[Freeipa-devel] Re: [DRAFT] FreeIPA 4.10.1 Release Notes

Florence Blanc-Renaud via FreeIPA-devel Fri, 04 Nov 2022 09:20:56 -0700

Hi Antonio,

Same comment as for the 4.9.11 RN, many issues are picked by the automation
probably because they are mentioned with Related instead of Fixes in the
commit msg. Please find my comments below.


On Thu, Nov 3, 2022 at 12:04 PM Antonio Torres via FreeIPA-devel <
freeipa-devel@lists.fedorahosted.org> wrote:

> {{ReleaseDate|2022-11-03}}
> The FreeIPA team would like to announce FreeIPA 4.10.1 release!
>
> It can be downloaded from http://www.freeipa.org/page/Downloads. Builds
> for
> Fedora distributions will be available from the official repository soon.
>
> == Highlights in 4.10.1 ==
>
> '''TODO RELEASE NOTES - put release notes (if any) to proper categories'''
> * 1539: [RFE] Add code to check password expiration on ldap bind
> :: User can no longer do LDAP BIND operation with expired password.
>
already fixed in 4.10.0, to be removed


> --------
> * 2016: [RFE] Support random serial numbers in IPA certificates
>
Already fixed in 4.10.0, to be removed.

>
>
> --------
> * 8404: Detect and fail if not enough memory is available for installation
> :: FreeIPA server now requires at least 1.2 GiB RAM for installation
> to prevent performance degradation.
>
to be removed


> --------
> * 9150: Remove 'Remove' button from subid page
> :: subid ranges cannot be removed. A button in Web UI subid management
> page to remove the range was removed to not confuse users
>
to be removed


> --------
> * 9159: [RFE] ipa-client-install should provide option to enable
> subid: sss in /etc/nsswitch.conf
> :: IPA installers now provide the ability to configure SSSD as
> datasource for subid
>
to be removed


> --------
> * 9228: ipa-client-install does not maintain server affinity during
> installation
> :: ipa-client-install will use a single server for the duration of the
> installation process, either one discovered or provided on the
> command-line. Previously it would use a temporary configuration to do
> enrollment, then switch to a final one for the remaining operations.
> This could lead to the installer talking with multiple servers. If the
> client installer is faster than replication this could lead to errors.
> --------
> * 9237: Show order in sudo rule list in web interface
> :: In the 'sudo rules' page, the WebUI is now displaying a 'sudo
> order' column so that the users can easily see which rules override
> other rules based on their order.
> --------
> * 9258: Do not add TLS CA configuration to ldap.conf anymore
> :: FreeIPA client installer does not add explicit TLS CA configuration
> to OpenLDAP's ldap.conf anymore. Since OpenLDAP 2.4.45, explicit CA
> configuration is not required as OpenLDAP uses the default CA store
> provided by OpenSSL and IPA CA is installed in the default store by
> the installer already.
> --------
> '''END TODO'''
>
> === Enhancements ===
>
> === Known Issues ===
>
>
> === Bug fixes ===
> FreeIPA 4.10.1 is a stabilization release for the features delivered as a
> part of 4.10 version series.
>
> There are more than 40 bug-fixes since FreeIPA 4.10.0 release.
> Details of the bug-fixes can be seen in the list of resolved tickets below.
>
> == Upgrading ==
> Upgrade instructions are available on [[Upgrade]] page.
>
> == Feedback ==
> Please provide comments, bugs and other feedback via the freeipa-users
> mailing
> list (
> https://lists.fedoraproject.org/archives/list/freeipa-us...@lists.fedorahosted.org/
> )
> or #freeipa channel on libera.chat.
>
>
> == Resolved tickets ==
> * [https://pagure.io/freeipa/issue/1539 #1539]
> ([https://bugzilla.redhat.com/show_bug.cgi?id=782917 rhbz#782917])
> [RFE] Add code to check password expiration on ldap bind
>
to be removed


> * [https://pagure.io/freeipa/issue/2016 #2016]
> ([https://bugzilla.redhat.com/show_bug.cgi?id=747959 rhbz#747959])
> [RFE] Support random serial numbers in IPA certificates
>
to be removed


> * [https://pagure.io/freeipa/issue/8404 #8404] Detect and fail if not
> enough memory is available for installation
>
to be removed


> * [https://pagure.io/freeipa/issue/8951 #8951] Test for RFE
> ipa-healthcheck tool can include check to see if the system is FIPS
> enabled or not
> * [https://pagure.io/freeipa/issue/9062 #9062] [ipatests] SID
> generation and test_xmlrpc/test_user_plugin.py
> * [https://pagure.io/freeipa/issue/9083 #9083] Support MIT Kerberos
> KDB version 9
> * [https://pagure.io/freeipa/issue/9127 #9127]
> ([https://bugzilla.redhat.com/show_bug.cgi?id=2062379 rhbz#2062379])
> Use new getorigby{user|group}name() calls in extdom plugin
>
to be removed


