Hello!
The FreeIPA team would like to announce FreeIPA 4.8.10 release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for Fedora distributions will be available from the official repository soon.
Fedora 33: https://bodhi.fedoraproject.org/updates/FEDORA-2020-e9e815177e Fedora 32: https://bodhi.fedoraproject.org/updates/FEDORA-2020-6f072665c6
== Highlights in 4.8.10
* 8275: Support systemd-resolved
FreeIPA DNS servers now detect systemd-resolved and configure it to pass through itself.
* 8404: Detect and fail if not enough memory is available for installation
FreeIPA server now requires at least 1.2 GiB RAM for installation to prevent performance degradation.
* 8488: SELinux blocks custodia key replication / retrieval for sub-CAs
SELinux: Make sure ipa_custodia_t has the necessary rights ; add dedicated policy rules for ipa-pki-retrieve-key.
* 8490: It is not possible to edit KDC database when the FreeIPA server is running
kadmin.local command 'getprincs' is now supported
* 8503: pkispawn logs files are empty
On recent versions of Dogtag PKI, pkispawn does not create logs by default, making debugging failed IPA installs impossible. Invoke pkispawn with --debug to revert to the previous behavior.
* 8507: [WebUI] Backport jQuery patches from newer versions of the library (e.g. 3.5.0)
Support reproducible builds for jQuery library
=== Enhancements
=== Known Issues
=== Bug fixes
FreeIPA 4.8.10 is a stabilization release for the features delivered as a part of 4.8.10 version series.
There are more than 20 bug-fixes details of which can be seen in the list of resolved tickets below.
== Upgrading
Upgrade instructions are available on Upgrade page.
== Feedback
Please provide comments, bugs and other feedback via the freeipa-users mailing list (https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorahost...) or #freeipa channel on Freenode.
== Resolved tickets
* https://pagure.io/freeipa/issue/5914%5B#5914] (https://bugzilla.redhat.com/show_bug.cgi?id=1298288%5Brhbz#1298288]) invalid setting of DS lock table size
* https://pagure.io/freeipa/issue/6115%5B#6115] (https://bugzilla.redhat.com/show_bug.cgi?id=1357495%5Brhbz#1357495]) ipa command provides stack trace when provided with single hypen commands
* https://pagure.io/freeipa/issue/7125%5B#7125] (https://bugzilla.redhat.com/show_bug.cgi?id=1480102%5Brhbz#1480102]) ipa-server-upgrade failes with "This entry already exists"
* https://pagure.io/freeipa/issue/8204%5B#8204] (https://bugzilla.redhat.com/show_bug.cgi?id=1810148%5Brhbz#1810148]) ipa-server-certinstall -> certmonger add_subject template-subject dbus 'unable to set arguments' a{sv}
* https://pagure.io/freeipa/issue/8248%5B#8248] httpd ccaches created during server upgrade aren't cleaned up on uninstall/install
* https://pagure.io/freeipa/issue/8275%5B#8275] (https://bugzilla.redhat.com/show_bug.cgi?id=1880628%5Brhbz#1880628]) Support systemd-resolved
* https://pagure.io/freeipa/issue/8344%5B#8344] Nightly test failure in test_smb.py::TestSMB::test_smb_service_s4u2self
* https://pagure.io/freeipa/issue/8383%5B#8383] Test with dnspython 2.0
* https://pagure.io/freeipa/issue/8404%5B#8404] Detect and fail if not enough memory is available for installation
* https://pagure.io/freeipa/issue/8443%5B#8443] ipa delegation-add can add permissions and attributes several times
* https://pagure.io/freeipa/issue/8446%5B#8446] ipa dnszone-add ignores --name-from-ip option if name is given
* https://pagure.io/freeipa/issue/8458%5B#8458] auto-upgrade will never happen for existing installations
* https://pagure.io/freeipa/issue/8468%5B#8468] [pylint] new warnings on dev branch
* https://pagure.io/freeipa/issue/8472%5B#8472] [tracker] Nightly test failure in test_ipahealthcheck.py::TestIpaHealthCheckWithExternalCA
* https://pagure.io/freeipa/issue/8473%5B#8473] Nightly test failure in all webui tests: Invalid or corrupt jarfile /opt/selenium.jar
* https://pagure.io/freeipa/issue/8474%5B#8474] Mozilla's NSS without DBM
* https://pagure.io/freeipa/issue/8475%5B#8475] Azure: tox task and virtualenv 20+
* https://pagure.io/freeipa/issue/8481%5B#8481] Nightly test failure in rawhide in tasks.configure_dns_for_trust
* https://pagure.io/freeipa/issue/8488%5B#8488] (https://bugzilla.redhat.com/show_bug.cgi?id=1868432%5Brhbz#1868432]) SELinux blocks custodia key replication / retrieval for sub-CAs
* https://pagure.io/freeipa/issue/8490%5B#8490] (https://bugzilla.redhat.com/show_bug.cgi?id=1875001%5Brhbz#1875001]) It is not possible to edit KDC database when the FreeIPA server is running
* https://pagure.io/freeipa/issue/8491%5B#8491] Unindexed searches in FreeIPA git master
* https://pagure.io/freeipa/issue/8494%5B#8494] Azure Pipelines are broken due to docker compose tool upgrade
* https://pagure.io/freeipa/issue/8503%5B#8503] (https://bugzilla.redhat.com/show_bug.cgi?id=1879604%5Brhbz#1879604]) pkispawn logs files are empty
* https://pagure.io/freeipa/issue/8505%5B#8505] Nightly failure (fedora31) in test_integration/test_smb.py::TestSMB::test_smb_service_s4u2self
* https://pagure.io/freeipa/issue/8507%5B#8507] [WebUI] Backport jQuery patches from newer versions of the library (e.g. 3.5.0)
* https://pagure.io/freeipa/issue/8511%5B#8511] The selinux subpackage does not have a requirement to match the server install
* https://pagure.io/freeipa/issue/8512%5B#8512] Import of psutil can trigger SELinux violation
* https://pagure.io/freeipa/issue/8513%5B#8513] (https://bugzilla.redhat.com/show_bug.cgi?id=1868432%5Brhbz#1868432]) SELinux module fails to load: Re-declaration of type node_t
* https://pagure.io/freeipa/issue/8515%5B#8515] (https://bugzilla.redhat.com/show_bug.cgi?id=1882340%5Brhbz#1882340]) nsslapd-db-locks patching no longer works
== Detailed changelog since 4.8.9
Detailed changelog is available at https://www.freeipa.org/page/Releases/4.8.10
freeipa-devel@lists.fedorahosted.org