Skip to content

Releases: NLnetLabs/krill

0.14.5 ‘Who dis? New Phone’

27 Jun 14:44
f1340b1
Compare
Choose a tag to compare

New

  • Allow overriding the initial manifest number when initializing the TA signer, either by specifying --initial_manifest_number in the CLI or by including ta_mft_nr_override: #nr in the ImportTa JSON. (#1178)
  • Allow overriding the TA manifest number when signing a TA proxy request by specifying --ta_mft_number_override in the CLI. (#1178)

Bug fixes

  • Prevent empty RRDP delta lists to be produced. (#1181)
  • Correctly encode empty revocation lists in CRLs. (via rpki-rs#295)
  • Allow read access to the RIS dump while downloading a new dump. (#1179)
  • Don’t apply “child revoke key” command if the resource class does not exist. (#1208)

Other changes

  • The minimum supported Rust version is now 1.70.0. (#1198)

0.13.2 ’Be kind, rewind’

27 Jun 13:47
523a567
Compare
Choose a tag to compare

Bug fixes

  • Updated the locked version of the h2 crate to 0.3.26 to fix RUSTSEC-2024-0332. (#1206)
  • Don’t apply “child revoke key” command if the resource class does not exist. (#1207)

0.14.5-rc1

21 Jun 11:39
c9c8438
Compare
Choose a tag to compare
0.14.5-rc1 Pre-release
Pre-release

New

  • Allow overriding the initial manifest number when initializing the TA
    signer, either by specifying --initial_manifest_number in the CLI or by
    including ta_mft_nr_override: #nr in the ImportTa JSON. (#1178)
  • Allow overriding the TA manifest number when signing a TA proxy request by
    specifying --ta_mft_number_override in the CLI. (#1178)

Bug fixes

  • Prevent empty RRDP delta lists to be produced. (#1181)
  • Correctly encode empty revocation lists in CRLs. (via rpki-rs#295)
  • Allow read access to the RIS dump while downloading a new dump.
    (#1179)
  • Don’t apply “child revoke key” command if the resource class does not
    exist. (#1208)

Other changes

  • The minimum supported Rust version is now 1.70.0. (#1198)

0.13.2-rc1

21 Jun 09:40
9379d22
Compare
Choose a tag to compare
0.13.2-rc1 Pre-release
Pre-release

Bug fixes

  • Updated the locked version of the h2 crate to 0.3.26 to fix RUSTSEC-2024-0332. (#1206)
  • Don’t apply “child revoke key” command if the resource class does not exist. (#1207)

0.14.4 ‘A Flock of Krill’

13 Dec 22:10
Compare
Choose a tag to compare

This release fixes the following issues:

  • Krill should not freeze if lockfiles were not deleted properly #1171 (since Krill 0.14.0)
  • Don't warn about yanked dependencies when installing Krill via Cargo #1173

0.14.3 ‘Temp’

06 Dec 09:22
Compare
Choose a tag to compare

This release fixes a number of issues found in 0.14.0 through 0.14.2:

  • Use rpki-rs 0.18.0 to support builds on more platforms #1166
  • Fix aspa migration issues #1163
  • Depend on kvx 0.9.2 to ensure temp files are used properly #1160

Most importantly, Krill will now use temp files for all data that it stores to avoid issues with half-written files in case the disk is full, or the server is rebooted in the middle of writing. This issue was introduced in release 0.14.0, and we recommend that all users upgrade to this version to avoid issues.

This release also includes:

0.14.2 ‘Extra, Extra, Extra!’

06 Nov 12:20
Compare
Choose a tag to compare

This release fixes a bug in the migration code, not fully fixed in 0.14.1, where 'surplus' archived data should be skipped (#1147). There is no need to upgrade to this version if you already upgraded to 0.14.0 or 0.14.1.

Release 0.14.0 'ASPA' adds support for the updated ASPA v1 profile (issue #1080). Any existing ASPA objects will be re-issued automatically. Updated documentation can be found here.

In addition, the following small features and fixes were done:

  • Show delete ROA button when no BGP preview is available #1139
  • Add traditional and simplified Chinese translations #1075
  • Let the testbed automatically renew the TA manifest and CRL #1095 (see below)
  • Show the delete icon for AS0 ROA when there is another existing announcement #1109

The main effort in this release was spent on less user-visible improvements in how Krill stores its data. This will help improve robustness today and pave the way for introducing support for Krill clustering using a database back-end in a future release.

For now, these issues have been done:

  • Improve transactionality of changes (e.g. #1076-1078, #1085, #1108, #1090)
  • Remove no longer needed 'always_recover_data' function #1086
  • Improve upgrade failed error: tell users to downgrade #1042
  • Crash Krill if the task scheduler encounters a fatal error. #1132

You can find the full list of issues here:

Finally, regarding issue #1095. If you were running 0.13.1 as a testbed, you might have symlinked the "signer" directory to "ta_signer" to support a manual workaround for re-signing the trust anchor CRL and manifest. If you did, you may need to delete any surplus files and directories under "data/ta_signer" other than the " ta " directory.

