# Kea 2.7.2 Release Notes, August 28th, 2024

Welcome to Kea 2.7.2, the third monthly release of the 2.7 development
series. As with any other development release, use this with caution:
development releases are not recommended for production use.

Kea is a DHCP implementation developed by Internet Systems Consortium
(ISC) that features DHCPv4 and DHCPv6 servers with DNS update and a REST
API; optional database support (MySQL and PostgreSQL); optional RADIUS,
Kerberos, YANG/NETCONF, and GSS-TSIG support; and much more. Kea
provides extensive management capabilities, including but not limited
to: TLS support, Role-Based Access Control, run-time configuration
monitoring and updates via a REST API, host reservations, and client
classification.

The text below references issue numbers. For more details, visit the Kea
GitLab page at https://gitlab.isc.org/isc-projects/kea/-/issues. For
details about Docker issues, visit the page at
https://gitlab.isc.org/isc-projects/kea-docker/-/issues/. For details
about packaging, visit the page at
https://gitlab.isc.org/isc-projects/kea-packaging/-/issues/.

The following bug fixes and features have been implemented since the
previous release, version 2.7.1:

 1. **Native HTTP support for DHCP servers**: Starting with this
release, DHCPv4, DHCPv6, and DHCP-DDNS servers are able to support an
HTTP and HTTPS control channel natively, without the need for a Control
Agent (CA). This greatly simplifies the configuration as CA is no longer
necessary. [#3477]. The subscriber-only RBAC hook can now be loaded by
the DHCPv4, DHCPv6, and DHCP-DDNS servers [#3483]. A massive code
duplication between HTTP, HTTPS client and server testing was removed
[#1764]. We fixed a timing issue in the libHTTP library [#3478]. The
test HTTP client was extended to cover HTTPS, making the implementation
of HTTPS tests much easier. [#3490].

 2. **HA improvements**: When two HA partners cooperate, it is essential
that their clocks remain in sync: if the clock skew is too large, the HA
relationship will eventually collapse. The current value of clock skew
is now reported in the `status-get` command, allowing the user or
automated software to measure and possibly give an advance warning if
the clock sync is drifting too much. [#3513].

 3. **Classification update**: Classification and several other features
use expressions to determine whether a given packet belongs to a class,
what kind of value to use as an identifier (flex-id), and what kind of
log message to log (custom logging in forensic logging). We have
implemented a method called "lazy evaluation" to govern how expressions
are evaluated: in plain terms, sometimes only part of the expression is
evaluated if its value is already determined. This change makes a long
list of `(expression1) or (expression2) or ...` and `(expression1) and
(expression2) and ...` faster to evaluate [#3502].

 4. **Better handling of broken FQDN options**: Earlier Kea versions did
not properly handle the receipt of broken options containing an FQDN,
and dropped the whole packet. With `lenient-option-parsing` enabled, it
now ignores only the broken option and continues parsing the packet
[#3492].

 5. **kea-admin now handles non-standard ports**: The `kea-admin` tool
was extended to properly handle non-standard database ports [#2331,
#2882].

 6. **Rebalanced debug logging**: Several messages have had their log
levels adjusted [#1945]. There is a new section in the ARM listing all
messages for each debug level [#3341].

 7. **Packaging**: Login information is no longer stored for the `kea`
user when installing RPM Kea packages, which previously displayed a
`useradd` error when installing Kea packages; this was first observed in
Fedora 40 [kea-packaging#26]. Packages no longer attempt to remove the
unused directory `/run/lock/kea`, which previously resulted in a warning
when removing the Kea packages on Debian-based systems
[kea-packaging#27].

 8. **Bug fixes**: A problem with `subnet4-del` and `subnet6-del`
commands was fixed. The subnets are now completely deleted even if they
belong to a shared network [#3455].

 9. **Build improvements**: We fixed a problem with `AM_SILENT_RULES`
reported on a recent (1.17) release of automake [#3524]. `hammer`, Kea's
internal build tool, was extended to better work on FreeBSD 14 [#3470].
A nice conflict avoidance mechanism was imported from Stork; it allows
developers to seamlessly rebase their code, without worrying about
changelog conflicts. [#3522].

10. **Test improvements**: Several tests now behave better when
`KEA_LOGGER_DESTINATION` is set to stderr [#3487].

## Incompatible Changes

There are no incompatible changes.

## License

This version of Kea is released under the Mozilla Public License,
version 2.0.

https://www.mozilla.org/en-US/MPL/2.0

Some Kea hook libraries are provided under the MPL 2.0; others are
licensed with the [Kea Hooks Basic Commercial End User
License](https://www.isc.org/kea-premium-license/). The source for each
hook library includes the applicable license.

