# Kea 2.1.6, May 25 2022, Release Notes Welcome to Kea 2.1.6, the seventh monthly release of the 2.1 development branch. As with any other development release, use this with caution: development releases are not recommended for production use. Kea is a DHCP implementation developed by Internet Systems Consortium (ISC) that features DHCPv4 and DHCPv6 servers with DNS updating and a REST API; optional database support (MySQL and PostgreSQL); optional RADIUS, Kerberos, and YANG/NETCONF support; and much more. Kea provides extensive management capabilities, including but not limited to: TLS support, run-time configuration monitoring and updates via a REST API, host reservations, client classification, and more. The text below references issue numbers. For more details, visit the Kea GitLab page at https://gitlab.isc.org/isc-projects/kea/issues. The following bugfixes and features have been implemented since the previous release versioned 2.1.5: 1. **Role Based Access Control**: With the addition of the RBAC hook, Kea now features a rich capability to fine tune access control for its REST API. It is possible to control access based on remote IP address, HTTP authentication username, or several of the TLS certificates fields. The RBAC hook is available to subscribers only [#1263]. 2. **Limits hook (experimental)** - The limits hook library was added as part of the subscription package. Rate limiting is its first feature, and momentarily the only one. It can apply a specified limit of a certain number of packets per time unit to a given client class or subnet [#562, #1650]. 3. **DDNS Tuning hook enhancements** - Fine-grained DNS Updates control - [#2354]. The expressions are now validated during configuration, rather than at run-time, allowing for earlier spotting of mistakes [#2384]. 4. **Support for long options in DHCPv4** - RFC 3396 is now partly implemented, allowing the kea-dhcp4 server to send and receive DHCP options longer than 255 bytes [#2227]. 5. **RHEL8 packages** Packages for RHEL8 and other branching distributions are available again after they had previously been interrupted since 2.1.3 due to some internal reliance on CentOS Linux 8 which was left without security support [#2410]. 6. **Bug fixes**: wrong subnet-id in reservations in a shared network [#2409]. A race condition has been fixed in multi-threading code in DHCPv4 server, when processing a hostname option [#2381]. kea-admin lease-upload now cleans up the input CSV file of any entries with duplicate addresses that would have resulted in conflicting database inserts [#2293]. 7. **Documentation updates** - Examples for TLS in HA have been added to the ARM [#2414]. ## Incompatible Changes None ## License This version of Kea is released under the Mozilla Public License, version 2.0. https://www.mozilla.org/en-US/MPL/2.0 The premium and subscriber-only hook libraries are provided under the terms of an End User License Agreement. ## Download Pre-built ISC packages for current versions of the most popular Linux operating systems are available at: https://cloudsmith.io/\~isc/repos/ The Kea source and PGP signature for this release may be downloaded from: https://www.isc.org/download The signature was generated with the ISC code signing key, which is available at: https://www.isc.org/pgpkey ISC provides detailed documentation, including installation instructions and usage tutorials, in the Kea Administrator Reference Manual. Documentation is included with the installation or at https://kea.readthedocs.io/en/latest/index.html. Limitations and known issues with this release can be found at https://gitlab.isc.org/isc-projects/kea/wikis/known-issues-list. We ask users of this software to please let us know how it worked for you and what operating system you tested on. Feel free to share your feedback on the Kea Users mailing list (https://lists.isc.org/mailman/listinfo/kea-users. We would also like to hear whether the documentation is adequate and accurate. Please open tickets in the Kea GitLab project for bugs, documentation omissions and errors, and enhancement requests. We want to hear from you even if everything worked. ## Support Professional support for Kea is available from ISC. We encourage all professional users to consider this option; Kea maintenance is funded with support subscriptions. For more information on ISC's Kea and DHCP software support see https://www.isc.org/support/. Free best-effort support is provided by our user community via a mailing list. Information on all public email lists is available at https://www.isc.org/community/mailing-list. ## Changes The following summarizes changes and important upgrade notes since the 2.1.5 release for Kea core: 2022. [func] andrei, djt kea-admin lease-upload now calls the lease file cleanup (LFC) process to clean up entries with duplicate addresses in the input CSV file, to avoid a conflict error when inserting the leases in the database. kea-admin also no longer asks for input on non-interactive shells. A new -y|--yes flag has been added that enables automatic overwriting of any file that kea-admin writes to, when dumping or uploading leases. (Gitlab #2293) 2021. [build] razvan The library version numbers have been bumped for the Kea 2.1.6 development release. (Gitlab #2421) 2020. [doc] andrei The rate-limiting feature of the new limits hook library has been documented. It can apply a specified limit of a certain number of packets per time unit to a given client class or subnet. (Gitlab #562, #1650) 2019. [func] tmark A new built-in class, "SKIP_DDNS", was added, which can be used in conjunction with the ddns-tuning hook library to skip performing DDNS updates for a given client. (Gitlab #2354) 2018. [func] razvan The kea-dhcp4 server now supports portions of RFC 3396, allowing it to send and receive DHCP options longer than 255 bytes. (Gitlab #2227) 2017. [bug] marcin A bug in the allocation engine, which caused it to write an allocated lease under the wrong subnet ID within a shared network, has been corrected. This was occurring when multiple clients matched the same fixed address reservation. The first client is now assigned the fixed address, while a subsequent client is then given a dynamically allocated address from a different subnet in the shared network. (Gitlab #2409) 2016. [doc] fdupont Documentation for the role-based access control (RBAC) premium hook library was added to the ARM. (Gitlab #1263) And for Kea premium: 147. [func] andrei The limits hook library and its rate-limiting feature were added. It can apply a specified limit of a certain number of packets per time unit to a given client class or subnet. (Gitlab #562, #1650) 146. [func] tmark The ddns-tuning hook library now supports the use of a new built-in class, "SKIP_DDNS", to skip performing DDNS updates for a given client. (Gitlab #2354) 145. [func] fdupont The RBAC (role-based access control) hook library for the control agent has been added. (Gitlab #1263) 144. [func] tmark Upon reconfiguration or modification of subnets via the config backend, the ddns-tuning hook library now reparses the hostname expressions for all configured subnets. This allows any invalid expressions to be detected up front. Previously, the expressions were parsed on demand (i.e. lazy init). (Gitlab #2384) See https://gitlab.isc.org/isc-projects/kea/-/wikis/Release-Notes for a complete list of release notes. Thank you again to everyone who assisted us in making this release possible. We look forward to receiving your feedback.