1. Headline Features
1.1. Greatly decreased JavaScript size for plugins
Previously, Foreman’s whole JavaScript bundle was duplicated in every plugin. Now a separate bundle is generated that Foreman and each plugin can reuse. In most plugins, we saw a 2 to 3 MB reduction in size. Depending on the number of plugins, this can save a significant amount in transfer size. While Foreman does compress and cache these JavaScript bundles, they still had to be loaded all the time.
For more details, see https://projects.theforeman.org/issues/37252 and https://projects.theforeman.org/issues/37391.
2. Upgrade Warnings
2.1. keycloak-httpd-client-install dropped from Enterprise Linux 9
Foreman has shipped its own keycloak-httpd-client-install
package because initially the version shipped in Enterprise Linux 7 was too old to support ODIC.
Recently it was noticed that the version in Enterprise Linux 8 contains the required features but still contains a packaging bug.
The version in Enterprise Linux 9 contains all the required features but is older than what Foreman has shipped.
Foreman 3.10 was the first release on Enterprise Linux 9 and it was marked as experimental.
As a result, the decision has been made to remove it from Foreman’s Enterprise Linux 9 packaging.
Users who have this package installed should downgrade it using dnf downgrade keycloak-httpd-client-install
.
For more details, see https://projects.theforeman.org/issues/37334.
3. Deprecations
3.1. Running Foreman on Enterprise Linux 8 removal in Foreman 3.13
Now that running on Enterprise Linux 9 is fully supported, running on Enterprise Linux 8 is deprecated. Foreman 3.13 will drop this support so users are encouraged to plan their upgrade.
Note this is for running Foreman itself. Clients will remain supported.
For more details and discussion, see https://community.theforeman.org/t/drop-support-for-running-on-el8-with-foreman-3-13/38083.
4. Foreman 3.11.5
5. Foreman 3.11.4
6. Foreman 3.11.3
Foreman 3.11.3 was accidentally tagged without any changes. Please refer to the latest version 3.11.4 when wanting to upgrade.
7. Foreman 3.11.2
A full list of changes is available on Redmine
7.1. Foreman
7.1.1. API
-
Host Creation via GraphQL only as Admin - #37765
7.1.2. Inventory
-
Invalid MAC address error message appears twice while editing interface - #37651
7.1.3. JavaScript stack
-
not all webpack assets are properly invalidated on change - #37775
7.1.4. Packaging
-
FFI 1.17.0+ requires Rubygems 3.3.22+ for installation, breaking Ruby 2.7 source installs - #37607
7.1.5. Plugin integration
-
Plugins are finalized before seeds are executed - #37503
7.1.6. Security
-
Connection reset by peer - SSL_connect when access to content/product menu - #37713
8. Katello 4.13.1
A full list of changes is available on Redmine
8.1. Katello
8.1.1. Container
-
Create Katello push repositories as needed at container push time - #37455
8.1.2. Content Views
-
CV promote fails with undefined method `get_status' for nil:NilClass when deleting a Host in the CV during Finalize phase of the Promote task - #37543
8.1.3. Foreman Proxy Content
-
Slow smart proxy sync in 4.11 - #37356
8.1.6. Subscriptions
-
'Bind entitlements to an allocation' task fails with wrong number of arguments (given 1, expected 0) (ArgumentError) - #37571
8.1.7. Tooling
-
Upgrade pulp-rpm to 3.26 - #37622
9. Foreman 3.11.1
10. Katello 4.13.0
A full list of changes is available on Redmine
10.1. Katello
-
Package rubygem-dynflow not listed in a list of packages - #37457
-
Cannot update packages on non-EL hosts - #37340
-
Fix upstream lint issues - #37331
-
It is possible to end up with the wrong remote type (uln vs. normal) for yum content - #37279
-
Default Organization View is not listed first on the CV select screen in Change Content Source - #37229
-
It should be possible to upload a package / repos profile from UI - #37191
-
content_view_components is not preloaded in content_view controller - #37108
10.1.2. Activation Key
-
Change the default setting for "Limit to environment" on the activationkey and content host pages to true - #37214
10.1.3. Alternate Content Sources
-
Fix ACS randomly failing VCR tests - #37277
10.1.5. Content Credentials
-
asterisk symbol is missing for required field - #37482
10.1.6. Content Views
-
Content view publish failing with katello_repository_rpms_id_seq reached maximum value error - #37403
-
Content view repositories link points to broken link on composite view UI - #37269
-
Newly imported content views show as needs publish - #37254
