... | ... | @@ -8,17 +8,18 @@ This release adds new features, improves existing features, clarifies documentat |
|
|
|
|
|
2. **HA+MT stability** - The multi-threaded support for HA is now more stable. In particular, the hooks are now notified when the Kea enters or leaves the critical section. This eliminates previously observed race conditions when shutting down or reconfiguring Kea with HA+MT enabled [#1876, #1818].
|
|
|
|
|
|
3. **Improved DROP class** - #1815
|
|
|
3. **Per device access control** - Kea is now able to drop packets coming from devices that have host reservations with class set to DROP (`DROP` class mentioned in `client-classes` field in the `reservations`). This effectively allows to selectively drop incoming packets from some devices, such as customers that have their payments overdue, misbehaving or unwanted devices [#1815].
|
|
|
|
|
|
4. **Better vendor options handling** - retrieve vendor information from vendor class option in DHCPv6 [#1837]
|
|
|
4. **Better vendor options handling** - Two improvements related to the vendor options made it into this release. First, Kea is now able to process slightly malformed vendor options that have inner length field set to too large value. Previously Kea simply ignored the option. With this improvement, Kea is now able to process slightly non-conformant options [#1860]. Second improvement lets Kea extract the enterprised identifier from vendor class option in DHCPv6 [#1837].
|
|
|
|
|
|
5. **Security** - obfuscate passwords in logs [#1721], authentication information is now logged on dedicated logger [#1590], TLS support is now functional when building with Botan, instead of OpenSSL [#1665]
|
|
|
5. **Security** - Kea now obfuscates passwords in logs when debug is enabled [#1721]. Authentication information is now logged on dedicated logger, making it easier to implement security policies, such as logging to a dedicated secure storage [#1590]. The TLS support is now functional when building with Botan library, instead of the usual OpenSSL. While Botan is much less popular than OpenSSL, it may be a viable alternative in cases where OpenSSL cannot be used for whatever reason [#1665].
|
|
|
|
|
|
6. **Bugfixes** - Coverity (#1806, #1854, #1855, #1852, #1850, #1853, #1851, #1805), subnet selection option fix in DHCPv4 [#1816]
|
|
|
6. **Bugfixes** - Corrected a bug in DHCPv4 subnet selection. The server ignored
|
|
|
the Subnet Selection option supplied by a client if its query contained a Relay Agent Information (RAI) option without a Link Selection option. After this change, the server respects the Subnet Selection option when RAI lacks the Link Selection option. If RAI includes it, it takes precedence over the Subnet Selection option [#1816]. An assorted collection of issues reported by Coverity Scan has been fixed (#1806, #1854, #1855, #1852, #1850, #1853, #1851, #1805).
|
|
|
|
|
|
7. **Build improvements** - unit tests compilation fix on CentOS 7 [#1888], fix netconf compilation [#1883], Forensic logging unit test failures on FreeBSD [#1879], gcc11 compatiblity/Fedora 34 [#1834, #1833, #1871, #1839], building Sphinx docs on CentOS 7 [#1877], compatibility with sphinx 3.3.1 and newer [#1560]
|
|
|
7. **Build improvements** - Unit tests compilation fix on CentOS 7 [#1888], Kea-netconf compilation fix [#1883], forensic logging unit test no longer fail on FreeBSD [#1879], added support for gcc11, which fixed the build problems on Fedora 34 [#1834, #1833, #1871, #1839], fixed building Sphinx documentation [#1877], compatibility with Sphinx 3.3.1 and newer [#1560].
|
|
|
|
|
|
8. **Testing** - Perfdhcp is now able to simulate DHCPv6 traffic coming from multiple subnets [#1416].
|
|
|
8. **Testing** - Perfdhcp is now able to simulate DHCPv6 traffic coming from multiple subnets. While perfdhcp is not typically used by end users (although they certainly can if they want to simulate DHCP traffic and stress test their deployment), this tool is backbone of ISC performance testing. This extended capability will allow testing more complex IPv6 scenarios that more closely replicate actual deployments [#1416].
|
|
|
|
|
|
## Incompatible Changes
|
|
|
|
... | ... | |