-
Tue Feb 04 2020 EL Errata <el-errata_ww@oracle.com> - 4.6.5-11.0.1
- Blank out header-logo.png product-name.png
- Replace login-screen-logo.png [Orabug: 20362818]
-
Mon Dec 16 2019 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.5-11.el7_7.4
- Resolves: #1781153 - After upgrade AD Trust Agents were removed from LDAP
- trust upgrade: ensure that host is member of adtrust agents
- Resolves: #1777303 - CVE-2019-10195 ipa: batch API logging user passwords to /var/log/httpd/error_log
- CVE-2019-10195: Don't log passwords embedded in commands in calls using batch
- Resolves: #1773953 - User incorrectly added to negative cache when backend is reconnecting to IPA service / timed out: error code 32 'No such object'
- extdom: unify error code handling especially LDAP_NO_SUCH_OBJECT
- ipa-extdom-extop: test timed out getgrgid_r
- Resolves: #1770728 - Issue with adding multiple RHEL 7 IPA replica to RHEL 6 IPA master
- DL0 replica install: fix nsDS5ReplicaBindDN config
- Resolves: #1767300 - CVE-2019-14867 ipa: Denial of service in IPA server due to wrong use of ber_scanf()
- Make sure to have storage space for tag
-
Mon Sep 30 2019 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.5-11.el7_7.3
- Resolves: #1756914 - Sub-CA key replication failure
- Handle missing LWCA certificate or chain
- Fix CustodiaClient ccache handling
- CustodiaClient: use ldapi when ldap_uri not specified
- CustodiaClient: fix IPASecStore config on ipa-4-7
- Bump krb5 min version
-
Tue Sep 17 2019 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.5-11.el7_7.2
- Resolves: #1752740 - when migrating trusted domain object structure, add default access control definitions, if they were missing in old trust objects
- add default access control when migrating trust objects
- adtrust: add default read_keys permission for TDO objects
- Disable deprecated-lambda check in adtrust upgrade code
-
Fri Jun 28 2019 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.5-11.el7
- Resolves: 1723473 - ipa upgrade fails with trust entry already exists
- adtrust upgrade: fix wrong primary principal name, part 2
- Resolves: 1686302 - ipa trust fetch-domains, server parameter ignored
- trust-fetch-domains: make sure we use right KDC when --server is specified
-
Wed Jun 26 2019 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.5-10.el7
- Resolves: 1723473 - ipa upgrade fails with trust entry already exists
- adtrust upgrade: fix wrong primary principal name
-
Tue Jun 04 2019 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.5-9.el7
- Resolves: 1712794 - ERROR: invalid 'PKINIT enabled server': all masters must have IPA master role enabled
- Consider configured servers as valid
-
Mon May 13 2019 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.5-8.el7
- Resolves: 1702651 - Command ipa conole is broken
- ipa console: catch proper exception when history file can not be open
- Resolves: 1704796 - Wrong CA replication topology created with two replicas
- replica install: acknowledge ca_host override
- Resolves: 1708873 - Unable to upgrade ipa data: IPA version error: data needs to be upgraded (expected version '4.7.90.pre1-3.fc30', current version '4.7.2-8.fc30')
- upgrade: adtrust - catch empty result when retrieving list of trusts
-
Tue Apr 30 2019 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.5-7.el7
- Resolves: 1704227 - Wrong logic in ipactl restart leads to start instead of restart pki-tomcatd
- ipactl restart: fix wrong logic when checking service list
-
Fri Apr 19 2019 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.5-6.el7
- Resolves: 1700804 - Update Red Hat logo in IdM Server