-
Allow repairing content view versions - #37237
-
[RFE Block content view publishing during repository publication tasks] - #37139
-
Very slow content view list loading - #36976
-
Python content not getting published to versions - #36611
10.1.8. Hammer
-
Improve displayed filter rules info in hammer - #37181
10.1.9. Host Collections
-
Fetching Host's details does not scale wrt Hosts Collections - #37346
10.1.10. Hosts
-
Add Setting to disable validation of host/lifecycle environment/content source coherence - #37400
-
Add bulk CV/LCE assignment to new All Hosts page - #37336
-
Add Katello column(s) to new host index page - #37309
-
katello:clean_backend_objects false alarms on systems with >1500 clients when PUTing customer facts - #37283
-
Error undefined method `repository_url' when trying to use composed images for system deployments - #37268
-
Link of Upgradable Content for Debian/Ubuntu is misaligned on Hosts page - #37267
-
Hostgroup not showing associated Kickstart Repository in edit - #37197
-
Remove the setting 'upload_profiles_without_dynflow' - #37195
-
undefined method `family' for nil:NilClass after cloning a rhel8 host - #37178
-
Managing a Hosts Repository Sets does not behave as expected - #37169
-
Update Checkin time for ESXi hypervisors from virt-who report - #37162
-
Postgresql logs contain PG::UniqueViolation: ERROR: duplicate key value violates unique constraint "katello_available_module_streams_name_stream_context" - #37137
-
Offer a hint in the UI about how to get 'Synced Content' available - #36992
-
When cloning a hostgroup the fields content source content view and lifecycle are empty - #35215
10.1.12. Notifications
-
Use with_enabled_email scope instead of handcrafting the query all over the place - #37192
10.1.14. Repositories
-
Repository synchronization progress does not get updated in real time on Satellite Web UI's "Content ---> Sync Status" page - RHEL8 Satellite 6.16 - #37442
-
Upgrade pulp-container bindings to 2.20 - #37414
-
Fix typo for container_repository_name in metadata_generate_needed? - #37408
-
Create a rake script that reindexes manifests with label information - #37407
-
Add Include Refs and Exclude Refs options for OSTree repository type - #37383
-
Container push can fail with a different JSON error - #37380
-
Index Pulp manifest annotations, labels, is_bootable, is_flatpak and expose them via API - #37379
-
Fix Katello (or maybe BATS) -- orphan cleanup tries deleting distributed repo versions - #37371
-
Product level Verify checksum action spawns unessasary checksum tasks for cloned repositories of the root repository - #37259
-
Registry Service Accounts token is not accepted in "Upstream Authentication Token" of a docker repo - #37238
-
Red Hat products that were never synced are reporting last synced time - #31318
10.1.15. Roles and Permissions
-
Content Exporter role is missing the create_content_views permission - #37430
10.1.16. Subscriptions
-
Org still holds stale cached manifest expiration date after manifest import/refresh - #37481
-
subscription-manager release --unset doesn't reset the client information on foreman - #37358
-
As a user I want to be warned before the manifest (upstream consumer identity certificate) will expire, and have a notification to refresh the manifest. - #37271
-
As a user, when I refresh my manifest the expiration date of the identity certificate will get renewed, so that I am never caught with an expired manifest. - #37266
-
Remove SCA-related API endpoints and params - #37226
10.1.17. Tests
-
Update tests to stop using https://fixtures.pulpproject.org/rpm-zchunk/ - #37187
10.1.18. Upgrades
-
Upgrade pulpcore to 3.49 - #37301
10.1.19. Web UI
-
update ak results in hostgroup - #37476
-
Update TableWrapper to comply with changes in SelectAllCheckbox - #37378
-
refactor ak in hostgroups to react - #37370
-
Change content source screen is still confusing coming from host edit - #37313
-
Invalid PropType errors when selecting a content source on Change Content Source form - #37303
-
Duplicate repositories in content view versions warning is always active - #37240
10.1.20. katello-tracer
-
Use dnf needs-restarting to collect tracer information - #36973
11. Foreman 3.11.0
A full list of changes is available on Redmine
11.1. Foreman
11.1.1. API
-
API 'build_pxe_default' is broken when a taxonomy is passed - #37439
11.1.3. Database
-
Upgrade to PostgreSQL 13 on EL8 - #37208
11.1.5. Facts
-
drop bookworm/sid workaround now that bookworm is released - #37484
