# Kea 2.7.6 Release Notes, January 29th, 2025 Welcome to Kea 2.7.6, the sixth monthly release of the 2.7 development series. As with any other development release, use this with caution: development releases are not recommended for production use. Kea is a DHCP implementation developed by Internet Systems Consortium (ISC) that features DHCPv4 and DHCPv6 servers with DNS update and a REST API; optional database support (MySQL and PostgreSQL); optional RADIUS, Kerberos, YANG/NETCONF, and GSS-TSIG support; and much more. Kea provides extensive management capabilities, including but not limited to: TLS support, Role-Based Access Control, run-time configuration monitoring and updates via a REST API, host reservations, and client classification. The text below references issue numbers. For more details, visit the Kea GitLab page at https://gitlab.isc.org/isc-projects/kea/-/issues. For details about Docker issues, visit the page at https://gitlab.isc.org/isc-projects/kea-docker/-/issues/. For details about packaging, visit the page at https://gitlab.isc.org/isc-projects/kea-packaging/-/issues/. The following bug fixes and features have been implemented since the previous release, version 2.7.5: 1. **Hooks**: Kea is now able to load hooks from a specified path. Hooks can now be referenced by library name, rather than full path, making the use of hooks easier [#2101, #3579]. 2. **HA improvements**: The HA logic was improved to avoid conflicts in DNS cleanup performed by two servers in the terminated state [#3649]. 3. **Per-pool DNS parameters**: Many DNS behavioral parameters can now be specified on the pool level, in addition to the already-possible global, network, and subnet levels [#3049]. 4. **New DNS parameters**: New DNS parameters ('ddns-ttl', 'ddns-ttl-min', 'ddns-ttl-max') that govern the TTL were implemented and can now be configured using a config file [#2819] or the Config Backend (CB) [#3663]. 5. **Support for multiple HTTP/HTTPS connections**: Kea can now listen for incoming connections on multiple address families (IPv4/IPv6) and protocols (HTTP/HTTPS), although it does not support multiple simultaneous API commands. The connections can be configured in the "control-sockets" list [#3082]. 6. **Security**: We removed the default credentials. While the Kea software itself had no default credentials, some of the configuration examples did. Kea now also rejects obvious passwords, such as "keatest", except when built for testing [#3398]. 7. **Bug fixes**: A problem with database reconnection for MySQL and PostgreSQL was fixed. Earlier Kea versions reported that the DB connection was restored, but the DHCP service was never resumed [#3727]. The Control Agent (CA) now closes old HTTP sockets after reconfiguration [#3721]. A bug was fixed in the forensic logging hook; it no longer fails to load if a file with the name "base-name.txt" is present in the configured path [#3708]. A bug was fixed that caused leases stored in the released state to not be read [#3699]. We fixed a crash when compiling Kea with the latest gcc (14.2.1 20250110) on Fedora 41 [#3719]. 8. **Build system**: We completed an extensive evaluation of several build systems: CMake [#3442], Meson [#3443], Bazel [#3464], Ninja [#3444], and autodafe [#3528], and attempted to make autotools simpler [#3441]. While no code was merged, we did pick the new build system. Details will be provided in the release notes of the upcoming 2.7.7 release. The configure script now prints an error if the premium hooks sources were unpacked and `autoreconf -i` command was not run [#3697]. Kea now compiles properly with Boost 1.87 [#3695]. The Hammer tool was updated to support Alpine 3.21 and Fedora 41 [#3664]. 9. **Documentation**: We fixed some grammar issues in the option class-tagging in the ARM [#3679]. 10. **Testing**: We fixed a failing unit test on macOS 15.0 [#3606]. We fixed the GoogleTest installation on FreeBSD using Hammer [#3698]. ## Incompatible Changes 1. Kea now rejects certain default passwords. If you copied your Kea configuration from the examples in our documentation using our sample password, simply change your password to a unique value. For details, see [#3398]. ## License This version of Kea is released under the Mozilla Public License, version 2.0. https://www.mozilla.org/en-US/MPL/2.0 Some Kea hook libraries are provided under the MPL 2.0; others are licensed with the [Kea Hooks Basic Commercial End User License](https://www.isc.org/kea-premium-license/). The source