> * [https://pagure.io/freeipa/issue/9150 #9150]
> ([https://bugzilla.redhat.com/show_bug.cgi?id=2063155 rhbz#2063155])
> Remove 'Remove' button from subid page
>
to be removed


> * [https://pagure.io/freeipa/issue/9158 #9158] Internal error when
> setting dnsconfig or dnsforwardzone forwarders.
> * [https://pagure.io/freeipa/issue/9159 #9159]
> ([https://bugzilla.redhat.com/show_bug.cgi?id=2068088 rhbz#2068088])
> [RFE] ipa-client-install should provide option to enable subid: sss in
> /etc/nsswitch.conf
>
to be removed


> * [https://pagure.io/freeipa/issue/9160 #9160]
> cryptography.utils.register_interface is scheduled for removal
> * [https://pagure.io/freeipa/issue/9161 #9161] Nightly test failure in
> test_selinuxusermap.py::test_selinuxusermap::test_misc
> * [https://pagure.io/freeipa/issue/9179 #9179]
> test_caless_TestServerCALessToExternalCA_RSN fails in teardown
> * [https://pagure.io/freeipa/issue/9188 #9188]
> ([https://bugzilla.redhat.com/show_bug.cgi?id=2098187 rhbz#2098187])
> Add warning for empty targetattr when creating ACI with RBAC
> * [https://pagure.io/freeipa/issue/9192 #9192]
> ([https://bugzilla.redhat.com/show_bug.cgi?id=2094672 rhbz#2094672])
> IdM WebUI Pagination Size should not allow empty value
> * [https://pagure.io/freeipa/issue/9198 #9198] [Tracker] nightly
> failure: after ipa trust-add, cred cache contains
> cifs/master.ipa.t...@ipa.test instead of admin principal
> * [https://pagure.io/freeipa/issue/9204 #9204] [Tracker] In
> ipa-server-upgrade ca_upgrade_schema() results in unnecessary pki
> restarts
> * [https://pagure.io/freeipa/issue/9206 #9206]
> ([https://bugzilla.redhat.com/show_bug.cgi?id=2109236 rhbz#2109236])
> ldap bind occurs when admin user changes password with gracelimit=0
> * [https://pagure.io/freeipa/issue/9207 #9207] Failure in
> AzurePipeline.freeipa (GATING InstallDNSSECFirst_1_to_5)
> * [https://pagure.io/freeipa/issue/9208 #9208] ap: Doc build fails
> against Sphinx 5.1.0
> * [https://pagure.io/freeipa/issue/9211 #9211]
> ([https://bugzilla.redhat.com/show_bug.cgi?id=2109243 rhbz#2109243])
> RFE: Allow grace login limit to be set in IPA WebUI.
> * [https://pagure.io/freeipa/issue/9212 #9212]
> ([https://bugzilla.redhat.com/show_bug.cgi?id=2115475 rhbz#2115475])
> Nightly test failure in
> test_user.py::test_user::test_password_expiration_notification
> * [https://pagure.io/freeipa/issue/9214 #9214] Nightly failure in
> webui test test_subid.py::test_subid::test_subid_range_deletion_not_allowed
> * [https://pagure.io/freeipa/issue/9216 #9216] [Tracker] Nightly
> failure: zone not signed
>
to be removed


> * [https://pagure.io/freeipa/issue/9218 #9218]
> ([https://bugzilla.redhat.com/show_bug.cgi?id=2116966 rhbz#2116966])
> Random failure in test-winsyncmigrate
> * [https://pagure.io/freeipa/issue/9225 #9225] pytest library module
> rename from quarkus to keycloak
> * [https://pagure.io/freeipa/issue/9226 #9226]
> ([https://bugzilla.redhat.com/show_bug.cgi?id=2124547 rhbz#2124547])
> Infinite redirect loop in the WebUI for user root
> * [https://pagure.io/freeipa/issue/9227 #9227] Need test for Keycloak
> Bridge authentication
> * [https://pagure.io/freeipa/issue/9228 #9228] ipa-client-install does
> not maintain server affinity during installation
> * [https://pagure.io/freeipa/issue/9230 #9230] build failure against gcc
> < 11
> * [https://pagure.io/freeipa/issue/9231 #9231] /run/ipa/ccaches uses
> all available tmpfs space
> * [https://pagure.io/freeipa/issue/9234 #9234] [Tracker] Nightly
> failure (f37+) calling sssctl domain-status
>
to be removed

