Resolves: RHEL-139110 - Rebase SSSD for RHEL 10.2
Resolves: RHEL-132552 - sssd_be: segfault at 8 ip 00007f6fd25b2b90 sp 00007ffc02dfbae0 error 4 in libsss_ipa.so[7f6fd25ae000+4d000]
Resolves: RHEL-132505 - RFE: package LDAP provider support for subid ranges
Resolves: RHEL-130571 - SSSD: change a default value of 'session_provider' sssd.conf option to 'none'
Resolves: RHEL-129636 - sssd service fails to start after updating to 2.9.6-4 or 2.9.7-4
Resolves: RHEL-128594 - 'sssd_nss' hangs when looking up an object by ID that has expired cache entry and filtered out by name
Resolves: RHEL-127792 - Remove SSSD option ipa_enable_dns_sites
Resolves: RHEL-120501 - Crash in 'sss_client/autofs/sss_autofs.c'
Resolves: RHEL-120287 - CVE-2025-11561 sssd: SSSD default Kerberos configuration allows privilege escalation on AD-joined Linux systems [rhel-10.2]
Resolves: RHEL-114468 - Spam in 'sssd_kcm.log' during normal operations
Resolves: RHEL-113111 - Including innapropriate IPv6 addresses in dyndns_update
Resolves: RHEL-104221 - The SSSD cache is filled with groups having GID=0, causing the cache index to grow excessively large. This, in turn, leads to timeouts
Resolves: RHEL-94545 - When the user name of an AD user in an IPA-AD trust environment overwritten, the user private group, the users primary group, cannot be lookup up by the overwritten name.
Resolves: RHEL-77184 - AD user in external group is not cleared when expiring the cache
Resolves: RHEL-72935 - sss_override does not work on AD UPN
Resolves: RHEL-11913 - GDM Support for IdM IdP feature and MFA [SSSD]
Resolves: RHEL-4990 - [RFE] SSSD support for Azure AD / Microsoft Entra ID (or general direct support of OIDC authentication)
Resolves: RHEL-4976 - [RFE] Continue searching other PKCS#11 tokens if certificates are not found
Resolves: RHEL-87200 - SSSD fails to connect with ipv4_first when on a machine with only IPv6 and server is dual-stack
Resolves: RHEL-25593 - Improve sssd-simple man page description
Resolves: RHEL-14752 - [RFE] Add IPA subdomain support to allow IPA-IPA trust
Resolves: RHEL-92569 - SSSD LDAPU1 Mapping braces problem
Resolves: RHEL-4981 - p11_child currently has an infinite timeout
Resolves: RHEL-5042 - IDM homedir %%o is not working, returns /home/domain/user instead of AD POSIX unixHomeDir
Resolves: RHEL-13086 - [RFE] Anonymous bind requests on RootDSE
Resolves: RHEL-45824 - SSSD unable to enumerate LDAP groups if LDAP server contains any group with # character in their names
Resolves: RHEL-4984 - Mismatch between input and parsed domain name when default_domain_suffix is set.
Resolves: RHEL-65848 - sssd password authentication broken in sssd-2.10.0~beta2-2 and later
Resolves: RHEL-67669 - Label DP_OPT_DYNDNS_REFRESH_OFFSET has no corresponding option
Resolves: RHEL-68421 - sssd ldap_child process segfaults when krb5.conf is invalid [rhel-10]
Resolves: RHEL-66935 - Avoid log flooding in case an app keeps making invalid `getservbyport(0, ...)` request
Resolves: RHEL-65736 - ipa: sudo commands doesn't check threshold correctly
Resolves: RHEL-68319 - Please deprecate/remove ad_allow_remote_domain_local_groups
Resolves: RHEL-56701 - sss_ssh_knownhosts is breaking ansible-pull
Resolves: RHEL-55993 - SSSD needs an option to indicate if the LDAP server can run the exop with an anonymous bind or not
No decision to remove i686 support has yet been announced for RHEL 10
and at this time, dropping that support from SSSD is causing cascading
issues.
If the removal decision gets made, Fedora ELN will disable i686 builds
on the buildsystem machinery side, not in the specfiles.
Signed-off-by: Stephen Gallagher <sgallagh@redhat.com>
