The FreeIPA team would like to announce FreeIPA 4.10.0 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora distributions will be available from the official repository soon.
== Highlights in 4.10.0
* 2016: [RFE] Support random serial numbers in IPA certificates
RSN can be enabled in new server installations.
* 7404: Incorrect certs are being updated with "ipa-certupdate"
ipa-cacert-manage command now supports the "prune" subcommand, that allows to remove the expired CA certificates.
=== Bug fixes
FreeIPA 4.10.0 is a stabilization release for the features delivered as a part of 4.10 version series.
There are 7 bug-fixes since FreeIPA 4.9.10 release. Details of the bug-fixes can be seen in the list of resolved tickets below.
== Upgrading
Upgrade instructions are available on Upgrade page.
== Feedback
Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahost...) or #freeipa channel on libera.chat.
== Resolved tickets
* https://pagure.io/freeipa/issue/2016%5B#2016] [RFE] Support random serial numbers in IPA certificates * https://pagure.io/freeipa/issue/2278%5B#2278] IPA needs better sudo option validation or better documentation * https://pagure.io/freeipa/issue/7404%5B#7404] Incorrect certs are being updated with "ipa-certupdate" * https://pagure.io/freeipa/issue/8544%5B#8544] After reboot: Replication bind with GSSAPI auth failed * https://pagure.io/freeipa/issue/8684%5B#8684] [WebUI] test_hostgroup::test_names_and_button - timeout reached * https://pagure.io/freeipa/issue/9035%5B#9035] Nightly failure (rawhide) in test_installation_client.py::TestInstallClient * https://pagure.io/freeipa/issue/9105%5B#9105] Review usage of quiet flag in ipa-join
== Detailed changelog since 4.9.10
=== Rob Crittenden (9)
* Fix test_secure_ajp_connector.py failing with Python 3.6.8 https://pagure.io/freeipa/c/9a97f9b40%5Bcommit] * Add tests for Random Serial Number v3 support https://pagure.io/freeipa/c/d241d7405%5Bcommit] https://pagure.io/freeipa/issue/2016%5B#2016] * Add support for Random Serial Numbers v3 https://pagure.io/freeipa/c/beaa0562d%5Bcommit] https://pagure.io/freeipa/issue/2016%5B#2016] * Add a new parameter type, SerialNumber, as a subclass of Str https://pagure.io/freeipa/c/83be923ac%5Bcommit] https://pagure.io/freeipa/issue/2016%5B#2016] * doc/designs: add Random Serial Numbers v3 support https://pagure.io/freeipa/c/d3481449e%5Bcommit] https://pagure.io/freeipa/issue/2016%5B#2016] * Design for IPA-to-IPA migration https://pagure.io/freeipa/c/d4859db4e%5Bcommit] * Re-work the quiet option in ipa-join to not suppress errors https://pagure.io/freeipa/c/61650c577%5Bcommit] https://pagure.io/freeipa/issue/9105%5B#9105] * Improve sudooption docs, make the option multi-value https://pagure.io/freeipa/c/47fbe05f7%5Bcommit] https://pagure.io/freeipa/issue/2278%5B#2278] * Design doc to allow LDAP bind using the RADIUS auth type https://pagure.io/freeipa/c/16ab690bf%5Bcommit]
=== Matthew Davis (1)
* Add missing parameter to Suse modify_nsswitch_pam_stack https://pagure.io/freeipa/c/6d6b135ff%5Bcommit]
=== Anuja More (3)
* ipatests: Fix install_master for test_idp.py https://pagure.io/freeipa/c/ef091c99f%5Bcommit] * Add end to end integration tests for external IdP https://pagure.io/freeipa/c/bd57ff356%5Bcommit] * ipatests: update prci definitions for test_idp.py https://pagure.io/freeipa/c/a80a98194%5Bcommit]
=== Timo Aaltonen (2)
* ipaplatform/debian: Drop the path for ldap.so https://pagure.io/freeipa/c/808ac46ba%5Bcommit] * ipaplatform/debian: Use multiarch path for libsofthsm2.so https://pagure.io/freeipa/c/92d718dbf%5Bcommit]
=== Michal Polovka (5)
