# Kea 2.7.6 Release Notes, January 29th, 2025

Welcome to Kea 2.7.6, the sixth monthly release of the 2.7 development
series. As with any other development release, use this with caution:
development releases are not recommended for production use.

Kea is a DHCP implementation developed by Internet Systems Consortium
(ISC) that features DHCPv4 and DHCPv6 servers with DNS update and a REST
API; optional database support (MySQL and PostgreSQL); optional RADIUS,
Kerberos, YANG/NETCONF, and GSS-TSIG support; and much more. Kea
provides extensive management capabilities, including but not limited
to: TLS support, Role-Based Access Control, run-time configuration
monitoring and updates via a REST API, host reservations, and client
classification.

The text below references issue numbers. For more details, visit the Kea
GitLab page at https://gitlab.isc.org/isc-projects/kea/-/issues. For
details about Docker issues, visit the page at
https://gitlab.isc.org/isc-projects/kea-docker/-/issues/. For details
about packaging, visit the page at
https://gitlab.isc.org/isc-projects/kea-packaging/-/issues/.

The following bug fixes and features have been implemented since the
previous release, version 2.7.5:

1. **Hooks**: Kea is now able to load hooks from a specified path. Hooks
can now be referenced by library name, rather than full path, making the
use of hooks easier [#2101, #3579].

2. **HA improvements**: The HA logic was improved to avoid conflicts in
DNS cleanup performed by two servers in the terminated state [#3649].

3. **Per-pool DNS parameters**: Many DNS behavioral parameters can now
be specified on the pool level, in addition to the already-possible
global, network, and subnet levels [#3049].

4. **New DNS parameters**: New DNS parameters ('ddns-ttl',
'ddns-ttl-min', 'ddns-ttl-max') that govern the TTL were implemented and
can now be configured using a config file [#2819] or the Config Backend
(CB) [#3663].

5. **Support for multiple HTTP/HTTPS connections**: Kea can now listen
for incoming connections on multiple address families (IPv4/IPv6) and
protocols (HTTP/HTTPS), although it does not support multiple
simultaneous API commands. The connections can be configured in the
"control-sockets" list [#3082].

6. **Security**: We removed the default credentials. While the Kea
software itself had no default credentials, some of the configuration
examples did. Kea now also rejects obvious passwords, such as "keatest",
except when built for testing [#3398].

7. **Bug fixes**: A problem with database reconnection for MySQL and
PostgreSQL was fixed. Earlier Kea versions reported that the DB
connection was restored, but the DHCP service was never resumed [#3727].
The Control Agent (CA) now closes old HTTP sockets after reconfiguration
[#3721]. A bug was fixed in the forensic logging hook; it no longer
fails to load if a file with the name "base-name.txt" is present in the
configured path [#3708]. A bug was fixed that caused leases stored in
the released state to not be read [#3699]. We fixed a crash when
compiling Kea with the latest gcc (14.2.1 20250110) on Fedora 41 [#3719].

8. **Build system**: We completed an extensive evaluation of several
build systems: CMake [#3442], Meson [#3443], Bazel [#3464], Ninja
[#3444], and autodafe [#3528], and attempted to make autotools simpler
[#3441]. While no code was merged, we did pick the new build system.
Details will be provided in the release notes of the upcoming 2.7.7
release. The configure script now prints an error if the premium hooks
sources were unpacked and `autoreconf -i` command was not run [#3697].
Kea now compiles properly with Boost 1.87 [#3695]. The Hammer tool was
updated to support Alpine 3.21 and Fedora 41 [#3664].

9. **Documentation**: We fixed some grammar issues in the option
class-tagging in the ARM [#3679].

10. **Testing**: We fixed a failing unit test on macOS 15.0 [#3606]. We
fixed the GoogleTest installation on FreeBSD using Hammer [#3698].

## Incompatible Changes

1. Kea now rejects certain default passwords. If you copied your Kea
configuration from the examples in our documentation using our sample
password, simply change your password to a unique value. For details,
see [#3398].

## License

This version of Kea is released under the Mozilla Public License,
version 2.0.

https://www.mozilla.org/en-US/MPL/2.0

Some Kea hook libraries are provided under the MPL 2.0; others are
licensed with the [Kea Hooks Basic Commercial End User
License](https://www.isc.org/kea-premium-license/). The source for each
hook library includes the applicable license.

