure.io/freeipa/issue/9320[#9320] | |
(https://bugzilla.redhat.com/show_bug.cgi?id=2018198[rhbz#2018198]) RFE | |
- Add a warning note about possible performance impact of the Auto | |
Member rebuild task. | |
* https://pagure.io/freeipa/issue/9324[#9324] ipatests: Frequent timeout | |
of test_acme | |
* https://pagure.io/freeipa/issue/9326[#9326] ipatests: timeout of | |
test_trust | |
* https://pagure.io/freeipa/issue/9329[#9329] Azure test: | |
WebUI_Unit_Tests are failing | |
* https://pagure.io/freeipa/issue/9332[#9332] Extend negative test | |
coverage for automember | |
* https://pagure.io/freeipa/issue/9333[#9333] ipa-client-install | |
--pkinit-identity can block in unattended mode | |
* https://pagure.io/freeipa/issue/9338[#9338] Update 'Auth indicators' | |
doc string to show 'ipd' usage | |
* https://pagure.io/freeipa/issue/9339[#9339] Broken support for | |
dnspython < 2 | |
* https://pagure.io/freeipa/issue/9347[#9347] Azure Ci does not work | |
with Fedora Rawhide | |
* https://pagure.io/freeipa/issue/9349[#9349] | |
(https://bugzilla.redhat.com/show_bug.cgi?id=2180914[rhbz#2180914]) | |
Sequence processing failures for group_add using server context | |
* https://pagure.io/freeipa/issue/9355[#9355] support python | |
cryptography 40.0 | |
* https://pagure.io/freeipa/issue/9358[#9358] update_dna_shared_config | |
sometimes blocks installation for 2 minutes | |
[[detailed_changelog_since_4.9.11]] | |
== Detailed changelog since 4.9.11 | |
[[alexander_bokovoy_6]] | |
=== Alexander Bokovoy (6) | |
* ipalib/x509: Implement abstract method | |
Certificate.verify_directly_issued_by | |
https://pagure.io/freeipa/c/e43b10858a8014b2b1b6e555bff48ab172f14a9b[commit] | |
https://pagure.io/freeipa/issue/9355[#9355] | |
* Fix tox in Azure CI | |
https://pagure.io/freeipa/c/53ac81765aaad71ef18e720017454c33df0ab27c[commit] | |
https://pagure.io/freeipa/issue/9347[#9347] | |
* Use system-wide chromium for webui tests | |
https://pagure.io/freeipa/c/3593a798cc6a6bc3130c59ec7acf3f534b69158f[commit] | |
https://pagure.io/freeipa/issue/9347[#9347] | |
* Don't fail if optional RPM macros file is missing | |
https://pagure.io/freeipa/c/801308af209167ef84351987cd894c5721e3d853[commit] | |
https://pagure.io/freeipa/issue/9347[#9347] | |
* ipa-kdb: PAC consistency checker needs to handle child domains as well | |
https://pagure.io/freeipa/c/2d7cc19d238e0a20a44bb5422fd369d1e5cf764f[commit] | |
https://pagure.io/freeipa/issue/9316[#9316] | |
* updates: fix memberManager ACI to allow managers from a specified | |
group | |
https://pagure.io/freeipa/c/651e28c1fb6b86ad1fbd4ea98644e00b7042499c[commit] | |
https://pagure.io/freeipa/issue/9286[#9286] | |
[[anuja_more_4]] | |
=== Anuja More (4) | |
* ipatests: Test that non admin user can search hbac rule. | |
https://pagure.io/freeipa/c/3599a4a7e35baa8b936b2c00abe4827be5473212[commit] | |
https://pagure.io/freeipa/issue/5130[#5130] | |
* ipatests: Test ipa-advise is not failing with error. | |
https://pagure.io/freeipa/c/b2f197d3100d7ca95ead6180fa6b196f1aa77f74[commit] | |
https://pagure.io/freeipa/issue/6044[#6044] | |
* PRCI: update test_trust.py for nightly pipelines. | |
https://pagure.io/freeipa/c/9577e0b1f5cc4b3569a71eea1657981355eb80f3[commit] | |
https://pagure.io/freeipa/issue/9326[#9326] | |
