-
Tue Oct 12 2021 EL Errata <el-errata_ww@oracle.com> - 4.6.8-5.0.1
- Blank out header-logo.png product-name.png
- Replace login-screen-logo.png [Orabug: 20362818]
-
Wed Sep 08 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7_9.9
- Resolves: #2000261 - extdom: LDAP_INVALID_SYNTAX returned instead of LDAP_NO_SUCH_OBJECT
- extdom: return LDAP_NO_SUCH_OBJECT if domains differ
-
Tue Jun 22 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7_9.7
- Resolves: #1956550 - IPA server installation fails when cert contains non-ASCII character
- CA less installation: non ASCII chars in CA subject
- ipatests: use non-ascii chars in CA-less install
- Resolves: #1974328 - Revise PKINIT upgrade code
- Allow PKINIT to be enabled when updating from a pre-PKINIT IPA CA server
-
Tue May 11 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7_9.6
- Resolves: #1959349 - Need to bump pki + ds version
-
Tue Apr 06 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7_9.5
- Resolves: #1931405 krb5kdc crash - Segmentation fault in ldap_first_entry().
- ipa-kdb: fix compiler warnings
- ipa-kdb: add missing prototypes
- ipa-kdb: reformat ipa_kdb_certauth
- ipa-kdb: mark test functions as static
- ipa-kdb: do not use OpenLDAP functions with NULL LDAP context
- Resolves: #1835741 krb5kdc crashing on ipa server
- Resolves: #1929372 krb5kdc is crashing intermittently on IPA server.
-
Fri Jan 29 2021 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7_9.4
- Resolves: #1897253 IPA WebUI inaccessible after upgrading to RHEL 8.3.- idoverride-memberof.js missing
- wgi/plugins.py: ignore empty plugin directories
- Resolves: #1895197 improve IPA PKI susbsystem detection by other means than a directory presence, use pki-server subsystem-find
- Improve PKI subsystem detection
- ipatests: add test for PKI subsystem detection
- ipatest: fix test_upgrade.py::TestUpgrade::()::test_kra_detection
- Resolves: #1892793 Authentication and login times are over several seconds due to unindexed ipaExternalMember
- Add more indices
- Resolves: #1884819 IdM Web UI shows users as disabled
- fix cert-find errors in CA-less deployment
- Resolves: #1863619 CA-less install does not set required permissions on KDC certificate
- CAless installation: set the perms on KDC cert file
- ipatests: check KDC cert permissions in CA less install
- Resolves: #1859248 CVE-2020-11023 ipa: jquery: Passing HTML containing <option> elements to manipulation methods could result in untrusted code execution
- WebUI: Fix jQuery DOM manipulation issues
- Resolves: #1846349 cannot issue certs with multiple IP addresses corresponding to different hosts
- fix iPAddress cert issuance for >1 host/service
-
Thu Jun 18 2020 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-5.el7
- Resolves: #1826659 IPA: Ldap authentication failure due to Kerberos principal expiration UTC timestamp
- ipa-pwd-extop: use timegm() instead of mktime() to preserve timezone offset
-
Fri Jun 05 2020 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-4.el7
- Resolves: #1842950 ipa-adtrust-install fails when replica is offline
- ipa-adtrust-install: avoid failure when replica is offline
- Resolves: #1831856 CVE-2020-11022 ipa: jquery: Cross-site scripting due to improper injQuery.htmlPrefilter method
- WebUI: Apply jQuery patch to fix htmlPrefilter issue
-
Tue May 12 2020 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-3.el7
- Resolves: #1834385 Man page syntax issue detected by rpminspect
- Man pages: fix syntax issues
- Resolves: #1829787 ipa service-del deletes the required principal when specified in lower/upper case
- Make check_required_principal() case-insensitive
- Resolves: #1825829 ipa-advise on a RHEL7 IdM server generate a configuration script for client having hardcoded python3
- ipa-advise: fallback to /usr/libexec/platform-python if python3 not found
- Resolves: #1812020 CVE-2015-9251 ipa: js-jquery: Cross-site scripting via cross-domain ajax requests
- Web UI: Upgrade jQuery version 2.0.3 -> 3.4.1
- Resolves: #1713487 CVE-2019-11358 ipa: js-jquery: prototype pollution in object's prototype leading to denial of service or remote code execution or property injection
- Web UI: Upgrade jQuery version 2.0.3 -> 3.4.1
-
Wed Apr 15 2020 Florence Blanc-Renaud <frenaud@redhat.com> - 4.6.8-2.el7
- Resolves: #1802408 CVE-2020-1722 ipa: No password length restriction leads to denial of service
- Add interactive prompt for the LDAP bind password to ipa-getkeytab
- CVE-2020-1722: prevent use of too long passwords