flo


> * [https://pagure.io/freeipa/issue/9237 #9237] Show order in sudo rule
> list in web interface
> * [https://pagure.io/freeipa/issue/9238 #9238] Nightly test failure
> (rawhide) in
> test_ipahealthcheck.py::TestIpaHealthCheck::test_ds_configcheck_passwordstorage
> * [https://pagure.io/freeipa/issue/9243 #9243]
> ([https://bugzilla.redhat.com/show_bug.cgi?id=2127833 rhbz#2127833])
> Password Policy Grace login limit allows invalid maximum value
> * [https://pagure.io/freeipa/issue/9244 #9244] Nightly test failure in
> test_commands.py::TestIPACommand::test_ipa_cacert_manage_prune
> * [https://pagure.io/freeipa/issue/9245 #9245]
> ([https://bugzilla.redhat.com/show_bug.cgi?id=2117167 rhbz#2117167])
> `extdom` plugin can return object from a wrong domain.
> * [https://pagure.io/freeipa/issue/9246 #9246] Nightly test failure in
> test_user_permissions.TestInstallClientNoAdmin
> * [https://pagure.io/freeipa/issue/9248 #9248]
> ([https://bugzilla.redhat.com/show_bug.cgi?id=2124369 rhbz#2124369])
> OTP token sync always returns OK even with random numbers
> * [https://pagure.io/freeipa/issue/9249 #9249]
> ([https://bugzilla.redhat.com/show_bug.cgi?id=2108630 rhbz#2108630])
> Deprecated feature idnssoaserial in IdM appears when creating reverse
> dns zones
> * [https://pagure.io/freeipa/issue/9250 #9250] Add basic test for
> authenticating as Keycloak user on IPA client
> * [https://pagure.io/freeipa/issue/9252 #9252]
> ([https://bugzilla.redhat.com/show_bug.cgi?id=2129895 rhbz#2129895])
> [DDF] The Examples in the RHEL ipa(1) man page show "ipa help
> commands" with content for "ipa halp topics" and "ipa hel
> * [https://pagure.io/freeipa/issue/9254 #9254] Exclude installed
> policy module file from RPM verification
> * [https://pagure.io/freeipa/issue/9255 #9255] ipapython.dn_ctypes is
> not compatible with libldap 2.6
> * [https://pagure.io/freeipa/issue/9258 #9258]
> ([https://bugzilla.redhat.com/show_bug.cgi?id=2094673 rhbz#2094673])
> Do not add TLS CA configuration to ldap.conf anymore
> == Detailed changelog since 4.10.0 ==
> === Armando Neto (1) ===
> * webui: Do not allow empty pagination size
> [https://pagure.io/freeipa/c/02d3fb8266d8199fd1ed983de6c57b269546df82
> commit] [https://pagure.io/freeipa/issue/9192 #9192]
>
> === Alexander Bokovoy (10) ===
> * ipa-kdb: fix comment to make sure we talk about krb5 1.20 or later
> [https://pagure.io/freeipa/c/d3c7a4faae8fd58a8d08bf6191d47fefe276ddba
> commit]
> * ipa-kdb: fix PAC requester check
> [https://pagure.io/freeipa/c/88c1293f3a92451b6d5d5f7cb1a81d55a789b793
> commit] [https://pagure.io/freeipa/issue/9083 #9083]
> * ipa-kdb: handle empty S4U proxy in allowed_to_delegate
> [https://pagure.io/freeipa/c/1d4db340461298fed66607bde5fb0ca0f033c5aa
> commit] [https://pagure.io/freeipa/issue/9083 #9083]
> * ipa-kdb: handle cross-realm TGT entries when generating PAC
> [https://pagure.io/freeipa/c/a5ca25003da5906703e8bd12b0759d48bc52e6b2
> commit] [https://pagure.io/freeipa/issue/9083 #9083]
> * ipa-kdb: add krb5 1.20 support
> [https://pagure.io/freeipa/c/e9ae0e350dcee5c9bbcd5a6932b4eb0daa90fea7
> commit] [https://pagure.io/freeipa/issue/9083 #9083]
> * ipa-kdb: refactor MS-PAC processing to prepare for krb5 1.20
> [https://pagure.io/freeipa/c/f0c72dcb87f86b9b00d0c087a959e64ce10eea98
> commit] [https://pagure.io/freeipa/issue/9083 #9083]
> * ipaclient: do not set TLS CA options in ldap.conf anymore
> [https://pagure.io/freeipa/c/93b0e6a96a1aea45adc0d4c8bb26b226ce683573
> commit] [https://pagure.io/freeipa/issue/9258 #9258]
> * Remove empty translation for 'si' which breaks linter
