[kea-announce] Kea 2.5.3, a new development release of Kea, is now available
Everett B. Fulton
ebf at isc.org
Wed Oct 25 17:18:48 UTC 2023
Internet Systems Consortium is pleased to announce the release of Kea 2.5.3.
Releases in the Kea 2.5.x sequence are part of the Kea 2.5 development
branch, where new features are provided for testing and evaluation
before the branch is designated stable and recommended for production use.
The current stable branch of Kea is Kea 2.4 and its most recent release
is 2.4.0
Kea source tarball are available from cloudsmith.io:
https://dl.cloudsmith.io/public/isc/kea-2-4/raw/versions/2.4.0/kea-2.4.0.tar.gz
https://dl.cloudsmith.io/public/isc/kea-2-5/raw/versions/2.5.3/kea-2.5.3.tar.gz
And from the ISC download page:
https://www.isc.org/download
----
# Kea 2.5.3 Release Notes, October 25, 2023
Welcome to Kea 2.5.3, the fourth monthly release of the 2.5 development
series. As with any other development release, use this with caution:
development releases are not recommended for production use.
Kea is a DHCP implementation developed by Internet Systems Consortium
(ISC) that features DHCPv4 and DHCPv6 servers with DNS update and a REST
API; optional database support (MySQL and PostgreSQL); optional RADIUS,
Kerberos, YANG/NETCONF, and GSS-TSIG support; and much more. Kea
provides extensive management capabilities, including but not limited
to: TLS support, Role-Based Access Control, run-time configuration
monitoring and updates via a REST API, host reservations, and client
classification.
The text below references issue numbers. For more details, visit the Kea
GitLab page at https://gitlab.isc.org/isc-projects/kea/-/issues. For
details about Docker issues, visit the page at
https://gitlab.isc.org/isc-projects/kea-docker/-/issues/. For details
about packaging, visit the page at
https://gitlab.isc.org/isc-projects/kea-packaging/-/issues/.
The following bugfixes and features have been implemented since the
previous release, version 2.5.2:
1. **Docker**: By popular demand, this release comes with Docker images:
both pre-built Docker images and Docker files are available. Users can
install a single container with a specific service, such as `kea-dhcp4`,
or use the `kea-compose` script that makes deployment of a cluster of
containers (kea-dhcp4, kea-dhcp6, and a PostgreSQL database) much
easier. Running a DHCP server in a Docker container is a bit more
complicated than a typical service, as a DHCPv4 server needs to be able
to receive traffic from clients that don't have an IP address assigned
yet. As such, simple port forwarding is not sufficient. Users are
recommended to read about ipvlans before deploying Docker containers.
These images were tested internally, but since this is a completely new
environment for Kea, please consider the Dockers as experimental for now
and use them with care. We would appreciate any feedback on the new
Docker images. For details, see the README file in
https://gitlab.isc.org/isc-projects/kea-docker/
[kea-docker#1,kea-docker#2,kea-docker#3,kea-docker#8,kea-docker#9,kea-doc
ker#10,kea-docker#14,kea-docker#15,kea-docker#16,kea-docker#18,kea-docker
#20,kea-docker#21,kea-docker#22,kea-docker#23,kea-docker#25,kea-docker#26
,kea-docker#27,kea-docker#28,kea-docker#29,kea-docker#30,kea-docker#32].
2. **RADIUS**: The work on refactoring our RADIUS client hook continues.
The new hook is not functional yet and users who want to use RADIUS must
continue using the old-radius hook. The design for refactoring was
completed [#3027]. The code for a UDP client that can establish
communication with a RADIUS server was implemented #[3041]. The new hook
is now able to read dictionaries [#3070].
3. **Ping check**: Another hook that is under development is ping-check.
The PingChannel (thread-safe code that can send ICMP requests and
receive responses) and ICMPmgs (can build and parse ICMP messages)
classes were implemented [#3055]. PingCheckMgr, a class that manages all
ping operations in progress, was implemented [#3083]. Fixed portability
problems with ICMP header structures between Linux and FreeBSD systems
[#3101]. A compilation issue on FreeBSD was fixed [#3099].
4. **Usability**: It is now permitted for the DDNS daemon to listen on
0.0.0.0 or ::. This is a bad idea in general, but in some specific
deployments, such as with a Docker container, it is convenient [#3116].
5. **Security**: A report from Coverity Scan was reviewed and some
issues were addressed [#3051]. Our security policy was published in a
Github-friendly format [#3080]. Kea's unit tests now work properly with
OpenSSL 3.1.3 [#3093].
6. **Bugfixes**: A race condition in FLQ code was fixed [#3111]. A
problem with the DHCPv4 vendor options no longer getting encapsulated
when using MySQL as a backend was fixed [#2881]. Kea daemons now
properly redetect interfaces that may have appeared or disappeared since
the daemon was started [#3017]. We added `DHCP4_DISCOVER` and
`DHCP4_REQUEST` messages and renamed `DHCP4_LEASE_ADVERT` to
`DHCP4_LEASE_OFFER` to better align with ISC DHCP logging format
[#2918]. We fixed improper handling of large (larger than 64 bits)
statistics by the Control Agent [#3068].
7. **Documentation**: Class priority is now better documented [#2750]. A
confusing example for DHCPv4 policy-filter (option 21) was clarified
[#3095]. The DDNS section of the ARM now mentions the DDNS Tuning hook
as a possible fine-tuning tool [#3046].
8. **Build improvements**: Testing libraries are no longer built when
compiling without Google Test [#3032]. A more detailed GTEST_VERSION is
now reported when building with `--with-gtest-source` [#3065]. We
improved `-V` and `-W` handling when Kea is installed from precompiled
packages [#3078].
## Incompatible Changes
An existing log message `DHCP4_LEASE_ADVERT` was renamed to
`DHCP4_LEASE_OFFER`. This should not affect users other than those who
parse logs automatically; those users need to update their parsers with
the new name.
## License
This version of Kea is released under the Mozilla Public License,
version 2.0.
https://www.mozilla.org/en-US/MPL/2.0
Some Kea hook libraries are provided under the MPL 2.0; others are
licensed with the Kea Hooks Basic Commercial End User License. The
source for each hook library includes the applicable license.
## Download
Pre-built ISC packages for current versions of the most popular Linux
operating systems are available at:
https://cloudsmith.io/~isc/repos/
Pre-built Docker images and well as Docker files are available. For
details, see:
https://gitlab.isc.org/isc-projects/kea-docker
The Kea source and PGP signature for this release may be downloaded from:
https://www.isc.org/download
The signature was generated with the ISC code-signing key, which is
available at:
https://www.isc.org/pgpkey
ISC provides detailed documentation, including installation instructions
and usage tutorials, in the Kea Administrator Reference Manual.
Documentation is included with the installation or at
https://kea.readthedocs.io/en/latest/index.html in HTML, PDF, or EPUB
formats. ISC maintains a public open source code tree, wiki, issue
tracking system, milestone planner, and roadmap at
https://gitlab.isc.org/isc-projects/kea.
Limitations and known issues with this release can be found at
https://gitlab.isc.org/isc-projects/kea/-/wikis/known-issues-list.
We ask users of this software to please let us know how it worked for
you and what operating system you tested on. Feel free to share your
feedback on the Kea Users mailing list
(https://lists.isc.org/mailman/listinfo/kea-users). We would also like
to hear whether the documentation is adequate and accurate. Please open
tickets in the Kea GitLab project for bugs, documentation omissions and
errors, and enhancement requests. We want to hear from you even if
everything worked.
## Support
Professional support for Kea is available from ISC. We encourage all
professional users to consider this option; Kea maintenance is funded
with support subscriptions. For more information on ISC's Kea software
support, see https://www.isc.org/support/.
Free best-effort support is provided by our user community via a mailing
list. Information on all public email lists is available at
https://www.isc.org/community/mailing-list. If you have any comments or
questions about working with Kea, please share them to the Kea Users
list (https://lists.isc.org/mailman/listinfo/kea-users). Bugs and
feature requests may be submitted via GitLab at
https://gitlab.isc.org/isc-projects/kea/-/issues.
## Changes
The following summarizes changes and important upgrades since the 2.5.2
release.
2190. [build] razvan
The library version numbers have been bumped up for the Kea 2.5.3
development release.
(Gitlab #3118)
2189. [doc] tomek
Security reporting process described in a Github-friendly format.
There is no new information, mostly pointers to already existing
documents.
(Gitlab #3080)
2188. [bug] razvan
Fixed a race condition in free lease queue allocator.
(Gitlab #3111)
2187. [func] tmark
To facilitate use in containers, the restriction from listening
on 0.0.0.0 or :: addresses has been removed from kea-dhcp-ddns.
The server will now issue a warning if configured to use either
address.
(Gitlab #3116)
2186. [bug] andrei
Fixed interface redetection which had stopped working since
Kea 2.3.6.
(Gitlab #3017)
2185. [func] razvan
Added extended log messages: DHCP4_DISCOVER, DHCP4_REQUEST,
DHCP6_PROCESS_IA_NA_SOLICIT, DHCP6_PROCESS_IA_PD_SOLICIT, which
include the hint address in the client request. The log message
tag DHCP4_LEASE_ADVERT has been renamed to DHCP4_LEASE_OFFER.
(Gitlab #2918)
2184. [bug] razvan
Fixed a bug in evaluated expression parser which was not properly
handling escaped null characters.
(Gitlab #3086)
2183. [bug] andrei
Fixed a bug where one of the commands that retrieve statistic
values sent to the kea-ctrl-agent would get an overflow error in
the response if the inquired statistic was intended to have a big
integer data type, and if the integer value would not be
representable on 64 bits. Affected statistics are "total-nas" and
"total-pds", and the bug only manifests if the inquired pool, or
the inquired subnet's aggregated pool space, is large enough.
Prior to this fix, commands would get a correct response over
unix socket.
(Gitlab #3068)
And for Kea premium:
183. [func] fdupont
Work on refactoring the RADIUS library is underway. Code has been
merged regarding dictionary parsing, message exchanges, access
and accounting services, server information. A RADIUS dictionary
is now provided with the Kea installation. libdhcp_radius.so is
still non-functional at this time.
(Gitlab #3041, #3115)
Thank you again to everyone who assisted us in making this release
possible.
We look forward to receiving your feedback.
--
Everett B. Fulton
ISC Support
More information about the kea-announce
mailing list