Release date: 2017-03-23

The FreeIPA team would like to announce FreeIPA 4.4.4 release!

It can be downloaded from http://www.freeipa.org/page/Downloads. Builds for
Fedora 24 will be available in the official COPR repository <https://copr.fedorainfracloud.org/coprs/g/freeipa/freeipa-4-4/>.

This announcement is also available at<http://www.freeipa.org/page/Releases/4.4.4>.


== Highlights in 4.4.4 ==
=== Enhancements ===
=== Known Issues ===
=== Bug fixes ===
FreeIPA 4.4.4 is a stabilization release for the features delivered as a
part of 4.4.0.

== Upgrading ==
Upgrade instructions are available on [[Upgrade]] page.

== Feedback ==
Please provide comments, bugs and other feedback via the freeipa-users mailing
list (http://www.redhat.com/mailman/listinfo/freeipa-users) or #freeipa
channel on Freenode.

== Resolved tickets ==
* 6776 krb5 1.15 broke DAL principal free
* 6738 Ipa-kra-install fails with weird output when backspace is used during typing Directory Manager password * 6713 ipa: Insufficient permission check for ca-del, ca-disable and ca-enable commands (CVE-2017-2590)
* 6647 batch param compatibility is incorrect
* 6608 IPA server installation should check if IPv6 stack is enabled
* 6600 Legacy client tests doesn't have tree domain role.
* 6588 replication race condition prevents IPA to install
* 6575 ipa-replica-install fails on requesting DS cert when master is not configured with IPv6 * 6070 ipa-replica-install fails to install when resolv.conf incomplete entries
== Detailed changelog since 4.4.3 ==
=== Alexander Bokovoy (1) ===
* ipa-kdb: support KDB DAL version 6.1

=== David Kupka (1) ===
* ipapython.ipautil.nolog_replace: Do not replace empty value

=== Florence Blanc-Renaud (1) ===
* Do not configure PKI ajp redirection to use "::1"

=== Fraser Tweedale (2) ===
* ca: correctly authorise ca-del, ca-enable and ca-disable
* Set up DS TLS on replica in CA-less topology

=== Ganna Kaihorodova (1) ===
* Tests: Add tree root domain role in legacy client tests

=== Jan Cholasta (1) ===
* compat: fix `Any` params in `batch` and `dnsrecord`

=== Martin Basti (7) ===
* Become IPA 4.4.4
* Update Contributors.txt
* FreeIPA 4.4.4 translations
* Bump python-dns to improve processing of non-complete resolv.conf
* Use proper logging for error messages
* Wait until HTTPS principal entry is replicated to replica
* wait_for_entry: use only DN as parameter

=== Stanislav Laznicka (2) ===
* Add debug log in case cookie retrieval went wrong
* Fix cookie with Max-Age processing

=== Tomas Krizek (1) ===
* server install: require IPv6 stack to be enabled

=== Thorsten Scherf (1) ===
* added ssl verification using IPA trust anchor

_______________________________________________
Freeipa-interest mailing list
Freeipa-interest@redhat.com
https://www.redhat.com/mailman/listinfo/freeipa-interest

Reply via email to