> [https://pagure.io/freeipa/c/41ba166c77ca8011a35f80f2791a211c429a271e
> commit]
> * fix canonicalization issue in Web UI
> [https://pagure.io/freeipa/c/a0928fe164712303a7c24ee61500ac7326bd9e4a
> commit] [https://pagure.io/freeipa/issue/9226 #9226]
> * ipa-otpd: initialize local pointers and handle gcc 10
> [https://pagure.io/freeipa/c/9441d7ed1ac67dc74ca6177b474d10da97b06a2f
> commit] [https://pagure.io/freeipa/issue/9230 #9230]
>
> === Anuja More (1) ===
> * ipatests : Test query to AD specific attributes is successful.
> [https://pagure.io/freeipa/c/db7cd79858ec8fad7d094ca883d8b7d82c7c1ac1
> commit] [https://pagure.io/freeipa/issue/9127 #9127]
>
> === Andika Triwidada (1) ===
> * Translated using Weblate (Indonesian)
> [https://pagure.io/freeipa/c/3885bd6fd75e984f990dc0e0f760f61815139181
> commit]
>
> === Antonio Torres (1) ===
> * Back to git snapshots
> [https://pagure.io/freeipa/c/c9d9fb3a3a63f66d60541f21f2f3466b6d9a89b3
> commit]
>
> === Alexey Tikhonov (3) ===
> * extdom: avoid sss_nss_getorigby*() calls when get*_r_wrapper()
> returns object from a wrong domain (performance optimization)
> [https://pagure.io/freeipa/c/1360c8b09f0862fe961fbb015f55d6b3cbd9aee9
> commit]
> * extdom: make sure result doesn't miss domain part
> [https://pagure.io/freeipa/c/4685f9d881c09fa317cb68fba1b94c29e48a7a8b
> commit] [https://pagure.io/freeipa/issue/9245 #9245]
> * extdom: internal functions should be static
> [https://pagure.io/freeipa/c/113cb8d715cf7bed8bcc36845940acc20fed8e60
> commit]
>
> === Carla Martinez (7) ===
> * Update API and VERSION
> [https://pagure.io/freeipa/c/48b9cc3345f8596904bce14d580cd4b19bfbda15
> commit] [https://pagure.io/freeipa/issue/9249 #9249]
> * webui: Set 'SOA serial' field as read-only
> [https://pagure.io/freeipa/c/9b274bc5d01c58806f18e549b566d93e25b40214
> commit] [https://pagure.io/freeipa/issue/9249 #9249]
> * ipatest: Remove warning message for 'idnssoaserial'
> [https://pagure.io/freeipa/c/3d34673b8c04c9ec849f8276876fd8bbd4fe2234
> commit] [https://pagure.io/freeipa/issue/9249 #9249]
> * Set 'idnssoaserial' to deprecated
> [https://pagure.io/freeipa/c/242ed2e500510f33f4595fb1b29adb25b1517982
> commit] [https://pagure.io/freeipa/issue/9249 #9249]
> * webui: Show 'Sudo order' column
> [https://pagure.io/freeipa/c/54b81617674be79577b8c3abf0949725d9a428c7
> commit] [https://pagure.io/freeipa/issue/9237 #9237]
> * Set pkeys in test_selinuxusermap.py::test_misc::delete_record
> [https://pagure.io/freeipa/c/ea792e11eb85a5b05b2b78f0215c147a52d2d265
> commit] [https://pagure.io/freeipa/issue/9161 #9161]
> * webui: Allow grace login limit
> [https://pagure.io/freeipa/c/7a1e1d9f1cb13679c28f12d05b156a08bcc4d856
> commit] [https://pagure.io/freeipa/issue/9211 #9211]
>
> === Jan Kuparinen (14) ===
> * Translated using Weblate (Finnish)
> [https://pagure.io/freeipa/c/d4b9203376115508f596c6469c9c3be24d719ff2
> commit]
> * Translated using Weblate (Finnish)
> [https://pagure.io/freeipa/c/242a0dadcf86bb27efccdc1be1946c39f0ba2931
> commit]
> * Translated using Weblate (Finnish)
> [https://pagure.io/freeipa/c/98e80985bae7fa7104d8dd621c73c2b848630417
> commit]
> * Translated using Weblate (Finnish)
> [https://pagure.io/freeipa/c/2b0c9d91285282df5f545fc6c331b5b9a219048e
> commit]
> * Translated using Weblate (Finnish)
> [https://pagure.io/freeipa/c/dbe49df1b3d2fb254315ed26190792c8aaf89c38
> commit]
> * Translated using Weblate (Finnish)
> [https://pagure.io/freeipa/c/0caffa37c01a7a77301368413854473520e5e055
> commit]
> * Translated using Weblate (Finnish)
> [https://pagure.io/freeipa/c/63fceacb176162210cd5d64f73ecf10b1bf8d402
