Comment 11 for bug 860297

SSSD 1.5.9 saw a large series of changes to our LDAP code, mostly to be able to better support Active Directory as an identity source. However, we had to quickly turn out 1.5.10 and 1.5.11 as we discovered that the new features were breaking some existing configurations.

The 1.5.12 release saw a complete rewrite to the HBAC code (support for SSSD acting as a client to a FreeIPA server) due to late changes to the FreeIPA HBAC (host-based access control) design. We then needed to release 1.5.13 to address a few regressions discovered during the HBAC rewrite. It also included a bugfix to a long-standing issue seen when waking from a sleep that disconnected a VPN.

SSSD 1.5.x is our current long-term maintenance release, which means that upstream will continue to support it with bugfixes and new features for at least one year, and security fixes for at least two (or one year after RHEL no longer ships a 1.5.x release, whichever comes later).

I'll admit that we had a bit of a rough period between 1.5.9 and 1.5.12, but in general the latest releases are working well. It's also worth noting that 1.5.x contains the set of fixes being tested by Red Hat QA for inclusion in RHEL.