for each hook library includes the applicable license. ## Download Pre-built ISC packages for current versions of the most popular Linux operating systems are available at: https://cloudsmith.io/\~isc/repos/ Pre-built Docker images, as well as Docker files, are available. For details, see: https://gitlab.isc.org/isc-projects/kea-docker The Kea source and PGP signature for this release may be downloaded from: https://www.isc.org/download The signature was generated with the ISC code-signing key, which is available at: https://www.isc.org/pgpkey ISC provides detailed documentation, including installation instructions and usage tutorials, in the Kea Administrator Reference Manual. Documentation is included with the installation or at https://kea.readthedocs.io/en/latest/index.html in HTML, PDF, or EPUB formats. ISC maintains a public open source code tree, wiki, issue tracking system, milestone planner, and roadmap at https://gitlab.isc.org/isc-projects/kea. Limitations and known issues with this release can be found at https://gitlab.isc.org/isc-projects/kea/-/wikis/known-issues-list. We ask users of this software to please let us know how it worked for you and what operating system you tested on. Feel free to share your feedback on the Kea Users mailing list (https://lists.isc.org/mailman/listinfo/kea-users). We would also like to hear whether the documentation is adequate and accurate. Please open tickets in the Kea GitLab project for bugs, documentation omissions and errors, and enhancement requests. We want to hear from you even if everything worked. ## Support Professional support for Kea is available from ISC. We encourage all professional users to consider this option; Kea maintenance is funded with support subscriptions. For more information on ISC's Kea software support, see https://www.isc.org/support/. Free best-effort support is provided by our user community via a mailing list. Information on all public email lists is available at https://www.isc.org/community/mailing-list. If you have any comments or questions about working with Kea, please share them to the Kea Users list (https://lists.isc.org/mailman/listinfo/kea-users). Bugs and feature requests may be submitted via GitLab at https://gitlab.isc.org/isc-projects/kea/-/issues. ## Changes The following summarizes changes and important upgrades since the 2.7.5 release. 2323. [func]* fdupont Kea now refuses secrets and passwords taken from examples, including when not built with unit tests "keatest". (Gitlab #3398) 2322. [bug] marcin Avoid conflicts in DNS cleanup performed by two servers in the terminated state in HA. (Gitlab #3649) 2321. [func] tmark Modified kea-dhcp4 and kea-dhcp6 to support DDNS behavioral parameters at the pool level. (Gitlab #3049) 2320. [bug] fdupont Fixed a bug where the lease in the released state was not read properly. (Gitlab #3699) 2319. [build] fdupont, q66 Kea can now build with Boost 1.87. The minimum supported Boost version has been bumped up from 1.57 to 1.66. Thanks to q66 for the patch. (Gitlab #3696) 2318. [build] razvan The library version numbers have been bumped up for the Kea 2.7.6 development release. (Gitlab #3724) 2317. [bug] razvan Fixed a bug related to database connection recovery which was preventing the server to resume processing packets because the dhcp state was never re-enabled. (Gitlab #3727) 2316. [func] razvan The kea-dhcp4, kea-dhcp6 and kea-dhcp-ddns servers now support multiple http/https connections. The can be configured in the "control-sockets" list. (Gitlab #3082, #3721) 2315. [func] razvan Kea can now load hook libraries specifying only the binary name. It uses the default hook libraries installation path which is provided in the config report as "Hooks directory". (Gitlab #2101, #3579) 2314. [func] tmark Added three new parameters which mP0+r\P1+r6B62=7F\ay be used to influence DNS TTL to kea-dhcp4 and kea-dhcp6: 'ddns-ttl', 'ddns-ttl-min', and 'ddns-ttl-max'. (Gitlab #2819, #3663) And for Kea premium: 208. [func]* fdupont Kea now refuses secrets and passwords taken from examples, including when not built with unit tests "keatest". GSS TSIG and RADIUS are currently excluded from this change. (Gitlab #3398) 207. [bug] razvan Fixed a bug which was causing the Forensic Log Hooks Library to not load if a file with the name 'base-name.txt' was present in the configured path. (Gitlab #3708) Thank you again to everyone who assisted us in making this release possible. We look forward to receiving your feedback.****