* Add test for SSH with GSSAPI auth. | |
https://pagure.io/freeipa/c/ed1959dc0cf8823a0ce60e32ce0de7a389ecb942[commit] | |
https://pagure.io/freeipa/issue/9316[#9316] | |
[[antonio_torres_8]] | |
=== Antonio Torres (8) | |
* Extend API documentation | |
https://pagure.io/freeipa/c/f3d5e11b979e13c40158928302ff23169cd9cc9c[commit] | |
* doc: allow notes on Param API Reference pages | |
https://pagure.io/freeipa/c/f2bb386b44ef96a1e90d30ea4d3d37799fd01388[commit] | |
* ipaserver: deepcopy objectclasses list from IPA config | |
https://pagure.io/freeipa/c/62fe608390c41115edf4e356a6cff2ab1a6d0daf[commit] | |
https://pagure.io/freeipa/issue/9349[#9349] | |
* API doc: add usage guides for groups, HBAC and sudo rules | |
https://pagure.io/freeipa/c/e96d91c104b616c175a8c66a6e93a60d5a06e7ab[commit] | |
* API doc: add note about ipa show-mappings to usage guide | |
https://pagure.io/freeipa/c/a6592c6a79f15b0e6eef02a3f3545b9b72bc1705[commit] | |
* API doc: validate generated reference | |
https://pagure.io/freeipa/c/34a06d7f06f35b9aad034f7a4ff99753a0426275[commit] | |
https://pagure.io/freeipa/issue/9287[#9287] | |
* API doc: add basic user management guide | |
https://pagure.io/freeipa/c/84c4449e93d57f5236f978388cf6561a4866686a[commit] | |
* Back to git snapshots | |
https://pagure.io/freeipa/c/1b7fccd6d44361b9c175d9049313f0a5ac46bb57[commit] | |
[[carla_martinez_1]] | |
=== Carla Martinez (1) | |
* Update 'Auth indicators' doc string | |
https://pagure.io/freeipa/c/42744ebbcab7ef0a6bf5f16d6fca513c323d2fa9[commit] | |
https://pagure.io/freeipa/issue/9338[#9338] | |
[[christian_heimes_3]] | |
=== Christian Heimes (3) | |
* Speed up installer by restarting DS after DNA plugin | |
https://pagure.io/freeipa/c/27e9181bdc684915a7f9f15631f4c3dd6ac5f884[commit] | |
https://pagure.io/freeipa/issue/9358[#9358] | |
* Don't block when kinit_pkinit() fails | |
https://pagure.io/freeipa/c/03f544e83c1f775786bcda211a35f15a0b2a582f[commit] | |
https://pagure.io/freeipa/issue/9333[#9333] | |
* ipa-certupdate: Update client certs before KDC/HTTPd restart | |
https://pagure.io/freeipa/c/f3052c17599c7318c385b27795678b368906fd26[commit] | |
https://pagure.io/freeipa/issue/9285[#9285] | |
[[chris_kelley_1]] | |
=== Chris Kelley (1) | |
* Check that CADogtagCertsConfigCheck can handle cert renewal | |
https://pagure.io/freeipa/c/bed21afd2b7bc43c5acd33ad450d284d04073a71[commit] | |
[[david_pascual_2]] | |
=== David Pascual (2) | |
* doc: Use case examples for PR-CI checker tool | |
https://pagure.io/freeipa/c/faa485345cff6a4decbbd4a7542a3f640f2ca097[commit] | |
* ipatests: fix (prci_checker) duplicated check & error return code | |
https://pagure.io/freeipa/c/398e091863c8d64271205fb4df26e688dddfe81e[commit] | |
[[erik_belko_1]] | |
=== Erik Belko (1) | |
* ipatests: Test MemberManager ACI to allow managers from a specified | |
group after upgrade scenario | |
https://pagure.io/freeipa/c/2fb6f0216e7433e0e6459678863edb2a31c90cde[commit] | |
https://pagure.io/freeipa/issue/9286[#9286] | |
[[florence_blanc_renaud_16]] | |
=== Florence Blanc-Renaud (16) | |
* ipatests: increase timeout for test_trust | |
https://pagure.io/freeipa/c/a7147fa4c67ee5bdfa6f6020fdfb6278131f79d4[commit] | |
https://pagure.io/freeipa/issue/9326[#9326] | |
* ipatests: remove wrong job definition TestACMEPrune | |