## Download

Pre-built ISC packages for current versions of the most popular Linux
operating systems are available at:

https://cloudsmith.io/~isc/repos/

Pre-built Docker images, as well as Docker files, are available. For
details, see:

https://gitlab.isc.org/isc-projects/kea-docker

The Kea source and PGP signature for this release may be downloaded from:

https://www.isc.org/download

The signature was generated with the ISC code-signing key, which is
available at:

https://www.isc.org/pgpkey

ISC provides detailed documentation, including installation instructions
and usage tutorials, in the Kea Administrator Reference Manual.
Documentation is included with the installation or at
https://kea.readthedocs.io/en/latest/index.html in HTML, PDF, or EPUB
formats. ISC maintains a public open source code tree, wiki, issue
tracking system, milestone planner, and roadmap at
https://gitlab.isc.org/isc-projects/kea.

Limitations and known issues with this release can be found at
https://gitlab.isc.org/isc-projects/kea/-/wikis/known-issues-list.

We ask users of this software to please let us know how it worked for
you and what operating system you tested on. Feel free to share your
feedback on the Kea Users mailing list
(https://lists.isc.org/mailman/listinfo/kea-users). We would also like
to hear whether the documentation is adequate and accurate. Please open
tickets in the Kea GitLab project for bugs, documentation omissions and
errors, and enhancement requests. We want to hear from you even if
everything worked.

## Support

Professional support for Kea is available from ISC. We encourage all
professional users to consider this option; Kea maintenance is funded
with support subscriptions. For more information on ISC's Kea software
support, see https://www.isc.org/support/.

Free best-effort support is provided by our user community via a mailing
list. Information on all public email lists is available at
https://www.isc.org/community/mailing-list. If you have any comments or
questions about working with Kea, please share them to the Kea Users
list (https://lists.isc.org/mailman/listinfo/kea-users). Bugs and
feature requests may be submitted via GitLab at
https://gitlab.isc.org/isc-projects/kea/-/issues.

## Changes

The following summarizes changes and important upgrades since the 2.7.1
release.

2277.	[build]		andrei
	"libca_rbac.so" is now a symbolic link to "libdhcp_rbac.so".
	(Gitlab #3550)

2276.	[build]		razvan
	The library version numbers have been bumped up for the Kea 2.7.2
	development release.
	(Gitlab #3549)

2275.	[func]		andrei
	When running with High-Availability (HA) enabled, the status-get
	command now includes in its response the system time for each HA
	node and the clock skew in seconds between active peers.
	(Gitlab #3513)

2274.	[doc, func, build]		andrei
	The events that logged EVAL_RESULT now log a different message
	for each triggering event. As a result, the message was split
	into eight messages. The messages that were logged at INFO level
	are now logged at the same level as their DEBUG counterparts:
	level 50. Fixed an issue that was causing some messages to not
	appear under the "Kea Messages Manual" section. A new section
	called "Kea Debug Messages By Log Level" is added to the ARM.
	(Gitlab #1945)

2273.	[func]*		fdupont
	The RBAC (role-based access control) hook library was
	extended to support the new HTTP/HTTPS control socket
	of Kea servers. Note its name changed too from
	"libca_rbac.so" to "libdhcp_rbac.so".
	(Gitlab #3483)

2272.	[perf]		fdupont
	Implementation of "and", "or" and "ifelse" expressions
	was changed to evaluate sub-expressions only when needed.
	(Gitlab #3502)

2271.	[func]		fdupont
	Extended the control-socket entry taking a map
	specifying a UNIX/LOCAL control socket for DHCPv4,
	DHCPv6 and DHCP-DDNS servers to a control-sockets
	list of maps taking also a HTTP/HTTPS control socket
	with authentication and TLS parameters from the
	Control Agent.
	(Gitlab #3477)

2270.	[bug]		andrei
	Fixed flag -P|--port not working in kea-admin on mysql db-init,
	mysql db-upgrade, pgsql db-upgrade, pgsql lease-dump.
	pgsql db-upgrade now properly reports an upgrade failure instead
	of attempting to upgrade to subsequent schema versions.
	(Gitlab #2882)

2269.	[func]		tmark
	Extended kea-dhcp4 and kea-dhcp6 lenient option parsing
	to drop FQDN options such as v4-lost and v6-access-domain
	if they contain malformed FQDNs.
	(Gitlab #3492)

And for Kea premium:

205.	[build]		andrei
	"libca_rbac.so" is now a symbolic link to "libdhcp_rbac.so".
	(Gitlab #3550)

204.	[func]*		fdupont
	The RBAC (role-based access control) hook library was
	extended to support the new HTTP/HTTPS control socket
	of Kea servers. Note its name changed too from
	"libca_rbac.so" to "libdhcp_rbac.so".
	(Gitlab #3483)

203.	[bug]*		tmark
	Corrected subnet4-del and subnet6-del commands. The
	commands were deleting subnets but not removing them
	from their shared networks.
	(Gitlab #3455)

Thank you again to everyone who assisted us in making this release
possible.

We look forward to receiving your feedback.