# SSSD 2.9.7
The SSSD team is announcing the release of version 2.9.7 of the System Security Services Daemon. The tarball can be downloaded from: https://github.com/SSSD/sssd/releases/tag/2.9.7
Note that this is the latest release of 2.9.x LTM branch.
See the full release notes at: https://sssd.io/release-notes/sssd-2.9.7.html
## Feedback
Please provide comments, bugs and other feedback via the sssd-devel or sssd-users mailing lists: https://lists.fedorahosted.org/mailman/listinfo/sssd-devel https://lists.fedorahosted.org/mailman/listinfo/sssd-users
# SSSD 2.9.7 Release Notes
## Highlights
### General information
* When both IPv4 and IPv6 address families are resolvable, but the primary is blocked on firewall, SSSD attempts to connect to the server on the secondary family.
### New features
* SSSD IPA provider now supports IPA subdomains, not only Active Directory. This IPA subdomain support will enable SSSD support of IPA-IPA Trust feature, the full usable feature coming in a later FreeIPA release. Trusted domain configuration options are specified in the 'sssd-ipa' man page.
### Important fixes
* 'sssd_kcm' memory leak was fixed.
### Configuration changes
* New 'ldap_read_rootdse' option allows you to specify how SSSD will read RootDSE from the LDAP server. Allowed values are "anonymous", "authenticated" and "never"
* Until now dyndns_iface option supported only "*" for all interfaces or exact names. With this update it is possible to use shell wildcard patterns (e. g. eth*, eth[01], ...).