Hi Antonio,
Same comment as for the 4.9.11 RN, many issues are picked by the automation
probably because they are mentioned with Related instead of Fixes in the
commit msg. Please find my comments below.
On Thu, Nov 3, 2022 at 12:04 PM Antonio Torres via FreeIPA-devel <
freeipa-devel(a)lists.fedorahosted.org> wrote:
{{ReleaseDate|2022-11-03}}
The FreeIPA team would like to announce FreeIPA 4.10.1 release!
It can be downloaded from
http://www.freeipa.org/page/Downloads. Builds
for
Fedora distributions will be available from the official repository soon.
== Highlights in 4.10.1 ==
'''TODO RELEASE NOTES - put release notes (if any) to proper
categories'''
* 1539: [RFE] Add code to check password expiration on ldap bind
:: User can no longer do LDAP BIND operation with expired password.
--------
* 8404: Detect and fail if not enough memory is available for installation
:: FreeIPA server now requires at least 1.2 GiB RAM for installation
to prevent performance degradation.
--------
* 9150: Remove 'Remove' button from subid page
:: subid ranges cannot be removed. A button in Web UI subid management
page to remove the range was removed to not confuse users
--------
* 9159: [RFE] ipa-client-install should provide option to enable
subid: sss in /etc/nsswitch.conf
:: IPA installers now provide the ability to configure SSSD as
datasource for subid
--------
* 9228: ipa-client-install does not maintain server affinity during
installation
:: ipa-client-install will use a single server for the duration of the
installation process, either one discovered or provided on the
command-line. Previously it would use a temporary configuration to do
enrollment, then switch to a final one for the remaining operations.
This could lead to the installer talking with multiple servers. If the
client installer is faster than replication this could lead to errors.
--------
* 9237: Show order in sudo rule list in web interface
:: In the 'sudo rules' page, the WebUI is now displaying a 'sudo
order' column so that the users can easily see which rules override
other rules based on their order.
--------
* 9258: Do not add TLS CA configuration to ldap.conf anymore
:: FreeIPA client installer does not add explicit TLS CA configuration
to OpenLDAP's ldap.conf anymore. Since OpenLDAP 2.4.45, explicit CA
configuration is not required as OpenLDAP uses the default CA store
provided by OpenSSL and IPA CA is installed in the default store by
the installer already.
--------
'''END TODO'''
=== Enhancements ===
=== Known Issues ===
=== Bug fixes ===
FreeIPA 4.10.1 is a stabilization release for the features delivered as a
part of 4.10 version series.
There are more than 40 bug-fixes since FreeIPA 4.10.0 release.
Details of the bug-fixes can be seen in the list of resolved tickets below.
== Upgrading ==
Upgrade instructions are available on [[Upgrade]] page.
== Feedback ==
Please provide comments, bugs and other feedback via the freeipa-users
mailing
list (
https://lists.fedoraproject.org/archives/list/freeipa-users@lists.fedorah...
)
or #freeipa channel on libera.chat.
== Resolved tickets ==
* [
https://pagure.io/freeipa/issue/1539 #1539]
([
https://bugzilla.redhat.com/show_bug.cgi?id=782917 rhbz#782917])
[RFE] Add code to check password expiration on ldap bind
* [
https://pagure.io/freeipa/issue/9160 #9160]
cryptography.utils.register_interface is scheduled for removal
* [
https://pagure.io/freeipa/issue/9161 #9161] Nightly test failure in
test_selinuxusermap.py::test_selinuxusermap::test_misc
* [
https://pagure.io/freeipa/issue/9179 #9179]
test_caless_TestServerCALessToExternalCA_RSN fails in teardown
* [
https://pagure.io/freeipa/issue/9188 #9188]
([
https://bugzilla.redhat.com/show_bug.cgi?id=2098187 rhbz#2098187])
Add warning for empty targetattr when creating ACI with RBAC
* [
https://pagure.io/freeipa/issue/9192 #9192]
([
https://bugzilla.redhat.com/show_bug.cgi?id=2094672 rhbz#2094672])
IdM WebUI Pagination Size should not allow empty value
* [
https://pagure.io/freeipa/issue/9198 #9198] [Tracker] nightly
failure: after ipa trust-add, cred cache contains
cifs/master.ipa.test(a)IPA.TEST instead of admin principal
* [
https://pagure.io/freeipa/issue/9204 #9204] [Tracker] In
ipa-server-upgrade ca_upgrade_schema() results in unnecessary pki
restarts
* [
https://pagure.io/freeipa/issue/9206 #9206]
([
https://bugzilla.redhat.com/show_bug.cgi?id=2109236 rhbz#2109236])
ldap bind occurs when admin user changes password with gracelimit=0
* [
https://pagure.io/freeipa/issue/9207 #9207] Failure in
AzurePipeline.freeipa (GATING InstallDNSSECFirst_1_to_5)
* [
https://pagure.io/freeipa/issue/9208 #9208] ap: Doc build fails
against Sphinx 5.1.0
* [
https://pagure.io/freeipa/issue/9211 #9211]
([
https://bugzilla.redhat.com/show_bug.cgi?id=2109243 rhbz#2109243])
RFE: Allow grace login limit to be set in IPA WebUI.
* [
https://pagure.io/freeipa/issue/9212 #9212]
([
https://bugzilla.redhat.com/show_bug.cgi?id=2115475 rhbz#2115475])
Nightly test failure in
test_user.py::test_user::test_password_expiration_notification
* [
https://pagure.io/freeipa/issue/9214 #9214] Nightly failure in
webui test test_subid.py::test_subid::test_subid_range_deletion_not_allowed
* [
https://pagure.io/freeipa/issue/9216 #9216] [Tracker] Nightly
failure: zone not signed