The 6.0 release of Bodhi — Fedora’s update gating system — will be published in a few days. We will deploy it to production a couple weeks after the Fedora release. It includes backwards-incompatible changes. Here’s what you need to know.


Bodhi gained support for OpenID Connect (OIDC) authentication, like most of Fedora’s webapps. OpenID still works but is not the default, you can access it by using /login?method=openid as the login URL.

Version 6.0 of the Bodhi client uses only OIDC and drops plain OpenID support. Version 5.7.5 of the Bodhi client, which has been available since March, uses the new OpenID login URL and will keep working with the updated server.

The client’s API has changed, so if you have a piece of code that imports from bodhi.client, you’ll have to update it to use the new API, and in the meantime use version 5.7.5.

As a user of the bodhi CLI, you’ll notice that the --username and --password options have disappeared. Instead the Bodhi client will ask you to open your browser to authenticate. Bodhi will save authentication tokens and you’ll be able to use the bodhi CLI without authenticating afterwards (including non-interactively).

Code reorganization

We reorganized the Bodhi source code to drop the hacks used in to support sub-projects. Instead, bodhi-server, bodhi-client and bodhi-messages are now actual Python package directories in the repo. The import path has not changed.

Bodhi’s Python project metadata and dependencies are now managed with Poetry.

Other changes

  • Serialized Release objects sent in the messages don’t contain the composes property anymore
  • The messages now contain an update property
  • In the Bodhi client API, the save_override() method has been extended to allow setting the expiration date directly
  • Miscellaneous bug fixes

If you have any questions, feel free to ask the Bodhi team in #bodhi on If you are importing the bodhi client code in your app/script, or using the bodhi client in an “unusual” manner, we’ll help you migrate.