https://pagure.io/freeipa/c/bdd115239adeae9f84b016207552b60985d65854[commit] | |
https://pagure.io/freeipa/issue/9324[#9324] | |
* ipatests: increase timeout for test_acme | |
https://pagure.io/freeipa/c/67131ae7f93e6ceab9be06d29151c37d74024699[commit] | |
https://pagure.io/freeipa/issue/9324[#9324] | |
* automember-rebuild: add a notice about high CPU usage | |
https://pagure.io/freeipa/c/2deaaa788cbdde22d5b15566599fdcf7a10f02c6[commit] | |
https://pagure.io/freeipa/issue/9320[#9320] | |
* trust-add: handle missing msSFU30MaxGidNumber | |
https://pagure.io/freeipa/c/703ab8c4dfb7f8fd1540c3849ad469d39695a26f[commit] | |
https://pagure.io/freeipa/issue/9310[#9310] | |
* Tests: force key type in ACME tests | |
https://pagure.io/freeipa/c/16c37cf26c8bf3a032a2d6845b3ff406002590be[commit] | |
https://pagure.io/freeipa/issue/9298[#9298] | |
* server install: remove error log about missing bkup file | |
https://pagure.io/freeipa/c/6f50b00953c0000d6da8db0f5e8974ae33d7b5d5[commit] | |
https://pagure.io/freeipa/issue/9306[#9306] | |
* ipatests: mark test_smb as xfail | |
https://pagure.io/freeipa/c/1bdd8147e7fa1032025dc6f6868e26f285744ee1[commit] | |
https://pagure.io/freeipa/issue/9124[#9124] | |
* ipatests: update the xfail annotation for test_number_of_zones | |
https://pagure.io/freeipa/c/cc9e568e5c769754a5882a52e2a32d6e1c3a64bc[commit] | |
https://pagure.io/freeipa/issue/9135[#9135] | |
* Spec file: bump krb5_kdb_version on rawhide | |
https://pagure.io/freeipa/c/f2b4d019881232833e915fedba48537548d2ef60[commit] | |
* FIPS setup: fix typo filtering camellia encryption | |
https://pagure.io/freeipa/c/f2a337caaf82fca4a8d7c347454b412ba2b4a0dd[commit] | |
* cert utilities: MAC verification is incompatible with FIPS mode | |
https://pagure.io/freeipa/c/42381ebd036feee63fab2bbf8579b7a385624bf7[commit] | |
* ipatests: update the fake fips mode expected message | |
https://pagure.io/freeipa/c/1d01692cf241645ca59b7f3d3e2096ce738d6a05[commit] | |
https://pagure.io/freeipa/issue/9002[#9002] | |
* Spec file: ipa-client depends on krb5-pkinit-openssl | |
https://pagure.io/freeipa/c/d7c5fe5f1cc3b68492da27cf4ea25b611412c834[commit] | |
https://pagure.io/freeipa/issue/9290[#9290] | |
* webui tests: fix assertion in test_subid.py | |
https://pagure.io/freeipa/c/3801d0c1c8a3dbec54dead29666137de2649e109[commit] | |
https://pagure.io/freeipa/issue/9282[#9282] | |
* PRCI: update memory reqs for each topology | |
https://pagure.io/freeipa/c/4f69f4cff32c0b5f8d4a36484a541a4b96c07e9d[commit] | |
[[mbhalodi_4]] | |
=== mbhalodi (4) | |
* ipatests: Test for sequence processing failures with server context | |
https://pagure.io/freeipa/c/6e5c6b1a138c3ead57cb42483f45f364894342e3[commit] | |
https://pagure.io/freeipa/issue/9349[#9349] | |
* ipatests: add missing automember-cli tests | |
https://pagure.io/freeipa/c/34c1574bed9fe6d35ea6a9e04f4e2e148fec9788[commit] | |
https://pagure.io/freeipa/issue/9332[#9332] | |
* ipatests: WebUI - ensure that ipa automember-rebuild prints a warning | |
https://pagure.io/freeipa/c/ff50fe5f038be52207bb770179becc31fbc74e17[commit] | |
https://pagure.io/freeipa/issue/9320[#9320] | |
* ipatests: ensure that ipa automember-rebuild prints a warning | |
https://pagure.io/freeipa/c/d035dc78cc7a1c88fc443719793a7c619af86fde[commit] | |
https://pagure.io/freeipa/issue/9320[#9320] | |