> commit]
> * Translated using Weblate (Finnish)
> [https://pagure.io/freeipa/c/606ce6d52aa4b29e1af787c7830d30d6846c932e
> commit]
> * Translated using Weblate (Finnish)
> [https://pagure.io/freeipa/c/10a51197f27d90fab78bdf6a4a0cae6779589299
> commit]
> * Translated using Weblate (Finnish)
> [https://pagure.io/freeipa/c/1c1187beedb23f91614f131fda15c6c6f6264556
> commit]
> * Translated using Weblate (Finnish)
> [https://pagure.io/freeipa/c/a1c0031c9044135ae00ac9f3e22beb22bd5fbb07
> commit]
> * Translated using Weblate (Finnish)
> [https://pagure.io/freeipa/c/bcc5819830e23867a5c1471f3a37576d705ce8d8
> commit]
> * Translated using Weblate (Finnish)
> [https://pagure.io/freeipa/c/3452c6fcf0730351b45ecbeb7d89ff318319f7c0
> commit]
> * Translated using Weblate (Finnish)
> [https://pagure.io/freeipa/c/a4202264936dca51b476178f5061692cd569373b
> commit]
>
> === David Pascual (2) ===
> * ipatest: fix prci checker target masked return code & add pylint
> [https://pagure.io/freeipa/c/51f1321b9c2263edd3f725abe3f90e56678adf94
> commit]
> * ipatests: Checker script for prci definitions
> [https://pagure.io/freeipa/c/3d827979d2688607bd5376501ef71c2b63124603
> commit]
>
> === Erik (1) ===
> * ipatests: healthcheck: test if system is FIPS enabled
> [https://pagure.io/freeipa/c/c55185d3dc3c6cd2ffebab77fbf8caa40a32bcd1
> commit] [https://pagure.io/freeipa/issue/8951 #8951]
>
> === Endi Sukma Dewata (1) ===
> * Remove pki_restart_configured_instance
> [https://pagure.io/freeipa/c/79f765586e8f18e37f3dbe036b12715bef49e442
> commit]
>
> === Florence Blanc-Renaud (15) ===
> * Spec file: bump the selinux-policy version
> [https://pagure.io/freeipa/c/4e201ec97e5c54ad8d5fa02285e628d1a36d9ea7
> commit] [https://pagure.io/freeipa/issue/9198 #9198]
> * webui tests: fix test_subid suite
> [https://pagure.io/freeipa/c/9936379c9f0d6c888785ccca8766ed7074054270
> commit] [https://pagure.io/freeipa/issue/9214 #9214]
> * ipatests: mark xfail tests using dnssec
> [https://pagure.io/freeipa/c/3d093c66f21c57afeb8cfc242390d0d032509ab3
> commit] [https://pagure.io/freeipa/issue/9216 #9216]
> * ipatests: mark xfail tests using sssctl domain-status
> [https://pagure.io/freeipa/c/40b9c6fc4746cfa32d8bf7c2038745cc037c673b
> commit] [https://pagure.io/freeipa/issue/9234 #9234]
> * Tests: test on f37 and f36
> [https://pagure.io/freeipa/c/a6485d6325585d0f80b659c473b3675728556ce1
> commit]
> * ipa man page: format the EXAMPLES section
> [https://pagure.io/freeipa/c/1546c0b206e02902b4aba631ee83f2f7ba5acb1f
> commit] [https://pagure.io/freeipa/issue/9252 #9252]
> * ipatests: add negative test for otptoken-sync
> [https://pagure.io/freeipa/c/d9f33b7cd7e336be90d889e2db4c4bce18753918
> commit] [https://pagure.io/freeipa/issue/9248 #9248]
> * ipa otptoken-sync: return error when sync fails
> [https://pagure.io/freeipa/c/221768f882784755c6449ff70f291fab780cce16
> commit] [https://pagure.io/freeipa/issue/9248 #9248]
> * ipa-cacert-manage prune: remove all expired certs
> [https://pagure.io/freeipa/c/c5bcaab8f1e09ab7a0464f5a532f154d43ffcadb
> commit] [https://pagure.io/freeipa/issue/9244 #9244]
> * gitignore: add install/oddjob/org.freeipa.server.config-enable-sid
> [https://pagure.io/freeipa/c/458dcebd2542de70c987ca89fe49f15d3f40ee82
> commit]
> * ipatests: Fix expected object classes
> [https://pagure.io/freeipa/c/b6520bef2ef05dd87636d8b57e3247d451af81d8
> commit] [https://pagure.io/freeipa/issue/9062 #9062]
> * check_repl_update: in progress is a boolean
> [https://pagure.io/freeipa/c/2003eb6b3d4a27a5de5eaa79418f115dd99886cd