11.1.6. Host creation
-
Creating a host without a comment and then editing it and submitting without any changes creates an update audit record for the nil->'' transition of comment - #37224
11.1.7. Host groups
-
Hostgroup facets are not cloned when cloning hostgroup - #37179
11.1.11. JavaScript stack
-
use host_details_ui in React context - #37489
-
Prevent XSS issue for katello angular pages - #37437
-
Webpack - Prevent react duplicates in core - #37391
-
Drop unused typeToIcon function - #37387
-
Drop toggleRowGroup and filter_permissions functions - #37386
-
Drop check_all_roles and uncheck_all_roles event handlers - #37385
-
always use cached manifest json to find webpack chunks, not only for JS - #37353
-
Webpack assets not compressed after Webpack 5 migration - #37344
-
@redhat-cloud-services/frontend-components-utilities@4.0.8 breaks compatibility with NodeJS 14 - #37312
-
remove unused typeAheadSelect - #37280
-
_victoryCore.Helpers.isFunction is not a function - #37255
-
Webpack - Prevent foreman core duplicates in plugins - #37252
-
Add main action button to PermissionDenied component - #37236
-
Generic table on TableIndexPage always shows actions kebab, even if empty - #37233
11.1.12. Packaging
-
Allow rdoc 6.4 on Ruby 3.1 - #35463
11.1.13. Performance
-
Iterate on hashes when both key and value are used - #37287
11.1.14. Plugin integration
-
Facets with hostgroup inherit override host-specific facet values - #37043
11.1.17. Settings
-
default_$taxonomy setting descriptions only mention Puppet instead of all facts - #37488
11.1.19. Tests
-
Use PostgreSQL 13 in tests - #37241
11.1.20. Unattended installations
-
Don't use the Kickstart rhsm for RHEL 9 - #37461
-
Foreman and Anaconda are not in sync when deploying RHEL9: both keyfiles/snippets and ifcfg-xxx files are generated - #37367
-
kickstart_kernel_options deprecation warning - ks param on rhel8 - #37343
-
Ubuntu 22.04.3 needs adaption user-data template - #37011
-
Add Clevis/Tang disk encryption template - #36885
-
Debian boot_file_sources uses transform_vars but preseed_path does not - #36830
-
Enable connectefi scsi for grub2 by default - #36691
-
kickstart's RHSM line only works on RHEL hosts - #36525
11.1.23. foreman-debug
-
Drop upload functionality from foreman-debug - #37406
11.2. Installer
11.2.1. Foreman modules
-
During upgrade to Katello 4.11 issues are seen with Candlepin keystore when using FIPS - #37384
-
Support PostgreSQL database for smart_proxy_container_gateway - #37325
-
REMOTE_USER is unset by Apache for Pulpcore Registry when it shouldn't be - #37308
-
Retire foreman-hooks from installer - #37296
-
Support for Avatars broken by ProxyPass - #37211
11.2.2. foreman-installer script
-
Use rubocop cmdline parameters according to version 0.80.1 - #37393
-
Exclude all subdirectories for vendor in .rubocop.yaml - #37392
-
Puppet server ciphers updated in 2.0 but old ciphers can remain in answers - #37306
-
Default PostgreSQL password encryption to SCRAM - #37297
-
Add gitlab CI config - #37261
-
Upgrade to PostgreSQL 13 on EL8 - #37177
-
Make katello-certs-check verify if the CA bundle has any certificates with trust rules - #37063
11.4. Smart Proxy
11.4.1. DHCP
-
Creating a DHCP host can cause an IPv6 address to be looked up - #37355
11.4.2. DNS
-
Free IPs service is not started for MS DHCP - #37450
11.4.3. TFTP
-
Smart Proxy TFTP fetching writes out broken files on HTTP errors - #37147
11.4.4. Tests
-
Tests fail inside docker container - #37413
Appendix A: Foreman Contributors
We’d like to thank the following people who contributed to the Foreman 3.11 release:
Adam Hosek, Adam Lazik, Adam Růžička, Alexander Olofsson, Aneta Šteflová Petrová, Archana Kumari, Bastian Schmidt, Beat Gaetzi, Bernhard Suttner, Chris Roberts, Cole Higgins, Dirk Götz, Eric Helms, Evgeni Golov, Ewoud Kohl van Wijngaarden, Girija Soni, Gordon Bleux, Greg Cox, Griffin Sullivan, Hao Yu, Ian Ballou, Jan Löser, Jeremy Lenz, Joniel Pasqualetto, Laurent Bigonville, Lennart Betz, Leos Stejskal, Marek Hulán, Maria Agaphontzev, Markus Bucher, Martin Alfke, Matěj Mudra, Maximilian Kolb, Nadja Heitmann, Mike Massonnet, Nofar Alfassi, Oleh Fedorenko, Pat Riehecky, Patrick Creech, Quinn James, Samir Jha, Sayan Das, Sebastian Bublitz, Shimon Shtein, Thorben Denzer, Tim Meusel, Zach Huntington-Meath, cocker-cc, Waldirio M Pinheiro, William Bradford Clark, dosas, jmott85, Et7f3, gardar, omahs
As well as all users who helped test releases, report bugs and provide feedback on the project.