* ipatests: Healthcheck use subject base from IPA not REALM https://pagure.io/freeipa/c/d3c11f762%5Bcommit] * ipatests: Increase expect timeout for interactive mode https://pagure.io/freeipa/c/40b3c11bd%5Bcommit] * ipatests: Healthcheck should ignore pki errors when CA is not configured https://pagure.io/freeipa/c/b2bbf8165%5Bcommit] * test_webui: test_hostgroup: Wait for modal dialog to appear https://pagure.io/freeipa/c/d0269f236%5Bcommit] https://pagure.io/freeipa/issue/8684%5B#8684] * WebUI: Test if links are opened in new tab correctly https://pagure.io/freeipa/c/89c846a1f%5Bcommit]
=== Florence Blanc-Renaud (9)
* xmlrpc tests: updated expected output for preserved user https://pagure.io/freeipa/c/3732349bc%5Bcommit] * Preserve user: fix the confusing summary https://pagure.io/freeipa/c/cbc18ff8c%5Bcommit] * ipatests: update packages in rawhide test test_installation_client.py https://pagure.io/freeipa/c/4c61b9266%5Bcommit] https://pagure.io/freeipa/issue/9035%5B#9035] * ipatests: revert wrong commit on gating definition https://pagure.io/freeipa/c/4b665ccf2%5Bcommit] * Design: Integrate SID configuration into base IPA installers https://pagure.io/freeipa/c/bacddb828%5Bcommit] * Doc: add a design template https://pagure.io/freeipa/c/5edf144a7%5Bcommit] * ipatests: add test_acme.py in nightly previous https://pagure.io/freeipa/c/96a297f3b%5Bcommit] * ipatests: fix incomplete nightly def in nightly_previous https://pagure.io/freeipa/c/296f27dce%5Bcommit] * ipatests: fix discrepancies in nightly defs https://pagure.io/freeipa/c/9b2c05aff%5Bcommit]
=== Armando Neto (8)
* ipatests: update prci template https://pagure.io/freeipa/c/b3085b830%5Bcommit] * ipatests: update definitions for custom COPR nightlies https://pagure.io/freeipa/c/1101b22b5%5Bcommit] * ipatests: bump PR-CI rawhide template https://pagure.io/freeipa/c/c780504d4%5Bcommit] * ipatests: bump rawhide template for PR-CI https://pagure.io/freeipa/c/d6d413628%5Bcommit] * ipatests: Bump PR-CI rawhide template https://pagure.io/freeipa/c/c14d52f43%5Bcommit] * ipatests: Bump PR-CI Rawhide template https://pagure.io/freeipa/c/c572697d9%5Bcommit] * ipatests: Update gating to Fedora 33 https://pagure.io/freeipa/c/a6b487130%5Bcommit] * ipatests: update PR-CI templates to Fedora 33 https://pagure.io/freeipa/c/3e8e83654%5Bcommit]
=== Alexander Bokovoy (3)
* Fix use of comparison functions to avoid GCC bug 95189 https://pagure.io/freeipa/c/9043b8d53%5Bcommit] * doc/designs: fix formatting in LDAPI autobind design https://pagure.io/freeipa/c/3d809c706%5Bcommit] * Contributors: add new contributors to the list https://pagure.io/freeipa/c/bef78d16e%5Bcommit]
=== Mohammad Rizwan (1)
* ipatest: Test ipa-cert-fix fails when startup directive is missing from CS.cfg https://pagure.io/freeipa/c/16057898a%5Bcommit]
=== Christian Heimes (2)
* Add design for LDAPI autobind https://pagure.io/freeipa/c/5b8f37f88%5Bcommit] https://pagure.io/freeipa/issue/8544%5B#8544] * LDAP autobind authenticateAsDN for BIND named https://pagure.io/freeipa/c/16e1cbdc5%5Bcommit] https://pagure.io/freeipa/issue/8544%5B#8544]
=== François Cami (1)
* ipatests: fix nightly_latest_testing_selinux template https://pagure.io/freeipa/c/87304c78a%5Bcommit]
=== Antonio Torres (2)
* ipatests: add test for ipa-cacert-manage prune https://pagure.io/freeipa/c/8a2e6ec32%5Bcommit] https://pagure.io/freeipa/issue/7404%5B#7404] * ipa-cacert-manage: add prune option https://pagure.io/freeipa/c/5d8cb1dd1%5Bcommit] https://pagure.io/freeipa/issue/7404%5B#7404]
=== Peter Keresztes Schmidt (3)
* configure: Do not set -Wno-strict-aliasing -Wno-sign-compare https://pagure.io/freeipa/c/f9357cb98%5Bcommit] * build: Unify compiler warning flags used https://pagure.io/freeipa/c/a355646c3%5Bcommit] * configure: Fix source tree detection to enable more warnings https://pagure.io/freeipa/c/54b42f72f%5Bcommit]