Dear Heimdal Community,

        A team consisting of staff from Two Sigma Open Source and AuriStor
        is starting the release process for Heimdal version 7.  We have
        changed the version of the master branch to 6.99.1 which will be
        considered our beta.  During the beta period, we will be fixing
        remaining issues.  In addition, we are asking for the community
        to submit any final patches or bug reports before the 1st of

        We expect to publish the first release candidate on or near the
        11th of November.

Why 7?

        We are adopting a new versioning scheme.

                o  Each feature release will have a new major number.

                o  The minor will be a patch level.  A value of 0 is
                   reserved for release candidates.  A value of 99 is
                   reserved for development.

                o  Stable releases will not have a micro number.

                o  Micro numbers will be incremented in release candidates
                   and development as needed.

        For example, the first release candidate will be 7.0.1.  The next
        7.0.2, then 7.0.3, etc.  When the final release candidate is
        deemed production quality, it will be renumbered as 7.1.
        All bug fixes will then be 7.2, 7.3, etc.

        New development for Heimdal 8 will be 7.99.1, 7.99.2, 7.99.3, etc.

        When the next feature release is issued its version number will
        start with 8.0.1 as the first release candidate and the first
        release will be 8.1.

What will be in 7?

        We have a lot of major improvements since our last official
        release, including:

                o  hcrypto is now thread safe on all platforms and
                   as much as possible hcrypto now uses the operating
                   system's preferred crypto implementation ensuring
                   that optimized hardware assisted implementations of
                   AES-NI are used.

                o  RFC 6113 Generalized Framework for Kerberos
                   Pre-Authentication (FAST).

                o  iprop has been revamped to fix a number of race
                   conditions that could lead to inconsistent replication.

                o  The KDC process now uses a multi-process model improving
                   resiliency and performance.

                o  AES Encryption with HMAC-SHA2 for Kerberos 5

        For a more detailed list of changes please see:


        which contains a bullet point summary of the major security,
        feature and bug fix changes that have been applied to the Heimdal
        source tree over the last four years since the release of 1.5.3.

        The list is currently not complete and we will be reviewing the
        git log to add features and bug fixes to the list before we make
        the final release.

        We expect that the ABI for libgssapi and libkrb5 will be unchanged
        from the prior release (1.5.3).  If any differences are discovered
        during the release process, we will then fix them if practical
        or document the differences in the release notes.

        And, again, we aren't quite finished.  Organizations and
        individuals wishing to submit changes to Heimdal for this
        release are encouraged to do so no later than 1 November 2016.

The release process:

        Each release candidate will be given two weeks for testing
        and usability feedback.  If a serious bug is uncovered during
        the review period then a new release candidate will be issued
        once the bug has been fixed.  If after two weeks from candidate
        release no new showstopping bugs are uncovered, then the release
        candidate will be declared final.

    Roland C. Dowdeswell

Reply via email to