0.14.1 ‘Extra, Extra!’

03 Nov 11:00
Compare
Choose a tag to compare

This release fixes a bug in the migration code where 'surplus' directories for archived events should be skipped (#1147).

Release 0.14.0 'ASPA' adds support for the updated ASPA v1 profile (issue #1080). Any existing ASPA objects will be re-issued automatically. Updated documentation can be found here.

In addition, the following small features and fixes were done:

  • Show delete ROA button when no BGP preview is available #1139
  • Add traditional and simplified Chinese translations #1075
  • Let the testbed automatically renew the TA manifest and CRL #1095 (see below)
  • Show the delete icon for AS0 ROA when there is another existing announcement #1109

The main effort in this release was spent on less user-visible improvements in how Krill stores its data. This will help improve robustness today and pave the way for introducing support for Krill clustering using a database back-end in a future release.

For now, these issues have been done:

  • Improve transactionality of changes (e.g. #1076-1078, #1085, #1108, #1090)
  • Remove no longer needed 'always_recover_data' function #1086
  • Improve upgrade failed error: tell users to downgrade #1042
  • Crash Krill if the task scheduler encounters a fatal error. #1132

You can find the full list of issues here:

Finally, regarding issue #1095. If you were running 0.13.1 as a testbed, you might have symlinked the "signer" directory to "ta_signer" to support a manual workaround for re-signing the trust anchor CRL and manifest. If you did, you may need to delete any surplus files and directories under "data/ta_signer" other than the " ta " directory.

0.14.0 ‘ASPA’

02 Nov 11:01
Compare
Choose a tag to compare

This release adds support for the updated ASPA v1 profile (issue #1080). Any existing ASPA objects will be re-issued automatically. Updated documentation can be found here.

In addition, the following small features and fixes were done:

  • Show delete ROA button when no BGP preview is available #1139
  • Add traditional and simplified Chinese translations #1075
  • Let the testbed automatically renew the TA manifest and CRL #1095 (see below)
  • Show the delete icon for AS0 ROA when there is another existing announcement #1109

The main effort in this release was spent on less user-visible improvements in how Krill stores its data. This will help improve robustness today and pave the way for introducing support for Krill clustering using a database back-end in a future release.

For now, these issues have been done:

  • Improve transactionality of changes (e.g. #1076-1078, #1085, #1108, #1090)
  • Remove no longer needed 'always_recover_data' function #1086
  • Improve upgrade failed error: tell users to downgrade #1042
  • Crash Krill if the task scheduler encounters a fatal error. #1132

You can find the full list of issues here:

Finally, regarding issue #1095. If you were running 0.13.1 as a testbed, you might have symlinked the "signer" directory to "ta_signer" to support a manual workaround for re-signing the trust anchor CRL and manifest. If you did, you may need to delete any surplus files and directories under "data/ta_signer" other than the " ta " directory.

v0.14.0-rc3

23 Oct 10:09
Compare
Choose a tag to compare
v0.14.0-rc3 Pre-release
Pre-release

This is the third release candidate for the coming 0.14.0 release. We invite all interested users to test this version, but please do not upgrade your production environment until 0.14.0 has been released.

This release adds support for the updated ASPA v1 profile (issue #1080). Existing ASPA objects will be re-issued when migrating from 0.13.1 or lower to this version. NOTE: you cannot upgrade from 0.14.0-rc1 or 0.14.0-rc2 to this release if you have existing ASPA objects.

In addition, this release introduces the following small features and fixes:

  • Add traditional and simplified Chinese translations #1075
  • Let the testbed automatically renew the TA manifest and CRL #1095
  • Show the delete icon for AS0 ROA when there is another existing announcement #1109
  • Show delete ROA button when no BGP preview is available #1139 (fixed in 0.14.0-rc2)

But, we spent the main effort in this release on improving how Krill stores its data. This will help improve robustness today and pave the way for introducing support for Krill clustering using a database back-end in a future release. For now, these issues were done:

  • Improve transactionality of changes (e.g. #1076-1078, #1085, #1108, #1090)
  • Remove no longer needed 'always_recover_data' function #1086
  • Improve upgrade failed error: tell users to downgrade #1042
  • Crash Krill if the task scheduler encounters a fatal error. #1132
  • Add support for importing delegated child CAs #1133

Note that this release still uses the now outdated ASPA object syntax. We plan to make another focused release to address this immediately after 0.14.0 is released. See issue #1080.

Note that if you were running 0.13.1 as a testbed, you may have symlinked the "signer" directory to "ta_signer" to support a manual workaround for re-signing the trust anchor CRL and manifest (issue #1095). If you did, you may need to delete any surplus files and directories under "/var/lib/krill/data/ta_signer" other than the " ta " directory.