> commit] [https://pagure.io/freeipa/issue/9218 #9218]
> * azure tests: disable TestInstallDNSSECFirst
> [https://pagure.io/freeipa/c/eb9f606ffd1ad3ccd846173c152c52a171be8f86
> commit] [https://pagure.io/freeipa/issue/9216 #9216]
> * Nightly tests: fix template for nightly_ipa-4-10_latest.yaml
> [https://pagure.io/freeipa/c/4499c7379b5531501bb1a5ea58ab575bf3b08907
> commit]
> * ipatests: add nightly definitions for ipa-4-10 branch
> [https://pagure.io/freeipa/c/6c6a43c9090b5f61726512182a36958cbdafc9a4
> commit]
>
> === Fraser Tweedale (2) ===
> * install: suggest --skip-mem-check when mem check fails
> [https://pagure.io/freeipa/c/cebfb8792006af1a41c4c26c49372f0ea822dbaf
> commit] [https://pagure.io/freeipa/issue/8404 #8404]
> * man: add --skip-mem-check to man pages
> [https://pagure.io/freeipa/c/e7bee5b668fee083d8ada167f307857761c25d80
> commit] [https://pagure.io/freeipa/issue/8404 #8404]
>
> === Jesse Sandberg (1) ===
> * Fix ipa-ccache-sweeper activation timer and clean up service file
> [https://pagure.io/freeipa/c/f6a661bdaf0560eac99ca63ffb25ec739281a19a
> commit] [https://pagure.io/freeipa/issue/9231 #9231]
>
> === Nikola Knazekova (1) ===
> * Exclude installed policy module file from RPM verification
> [https://pagure.io/freeipa/c/ad7bdd46fb64c3fbb8104a9599459795fc193389
> commit] [https://pagure.io/freeipa/issue/9254 #9254]
>
> === Weblate (5) ===
> * Update translation files
> [https://pagure.io/freeipa/c/357dd550ce3568e37edebd4bb3394a706eb81182
> commit]
> * Update translation files
> [https://pagure.io/freeipa/c/c8c4e93fd64329df76b4754f74d70cfceed6c452
> commit]
> * Update translation files
> [https://pagure.io/freeipa/c/921fdd2ca879b8d6c1e601a17eb3eb9b197f9797
> commit]
> * Update translation files
> [https://pagure.io/freeipa/c/3500d05f8904d7bab84d950c81563d9bfb6d1474
> commit]
> * Update translation files
> [https://pagure.io/freeipa/c/d0b336025fd0408e1f81811330cac6682ba0bed6
> commit]
>
> === Piotr Drąg (2) ===
> * Translated using Weblate (Polish)
> [https://pagure.io/freeipa/c/31f7860d089a628a4ccfaf8db507ecadfaa75805
> commit]
> * Translated using Weblate (Polish)
> [https://pagure.io/freeipa/c/f9419bdad41a87aa4454fcb1d725988b27c634a1
> commit]
>
> === Rob Crittenden (10) ===
> * Move client certificate request after krb5.conf is created
> [https://pagure.io/freeipa/c/f3c861b9fcbf7815161b46e5eab582813c1021dc
> commit] [https://pagure.io/freeipa/issue/9246 #9246]
> * Defer creating the final krb5.conf on clients
> [https://pagure.io/freeipa/c/3cbf2b25422100cc4105dfb09ee8c7bf87232198
> commit] [https://pagure.io/freeipa/issue/9228 #9228]
> * Fix upper bound of password policy grace limit
> [https://pagure.io/freeipa/c/3c4386ce057a0fd50c7494db43c71405c9674b8f
> commit] [https://pagure.io/freeipa/issue/9243 #9243]
> * Set default on group pwpolicy with no grace limit in upgrade
> [https://pagure.io/freeipa/c/de6f074538f6641fd9d84bed204a3d4d50eccbe5
> commit] [https://pagure.io/freeipa/issue/9212 #9212]
> * Set default gracelimit on group password policies to -1
> [https://pagure.io/freeipa/c/45e6d49b94da78cd82eb016b3266a17a1359a087
> commit] [https://pagure.io/freeipa/issue/9212 #9212]
> * doc: Update LDAP grace period design with default values
> [https://pagure.io/freeipa/c/1aa39529cda4ab9620539dbad705cedd23c21b42
> commit] [https://pagure.io/freeipa/issue/9212 #9212]
> * upgrades: Don't restart the CA on ACME and profile schema change
> [https://pagure.io/freeipa/c/459b81b196b7bf36100aa2f4e5c4d36b1e4526f6
> commit] [https://pagure.io/freeipa/issue/9204 #9204]
> * Disabling gracelimit does not prevent LDAP binds
> [https://pagure.io/freeipa/c/1bb4ff9ed2313fb3c2bd1418258c5bcec557b6a5
> commit] [https://pagure.io/freeipa/issue/9206 #9206]
> * Warn for permissions with read/write/search/compare and no attrs
> [https://pagure.io/freeipa/c/499f71729b8689d40608d9c99db703eb2c00a934
> commit] [https://pagure.io/freeipa/issue/9188 #9188]
> * Only calculate LDAP password grace when the password is expired
> [https://pagure.io/freeipa/c/33cd62e0daa68fa6a9b3ca495d97ac5ce8713349
> commit] [https://pagure.io/freeipa/issue/1539 #1539]
>
> === Ricky Tigg (3) ===
> * Translated using Weblate (Finnish)
> [https://pagure.io/freeipa/c/67c54ce7a9b7c11a56475e1d8de586b18abce228
> commit]
> * Translated using Weblate (Finnish)
> [https://pagure.io/freeipa/c/86f828a7e52ee09ae6e666dce11183c0dd091540
> commit]
> * Translated using Weblate (Finnish)
> [https://pagure.io/freeipa/c/4b10b6dab45c87472bb1fe0baeeee987ae1b23ba
> commit]
>
> === Sumit Bose (1) ===
> * ipa-kdb: do not fail if certmap rule cannot be added
> [https://pagure.io/freeipa/c/ae445f72a009d14135e11ff932eded2dc2dc9c86
> commit]
>
> === 김인수 (4) ===
> * Translated using Weblate (Korean)
> [https://pagure.io/freeipa/c/d5ea8d6c9f7208a2ae8b5379c88ae36e7c4f62e6
> commit]
> * Translated using Weblate (Korean)
> [https://pagure.io/freeipa/c/4ea9b5ef0f3ee1361a59622e4d6c3274cf2e7ad4
> commit]
> * Translated using Weblate (Korean)
> [https://pagure.io/freeipa/c/9d1541f17d44cbb38bc9a477c5e88eaee71ce6d8
> commit]
> * Added translation using Weblate (Korean)
> [https://pagure.io/freeipa/c/f420c19bb62fb3c735563cb462fd6be7b8018691
> commit]
>
> === Stanislav Levin (6) ===
> * ipapython: Support openldap 2.6
> [https://pagure.io/freeipa/c/51c31e0ad3387c07aad1035f00871bdcc201812a
> commit] [https://pagure.io/freeipa/issue/9255 #9255]
> * x509: Replace removed register_interface with subclassing
> [https://pagure.io/freeipa/c/a7beaa0b4de6b6b00ee1b5b770f0d2e72fad58df
> commit] [https://pagure.io/freeipa/issue/9160 #9160]
> * ap: Constrain supported docutils
> [https://pagure.io/freeipa/c/e5f7356e7e83b605a821ece9f242ac924925f27e
> commit] [https://pagure.io/freeipa/issue/9208 #9208]
> * ap: Rearrange overloaded jobs
> [https://pagure.io/freeipa/c/8ff0c1a5ee33946202031a8bc83e855216cd0c95
> commit] [https://pagure.io/freeipa/issue/9207 #9207]
> * ap: Disable azure's security daemon
> [https://pagure.io/freeipa/c/acd1d127938aa9feefbbc7ee325963a2e44ef3c3
> commit] [https://pagure.io/freeipa/issue/9207 #9207]
> * ap: Raise dbus timeout
> [https://pagure.io/freeipa/c/260d6378ec59d244e5f247f4af81f7ae8c72ac87
> commit] [https://pagure.io/freeipa/issue/9207 #9207]
>
> === Scott Poore (4) ===
> * ipatests: add keycloak user login to ipa test
> [https://pagure.io/freeipa/c/e197c743f3ea1a98d444c0eb01339cc22eab64d5
> commit] [https://pagure.io/freeipa/issue/9250 #9250]
> * ipatests: add prci definitions for test_sso jobs
> [https://pagure.io/freeipa/c/db1d05176d8072b05fea179af2ac97caaeb65dd1
> commit]
> * ipatests: add Keycloak Bridge test
> [https://pagure.io/freeipa/c/ac776987d30ecd3444a9b25f49a714fddc3c4232
> commit] [https://pagure.io/freeipa/issue/9227 #9227]
> * ipatests: Rename create_quarkus to create_keycloak
> [https://pagure.io/freeipa/c/a0a104a42c2ccd89394e48c2375bb0eb95183c5b
> commit] [https://pagure.io/freeipa/issue/9225 #9225]
>
> === Sumedh Sidhaye (3) ===
> * With the commit #99a74d7, 389-ds changed the message returned in
> ipa-healthcheck.
> [https://pagure.io/freeipa/c/5477a07d91ef2c506cc943699612e5e27d0c93e4
> commit] [https://pagure.io/freeipa/issue/9238 #9238]
> * Additional tests for RSN v3
> [https://pagure.io/freeipa/c/bfe074ed478c20a9537dc2a714bba50dbc2cd34f
> commit] [https://pagure.io/freeipa/issue/2016 #2016]
> * Added a check while removing 'cert_dir'. The teardown method is
> called even if all the tests are skipped since the required PKI
> version is not present. The teardown is trying to remove a
> non-existent directory.
> [https://pagure.io/freeipa/c/aca97507cd119ad55e0c3c18ca65087cb5576c82
> commit] [https://pagure.io/freeipa/issue/9179 #9179]
>
> === Sudhir Menon (2) ===
> * ipatests: ipa-client-install --subid adds entry in nsswitch.conf
> [https://pagure.io/freeipa/c/a39af6b7228d8ba85b9e97aa5decbc056d081c77
> commit] [https://pagure.io/freeipa/issue/9159 #9159]
> * ipatests: WebUI: do not allow subid range deletion
> [https://pagure.io/freeipa/c/38e5bcf719a0e7c7550837ffb14300db8efe09e4
> commit] [https://pagure.io/freeipa/issue/9150 #9150]
>
> === Temuri Doghonadze (4) ===
> * Translated using Weblate (Georgian)
> [https://pagure.io/freeipa/c/3379aa0aa85ca40fbce94f9d2307c6b501054c5a
> commit]
> * Translated using Weblate (Georgian)
> [https://pagure.io/freeipa/c/054bd14bcfe999e7722c812e7509c31e6f012bb3
> commit]
> * Translated using Weblate (Georgian)
> [https://pagure.io/freeipa/c/a1e66f5c050d8c9226f23af9b7d0c68bfd32a4d9
> commit]
> * Added translation using Weblate (Georgian)
> [https://pagure.io/freeipa/c/a30db2030c730d835e28ceb8cdc3c64d18edb4f9
> commit]
>
> === Thomas Woerner (1) ===
> * DNSResolver: Fix use of nameservers with ports
> [https://pagure.io/freeipa/c/6c5530c509793f66a162ed4153d5425a0eda02d6
> commit] [https://pagure.io/freeipa/issue/9158 #9158]
>
> === Viacheslav Sychov (1) ===
> * fix: Handle /proc/1/sched missing error
> [https://pagure.io/freeipa/c/7aa845730999951c8f340f43ed5872c54458c6a3
> commit]
>
> === Yuri Chornoivan (6) ===
> * Translated using Weblate (Ukrainian)
> [https://pagure.io/freeipa/c/6846b953361bc96b322734e23e566c93a1879046
> commit]
> * Translated using Weblate (Ukrainian)
> [https://pagure.io/freeipa/c/867a38a4636915df62a28b61855780b02ff55d56
> commit]
> * Translated using Weblate (Ukrainian)
> [https://pagure.io/freeipa/c/6de25a0f201f0591bc551503b95f8d22c79fe7aa
> commit]
> * Translated using Weblate (Ukrainian)
> [https://pagure.io/freeipa/c/63d332ff9ebbdd59fac65748025f8eea4270704d
> commit]
> * Translated using Weblate (Ukrainian)
> [https://pagure.io/freeipa/c/d6d7c5d28bcf7ed341f0a5d4e1b0f167a195a4c2
> commit]
> * Translated using Weblate (Ukrainian)
> [https://pagure.io/freeipa/c/a21bf7fe8213c6b041ab500ab533e2a5888d1c3e
> commit]
> _______________________________________________
> FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
> To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
> Fedora Code of Conduct:
> https://docs.fedoraproject.org/en-US/project/code-of-conduct/
> List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
> List Archives:
> https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
> Do not reply to spam, report it:
> https://pagure.io/fedora-infrastructure/new_issue
>

_______________________________________________
FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org
To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
Fedora Code of Conduct: 
https://docs.fedoraproject.org/en-US/project/code-of-conduct/
List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines
List Archives: 
https://lists.fedorahosted.org/archives/list/freeipa-devel@lists.fedorahosted.org
Do not reply to spam, report it: 
https://pagure.io/fedora-infrastructure/new_issue

[Freeipa-devel] Re: [DRAFT] FreeIPA 4.10.1 Release Notes

Reply via email to