The FreeIPA team would like to announce FreeIPA v4.0.5 security release!
It can be downloaded from http://www.freeipa.org/page/Downloads. Builds
for Fedora 21 are available in the official
[https://copr.fedoraproject.org/coprs/mkosek/freeipa-4.0/ COPR repository].
== Highlights in 4.0.5 ==
=== Bug fixes ===
* CVE-2014-7828: ensure that a password is provided in 2 factor
* fixed upgrade issue from FreeIPA 3.3.5
* prevent possible deadlocks with schema compatibility plugin
== Upgrading ==
An IPA server can be upgraded simply by installing updated rpms. The
server does not need to be shut down in advance.
Please note that if you are doing the upgrade in special environment
(e.g. FedUp) which does not allow running the LDAP server during upgrade
process, upgrade scripts need to be run manually after the first boot:
# ipa-ldap-updater --upgrade
Also note that the performance improvements require an extended set of
indexes to be configured. RPM update for an IPA server with a excessive
number of users may require several minutes to finish.
If you have multiple servers you may upgrade them one at a time. It is
expected that all servers will be upgraded in a relatively short period
(days or weeks, not months). They should be able to co-exist peacefully
but new features will not be available on old servers and enrolling a
new client against an old server will result in the SSH keys not being
Downgrading a server once upgraded is not supported.
Upgrading from 3.3.0 and later versions is supported. Upgrading from
previous versions is not supported and has not been tested.
An enrolled client does not need the new packages installed unless you
want to re-enroll it. SSH keys for already installed clients are not
uploaded, you will have to re-enroll the client or manually upload the keys.
== Feedback ==
Please provide comments, bugs and other feedback via the freeipa-users
mailing list (http://www.redhat.com/mailman/listinfo/freeipa-users) or
#freeipa channel on Freenode.
== Detailed Changelog since 4.0.4 ==
=== Martin Basti (1) ===
* Fix upgrade: do not use invalid ldap connection
=== Nathaniel McCallum (1) ===
* Ensure that a password exists after OTP validation
=== Petr Vobornik (1) ===
* Become IPA 4.0.5
=== Thierry bordaz (tbordaz) (1) ===
* Deadlock in schema compat plugin (between automember_update_membership
task and dse update)
Freeipa-interest mailing list