[Freeipa-devel] [Freeipa-users] Announcing FreeIPA v3.0.2 Release

Rob Crittenden rcritten at redhat.com
Wed Dec 12 14:50:48 UTC 2012 

Bret Wortman wrote:
> Is this (like 3.1.0) also intended for f18? The sss_idmap package
> doesn't seem to be available for f17.

No, F-18 will have 3.1.

3.0 GA won't be backported to F-17. We did a couple of pre-releases of 
3.0 in F-17 because F-18 wasn't easily usable for quite a long time (in 
our humble opinion).

rob

> On Tue, Dec 11, 2012 at 4:44 PM, Rob Crittenden <rcritten at redhat.com
> <mailto:rcritten at redhat.com>> wrote:
>
>     The FreeIPA team is proud to announce version FreeIPA v3.0.2.
>
>     It can be downloaded from http://www.freeipa.org/page/__Downloads
>     <http://www.freeipa.org/page/Downloads>.
>
>     == Highlights in 3.0.2 ==
>
>     * WebUI: Change of default value of type of new group back to POSIX.
>     * Lookup the user SID in external group as well.
>     * Include sssd-managed domain/realm mapping file managed in krb5.conf.
>     * Fix potential security error in cookie handling in ipa client
>     tool, CVE-2012-5631.
>
>     == Upgrading ==
>
>     An IPA server can be upgraded simply by installing updated rpms. The
>     server does not need to be shut down in advance.
>
>     Please note, that the referential integrity extension requires an
>     extended set of indexes to be configured. RPM update for an IPA
>     server with a excessive number of hosts, SUDO or HBAC entries may
>     require several minutes to finish.
>
>     If you have multiple servers you may upgrade them one at a time. It
>     is expected that all servers will be upgraded in a relatively short
>     period (days or weeks not months). They should be able to co-exist
>     peacefully but new features will not be available on old servers and
>     enrolling a new client against an old server will result in the SSH
>     keys not being uploaded.
>
>     Downgrading a server once upgraded is not supported.
>
>     Upgrading from 2.2.0 is supported. Upgrading from previous versions
>     is not supported and has not been tested.
>
>     An enrolled client does not need the new packages installed unless
>     you want to re-enroll it. SSH keys for already installed clients are
>     not uploaded, you will have to re-enroll the client or manually
>     upload the keys.
>
>     == Feedback ==
>
>     Please provide comments, bugs and other feedback via the
>     freeipa-devel mailing list:
>     http://www.redhat.com/mailman/__listinfo/freeipa-devel
>     <http://www.redhat.com/mailman/listinfo/freeipa-devel>
>
>     == Detailed Changelog since 3.0.1 ==
>
>     Alexander Bokovoy (3):
>     * ipasam: better Kerberos error handling in ipasam
>     * trusts: replace use of python-crypto by m2crypto
>     * Propagate kinit errors with trust account
>
>     Jakub Hrozek (4):
>     * Make enabling the autofs service more robust
>     * ipachangeconf: allow specifying non-default delimeter for options
>     * Specify includedir in krb5.conf on new installs
>     * Add the includedir to krb5.conf on upgrades
>
>     John Dennis (1):
>     * Compliant client side session cookie behavior
>
>     Lubomir Rintel (1):
>     * Drop unused readline import
>
>     Martin Kosek (5):
>     * Prepare spec file for Fedora 18
>     * Filter suffix in replication management tools
>     * Change network configuration file
>     * Improve ipa-replica-prepare error message
>     * Fix sshd feature check
>
>     Petr Viktorin (2):
>     * Provide explicit user name for Dogtag installation scripts
>     * Add Lubomir Rintel to Contributors.txt
>
>     Petr Vobornik (4):
>     * WebUI: Change of default value of type of new group back to POSIX
>     * Editable sshkey, mac address field after upgrade
>     * Better licensing information of 3rd party code
>     * Better error message for login of users from other realms
>
>     Rob Crittenden (5):
>     * Honor the kdb options disabling KDC writes in ipa_lockout plugin
>     * Only update the list of running services in the installer or ipactl.
>     * Set min for selinux-policy to 3.11.1-60
>     * Reorder XML-RPC initialization in ipa-join to avoid segfault.
>     * Become IPA 3.0.2
>
>     Simo Sorce (1):
>     * MS-PAC: Special case NFS services
>
>     Sumit Bose (3):
>     * Lookup the user SID in external group as well
>     * Restart sssd after authconfig update
>     * Do not recommend how to configure DNS in error message
>
>     Tomas Babej (1):
>     * Add detection for users from trusted/invalid realms
>
>     _________________________________________________
>     Freeipa-users mailing list
>     Freeipa-users at redhat.com <mailto:Freeipa-users at redhat.com>
>     https://www.redhat.com/__mailman/listinfo/freeipa-users
>     <https://www.redhat.com/mailman/listinfo/freeipa-users>
>
>
>
>
> --
> Bret Wortman
> The Damascus Group
> Fairfax, VA
> http://bretwortman.com/
> http://twitter.com/BretWortman
>

More information about the Freeipa-devel mailing list