[[michal_polovka_1]] | |
=== Michal Polovka (1) | |
* ipatest: loginscreen: do not use hardcoded password | |
https://pagure.io/freeipa/c/2eca13e9660b3394fdd0a793142428dfe9d9ffa6[commit] | |
https://pagure.io/freeipa/issue/9226[#9226] | |
[[rob_crittenden_3]] | |
=== Rob Crittenden (3) | |
* Wipe the ipa-ca DNS record when updating system records | |
https://pagure.io/freeipa/c/b9387280543b86444cf4c258a7b720f492357baf[commit] | |
https://pagure.io/freeipa/issue/9195[#9195] | |
* tests: Add new ipa-ca error messages to IPADNSSystemRecordsCheck | |
https://pagure.io/freeipa/c/f28cb79ffaf18b190642a8b07e8fc4ea00fa4c58[commit] | |
https://pagure.io/freeipa/issue/9291[#9291] | |
* tests: Add ipa_ca_name checking to DNS system records | |
https://pagure.io/freeipa/c/0231ea8cd7895da6bc2bbc155f2d94b551ebac5c[commit] | |
https://pagure.io/freeipa/issue/9291[#9291] | |
[[stanislav_levin_9]] | |
=== Stanislav Levin (9) | |
* fastlint: Correct concatenation of file lists | |
https://pagure.io/freeipa/c/d8418ce63de206967bea5918615ee4471183cd06[commit] | |
https://pagure.io/freeipa/issue/9318[#9318] | |
* dns: Fix support for dnspython 1.1x | |
https://pagure.io/freeipa/c/c57507f3a4ed1f3314d0f57ad4f3469220b2cb6b[commit] | |
https://pagure.io/freeipa/issue/9339[#9339] | |
* tests: webui: Update vendored qunit | |
https://pagure.io/freeipa/c/9b15dca6095a44589c55aa6f8ef8c7646341d4d8[commit] | |
https://pagure.io/freeipa/issue/9329[#9329] | |
* AP: webui: List installed nodejs packages | |
https://pagure.io/freeipa/c/1ec521d9aea95fa212f3a8acf966a9eca32c257f[commit] | |
https://pagure.io/freeipa/issue/9329[#9329] | |
* tests: webui: Load qunit only once | |
https://pagure.io/freeipa/c/958a3958b4835fc2454e8bd71797638dcef9c460[commit] | |
https://pagure.io/freeipa/issue/9329[#9329] | |
* tests: webui: Allow file access from files in tests | |
https://pagure.io/freeipa/c/a9f29047ab352757ddfeb5cda9701fee0a06032a[commit] | |
https://pagure.io/freeipa/issue/9329[#9329] | |
* tests: Configure DNSResolver as platform agnostic resolver | |
https://pagure.io/freeipa/c/e6f1b363c40f6e04d7ce6eeb80597e89c5684875[commit] | |
https://pagure.io/freeipa/issue/9319[#9319] | |
* spec: Drop no longer used build dependency on paste | |
https://pagure.io/freeipa/c/ebd4096f039964cfd1d95467630c10559d051e13[commit] | |
https://pagure.io/freeipa/issue/9314[#9314] | |
* ipatests: healthcheck: Handle missing fips-mode-setup | |
https://pagure.io/freeipa/c/8d2c8fcf0ca498e9fc431cf3e531bbd39cb1d9a2[commit] | |
https://pagure.io/freeipa/issue/9315[#9315] | |
[[sumedh_sidhaye_1]] | |
=== Sumedh Sidhaye (1) | |
* With the commit #99a74d7, 389-ds changed the message returned in | |
ipa-healthcheck. | |
https://pagure.io/freeipa/c/e8ef2c2f226704ce510525f07675107179124a95[commit] | |
https://pagure.io/freeipa/issue/9238[#9238] | |
[[sudhir_menon_1]] | |
=== Sudhir Menon (1) | |
* Fixes: ipa-otpd@.service: deprecated syslog setting | |
https://pagure.io/freeipa/c/05bba992a6f8ba9f3c4383d023f5977dff457382[commit] | |
https://pagure.io/freeipa/issue/9279[#9279] | |
[[thorsten_scherf_1]] | |
=== Thorsten Scherf (1) | |
* external-idp: change idp server name to reference name | |
https://pagure.io/freeipa/c/b9c6ea67d896e52b61bd40bfd84b8d84b69ec35e[commit] |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment