1. Headline Features

1.1. Experimental Enterprise Linux 9 support

This is the first release to provide Enterprise Linux 9 packages. Enterprise Linux 9 comes with Ruby 3 and it may affect your templates. Right now there’s no guidance on upgrading. Because of this it’s considered experimental. Foreman 3.11 plans to provide this. Users are encouraged to test and provide feedback.

1.2. foreman-debug is now an optional package

The foreman-debug package is no longer installed by default, and it is now required to be installed separately.

2. Upgrade Warnings

There are no upgrade warnings with Foreman 3.10.

2.1. keycloak-httpd-client-install dropped from Enterprise Linux 9

Foreman has shipped its own keycloak-httpd-client-install package because initially the version shipped in Enterprise Linux 7 was too old to support ODIC. Recently it was noticed that the version in Enterprise Linux 8 contains the required features, but still contains a packaging bug. The version in Enterprise Linux 9 contains all the required features, but is older than what Foreman has shipped. Foreman 3.10 was the first release on Enterprise Linux 9 and it was marked as experimental. Because of that it’s been decided to drop it from Foreman’s Enterprise Linux 9 packaging. Users who have this package installed should downgrade it using dnf downgrade keycloak-httpd-client-install.

3. Deprecations

3.1. foreman-maintain backup snapshot

foreman-maintain backup snapshot is now deprecated and will be removed in a future release. Please use other backup types to replace your use of snapshot.

4. Foreman 3.10.1

A full list of changes is available on Redmine

4.1. Foreman

4.1.1. Templates

  • foreman_bootdisk templates not seeded - #37421

4.1.2. Unattended installations

  • Cloudinit default generates invalid yaml output - #37433

4.2. Installer

4.2.1. Foreman modules

  • CVE-2024-7923: Authentication bypass in Pulpcore - #37787

  • CVE-2024-7012: Authentication bypass in Foreman - #37786

5. Katello 4.12.0

A full list of changes are available on Redmine

5.1. Katello

  • Package installation fails with template error - #37155

  • Remove unused downshift dependency - #37113

  • A lot of COUNT() SQL queries on the content view page - #37111

  • Enable eager loading on CV latest_version_object - #37109

  • Upgrade to VCR 6.1+ - #37100

  • Use shared GitHub Action for test execution - #37095

  • Drop uglifier development dependency - #37094

  • Invalid single-table inheritance type: ConfigManagementError is not a subclass of RemoveKatelloFromNotificationName::FakeMailNotification - #37075

  • Migration error 'users.disabled' already exists - #37074

  • Migration error 'column settings.category does not exist' - #37073

  • Cleanup orphans task generates inefficient queries consuming resources and taking long time to run - #37058

5.1.1. API

  • Remove LCE option from host-registration generate-command in Hammer/API similar to WebUI - #37044

  • Remove deprecated field from docker repo authentication tokens - #36888

5.1.2. Activation Key

  • The Activation Keys page asks user to register hosts using old deprecated method - #37040

5.1.3. Content Views

  • Module stream filter adds all modules to all repositories - #37050

  • Wrong link to Files in CV Repositories tab - #37030

  • CV version should display Container manifest list count - #36988

  • Race Condition during Incremental Update - #36871

  • Unable to delete repository if it was included to composite CV - #11760

5.1.4. Errata Management

  • When applying errata on host using "apply via custom remote execution" => "katello via ansible" method shows errata field blank - #37051

  • New host details page should show debian content - #35713

5.1.5. Foreman Proxy Content

  • PG::ProgramLimitExceeded error for Update content counts task on a big setup - #37080

  • Set up smart proxy reference to content source proxy - #37028

  • After upgrade checking sync status/content info fails till next sync - #37023

5.1.6. Hammer

  • Fix ContentViewVersion undefined error in republish repositories test - #37046

  • hammer proxy content info fails when DB has no content counts - #37031

5.1.7. Hosts

  • Packages Tab on Host Details page depends on operatingsystem description (which can be changed by user) - #37144

  • virt-who host and virtual host guest did not display the correct mapping info on old Legacy Content Host UI->Details - #37123

  • Host facts disappear during registration, causing incorrect RHEL lifecycle status of Unknown - #37107

  • Host owner not set correctly during registration - #37014

  • Configuration rebuild failed for: Content_Host_Status and Refresh_Content_Host_Status. - #36996

  • Katello Ansible Errata job template starts with spaces before — breaking the template - #36994

  • Traces service restart should warn user that host will reboot - #36986

  • all hosts page slow -> improve installed packages queries - #36946

  • all hosts page slow -> reduce the amount of errat queries - #36943

  • all hosts page slow -> reduce the amount of katello host tracer queries - #36941

  • Host content view environment is reset on any host edit when hostgroup assigns a CVE - #36897

  • When installing a new package, the job is labeled with a job ID and not the package. - #36846

  • Host search by installed_package_name invokes OOM killer - #35974

5.1.8. Inter Server Sync

  • Hammer is not propagating error message from production log when content-export fails - #36977

  • Add ability to export and import APT (deb) content - #36765

5.1.9. Localization

  • Unused config/locale directory - #36950

  • Bad translation in french in webui - #36829

5.1.10. Organizations and Locations

  • SCA-Only: Update behavior of organizations & Candlepin owners - #37131

5.1.11. Repositories

  • Setting pulp_export_destination is unused - #37083

  • Bump recommended repos for 6-15 - #36995

  • param :source_url not working with the sync API - #36987

  • A re-sync should always recover from a previous syncs failed publication - #36859

  • Never use dependency-solving for deb content - #36748

  • Red Hat products that were never synced are reporting last synced time - #31318

5.1.12. Subscriptions

  • Message under "Simple content access" button on organization edit page can be improved and a hyperlink can be provided to reference the document. - #37117

  • New VDC-subscription shows "Requires Virt-Who: false" - #37024

5.1.13. Tests

  • Drop simplecov integration - #37084

  • Drop katello:rubocop:jenkins rake task - #37033

  • Drop minitest-tags development dependency - #37032

5.1.14. Tooling

  • Fix tests to match strict keyword matching - #37153

  • Make plugin compatible with Ruby 3 - #37145

  • Missing development dependencies for rubocop - #36998

  • transient test failure test_sync_container_gateway – Katello::SmartProxyExtensionsTest - #34044

5.1.15. Web UI

  • Update web UI for SCA-only - #37140

  • Virtual guests show up on legacy UI for hosts even if they are not hypervisors - #37118

  • update katello to support webpack5 - #37104

  • Field 'id' not recognized for searching! when trying to bulk override repository sets - #37018

  • Can't change default template name for change content source - #37005

6. Katello 4.12.1

A full list of changes are available on Redmine

6.1. Katello

6.1.1. Content Views

  • Content view repositories link points to broken link on composite view UI - #37269

6.1.2. Host Collections

  • Fetching Host's details does not scale wrt Hosts Collections - #37346

6.1.3. Hosts

  • RHEL Lifecycle Status tests failing because RHEL8 full support is now ended - #37533

  • Error undefined method `repository_url' when trying to use composed images for system deployments - #37268

  • Link of Upgradable Content for Debian/Ubuntu is misaligned on Hosts page - #37267

6.1.4. Repositories

  • Repository synchronization progress does not get updated in real time on Satellite Web UI's "Content ---> Sync Status" page - RHEL8 Satellite 6.16 - #37442

  • Product level Verify checksum action spawns unessasary checksum tasks for cloned repositories of the root repository - #37259

6.1.5. Roles and Permissions

  • Content Exporter role is missing the create_content_views permission - #37430

6.1.6. Tests

  • Update tests to stop using https://fixtures.pulpproject.org/rpm-zchunk/ - #37187

6.1.7. Web UI

  • update ak results in hostgroup - #37476

  • refactor ak in hostgroups to react - #37370

  • Invalid PropType errors when selecting a content source on Change Content Source form - #37303

7. Foreman 3.10.0

A full list of changes is available on Redmine

7.1. Foreman

  • Some APIs / params are not marked as deprecated - #37274

  • OS bootfiles API not working because of misspelled class - #37270

  • Pull provider installation template crash - #37193

  • Race condition in smart proxy test - #37150

  • Alphabetical sorting in test broken - #37132

  • Unpin adobe/css-tools - #37128

  • Clean up old storybook dependencies - #37127

  • Replace `node-sass` with `sass` - #37126

  • Prepare STI usage to be compatible with Ruby 3.0 - #37087

  • Replace "apt-key" on Debian/Ubuntu in "global_registration.erb" - #37034

  • katello-certs-check should succeed if intermediates are presented without root - #37021

  • `hammer host-registration generate-command` doesn't accept `unlimited` as JWT life time - #36972

  • Registration command should not fail with status 0 - #36969

  • Broken link in Register Host documentation - #36966

  • Revert back 'Change Puppet CA' action - #36955

  • Global Registration - ignore output of some commands - #36938

  • Switch to using terser for minification and compression of JS assets - #36936

  • Run Foreman tests on Ruby 3.0 - #36849

  • VM tab (legacy UI) shows error in case host is not associated to VM - #36744

  • Ubuntu version "nil" is interpreted as "0" - #36741

  • iPXE Discovery Only Works On net0 - #36502

7.1.1. API

  • Create API for getting permissions of current user - #36917

7.1.2. Authentication

  • After Foreman installation login page respond with "Invalid Timezone: Etc/Unknown" - #37069

7.1.3. Compute resources

  • Image-based deployment on Proxmox fails due to extra newline in "remote_execution_ssh_keys" snippet - #37142

7.1.4. Compute resources - VMware

  • VmWare - API doesn't show same info about VM as in UI - #35248

7.1.5. Database

  • Invalid kwargs handling in FindCommon - #37273

7.1.6. Host creation

  • Drop append domain names setting - #36160

7.1.7. Inventory

  • Changing the "Show New Host Overview Page" setting is not applied even after reloading the page - #37013

7.1.8. JavaScript stack

  • Fix javascript method for webpack_asset_paths - #37199

  • Duplicate ids from webpack style - #37173

  • Load plugin public folder for webpack - #37161

  • "Component name already taken" warnings fix - #37154

  • NodeJS 18 and NPM 8 compatibility - #37134

  • Update to webpack 5 - #37102

  • BreadcrumbBar.test.js missing await - #37070

  • EditorView snapshots change because of classnames update - #37026

  • Rename interface to host_interface - #36959

  • Wrap script tags in content_for(:javascripts) - #36958

7.1.9. Parameters

  • Adding a new boolean-type parameter to a host causes an error - #37012

7.1.10. Realm

  • Grammatical error in Realm description in WebUI - #37120

7.1.11. Reporting

  • Satellite "Registered Content Hosts" report generates incorrect hosts' kernel version - #37184

  • Host - Statuses report failing "unknown keywords: :Name, :Global" - #37065

  • Getting "undefined method '#name' for NilClass::Jail (NilClass) (Safemode::NoMethodError)" error generating subscription report - #37016

  • Hammer Report-Template Complains about 'Input Days from Now' Being Blank - #32359

7.1.12. Settings

  • Updating setting host_owner fails with "Value Host owner is invalid" - #37015

7.1.13. Templates

  • Support safe navigation operator in safemode - #37010

7.1.14. Tests

  • Drop unused react-dnd-test-utils package - #37115

  • Drop single_test dependency - #37093

  • Use minitest_reporters_github in GitHub Actions - #37092

  • Incorrect Debian/Ubuntu release names in factories - #37019

7.1.15. Unattended installations

  • Satellite 6.12 is still using katello-ca to register hosts during provisioning instead of Gloabl Registration Template - #36747

7.1.16. Users, Roles and Permissions

  • Monitor > Host statuses ignores taxonomy scoping and user's permissions and shows counts even though the user can't see the actual hosts - #37039

7.1.17. Web Interface

  • Duplicate html-id on Settings-page - #37168

  • Pin victory-core to pre-36.9.0 - #37156

  • Host details - sub tabs are hidden - #37089

  • Show current user in the navigation when screen too small - #37079

  • Closing parent nav should also close child nav - #37067

  • Duplicate id in HTML - #37066

  • Login-Page missing background after scrolling - #37064

  • Total and owned links in Monitor > Host statuses have the links swapped in the error column - #37038

  • Expanding a section should collapse other expanded sections - #37025

  • Table index new button alignment in large screens - #36963

  • Clear navigation search doesn't clear results - #36949

  • Navigation Search doesnt show ansible roles - #36948

  • User dropdown shifted to the left when using foreman with plugins - #36896

  • Banner to show foreman instance - #36872

7.2. Installer

  • Installer doesn't set correct permissions of /pub/ files - #37130

  • Katello certificate tarball is actually .tar.gz instead of .tar - #37097

  • Rename deprecated pulp TELEMETRY setting to ANALYTICS - #37062

7.3. Packaging

  • Make foreman-debug optional - #37022

7.3.1. RPMs

  • rubygem-ipmitool is missing ipmitool dependency - #37246

  • Add python-setuptools as an installation dependency for EL6 katello-host-tools - #37106

Appendix A: Foreman Contributors

We’d like to thank the following people who contributed to the Foreman 3.10 release:

Adam Růžička, Archana Kumari, Bastian Schmidt, Dirk Götz, Eric Helms, Erik Berg, Evgeni Golov, Ewoud Kohl van Wijngaarden, Gaurav Talreja, Girija Soni, Gordon Bleux, Griffin Sullivan, Ian Ballou, Jan Bundesmann, Karolina Malyjurkova, Leos Stejskal, Maria Agaphontzev, Markus Bucher, Markus Reisner, Martin Alfke, Maximilian Kolb, Michal Barecki, Nofar Alfassi, Oleh Fedorenko, Ottavia Balducci, Pat Riehecky, Quinn James, Ron Lavi, Samir Jha, Tim Meusel, William Bradford Clark

As well as all users who helped test releases, report bugs and provide feedback on the project.