## Download

Pre-built ISC packages for current versions of the most popular Linux
operating systems are available at:

https://cloudsmith.io/\~isc/repos/

Pre-built Docker images, as well as Docker files, are available. For
details, see:

https://gitlab.isc.org/isc-projects/kea-docker

The Kea source and PGP signature for this release may be downloaded from:

https://www.isc.org/download

The signature was generated with the ISC code-signing key, which is
available at:

https://www.isc.org/pgpkey

ISC provides detailed documentation, including installation instructions
and usage tutorials, in the Kea Administrator Reference Manual.
Documentation is included with the installation or at
https://kea.readthedocs.io/en/latest/index.html in HTML, PDF, or EPUB
formats. ISC maintains a public open source code tree, wiki, issue
tracking system, milestone planner, and roadmap at
https://gitlab.isc.org/isc-projects/kea.

Limitations and known issues with this release can be found at
https://gitlab.isc.org/isc-projects/kea/-/wikis/known-issues-list.

We ask users of this software to please let us know how it worked for
you and what operating system you tested on. Feel free to share your
feedback on the Kea Users mailing list
(https://lists.isc.org/mailman/listinfo/kea-users). We would also like
to hear whether the documentation is adequate and accurate. Please open
tickets in the Kea GitLab project for bugs, documentation omissions and
errors, and enhancement requests. We want to hear from you even if
everything worked.

## Support

Professional support for Kea is available from ISC. We encourage all
professional users to consider this option; Kea maintenance is funded
with support subscriptions. For more information on ISC's Kea software
support, see https://www.isc.org/support/.

Free best-effort support is provided by our user community via a mailing
list. Information on all public email lists is available at
https://www.isc.org/community/mailing-list. If you have any comments or
questions about working with Kea, please share them to the Kea Users
list (https://lists.isc.org/mailman/listinfo/kea-users). Bugs and
feature requests may be submitted via GitLab at
https://gitlab.isc.org/isc-projects/kea/-/issues.

## Changes

The following summarizes changes and important upgrades since the 2.7.5
release.

2323.	[func]*		fdupont
	Kea now refuses secrets and passwords taken from examples,
	including when not built with unit tests "keatest".
	(Gitlab #3398)

2322.	[bug]		marcin
	Avoid conflicts in DNS cleanup performed by two servers in
	the terminated state in HA.
	(Gitlab #3649)

2321.	[func]		tmark
	Modified kea-dhcp4 and kea-dhcp6 to support
	DDNS behavioral parameters at the pool level.
	(Gitlab #3049)

2320.	[bug]		fdupont
	Fixed a bug where the lease in the released state was not read
	properly.
	(Gitlab #3699)

2319.	[build]		fdupont, q66
	Kea can now build with Boost 1.87. The minimum supported Boost
	version has been bumped up from 1.57 to 1.66. Thanks to q66
	for the patch.
	(Gitlab #3696)

2318.	[build]		razvan
	The library version numbers have been bumped up for the Kea 2.7.6
	development release.
	(Gitlab #3724)

2317.	[bug]		razvan
	Fixed a bug related to database connection recovery which was
	preventing the server to resume processing packets because the
	dhcp state was never re-enabled.
	(Gitlab #3727)

2316.	[func]		razvan
	The kea-dhcp4, kea-dhcp6 and kea-dhcp-ddns servers now support
	multiple http/https connections. The can be configured in the
	"control-sockets" list.
	(Gitlab #3082, #3721)

2315.	[func]		razvan
	Kea can now load hook libraries specifying only the binary name.
	It uses the default hook libraries installation path which is
	provided in the config report as "Hooks directory".
	(Gitlab #2101, #3579)

2314.	[func]		tmark
	Added three new parameters which mP0+r\P1+r6B62=7F\ay be used to
	influence DNS TTL to kea-dhcp4 and kea-dhcp6:
	'ddns-ttl', 'ddns-ttl-min', and 'ddns-ttl-max'.
	(Gitlab #2819, #3663)

And for Kea premium:

208.	[func]*		fdupont
	Kea now refuses secrets and passwords taken from examples,
	including when not built with unit tests "keatest".
	GSS TSIG and RADIUS are currently excluded from this change.
	(Gitlab #3398)

207.	[bug]		razvan
	Fixed a bug which was causing the Forensic Log Hooks Library to
	not load if a file with the name 'base-name.txt' was present in
	the configured path.
	(Gitlab #3708)

Thank you again to everyone who assisted us in making this release
possible.

We look forward to receiving your feedback.****