forked from TrueCloudLab/certificates
7a13661e4c
Add configuration for custom path segment on SCEP provisioners
3.2 KiB
3.2 KiB
Changelog
All notable changes to this project will be documented in this file.
The format is based on Keep a Changelog and this project adheres to Semantic Versioning.
[Unreleased - 0.18.3] - DATE
Added
Changed
- Made SCEP CA URL paths dynamic
Deprecated
Removed
Fixed
Security
[0.18.2] - 2022-03-01
Added
- Added
subscriptionIDs
andobjectIDs
filters to the Azure provisioner. - NoSQL package allows filtering
out database drivers using Go tags. For example, using the Go flag
--tags=nobadger,nobbolt,nomysql
will only compilestep-ca
with the pgx driver for PostgreSQL.
Changed
- IPv6 addresses are normalized as IP addresses instead of hostnames.
- More descriptive JWK decryption error message.
- Make the X5C leaf certificate available to the templates using
{{ .AuthorizationCrt }}
.
Fixed
- During provisioner add - validate provisioner configuration before storing to DB.
[0.18.1] - 2022-02-03
Added
- Support for ACME revocation.
- Replace hash function with an RSA SSH CA to "rsa-sha2-256".
- Support Nebula provisioners.
- Example Ansible configurations.
- Support PKCS#11 as a decrypter, as used by SCEP.
Changed
- Automatically create database directory on
step ca init
. - Slightly improve errors reported when a template has invalid content.
- Error reporting in logs and to clients.
Fixed
- SCEP renewal using HTTPS on macOS.
[0.18.0] - 2021-11-17
Added
- Support for multiple certificate authority contexts.
- Support for generating extractable keys and certificates on a pkcs#11 module.
Changed
- Support two latest versions of golang (1.16, 1.17)
Deprecated
- go 1.15 support
[0.17.6] - 2021-10-20
Notes
- 0.17.5 failed in CI/CD
[0.17.5] - 2021-10-20
Added
- Support for Azure Key Vault as a KMS.
- Adapt
pki
package to support key managers. - gocritic linter
Fixed
- gocritic warnings
[0.17.4] - 2021-09-28
Fixed
- Support host-only or user-only SSH CA.
[0.17.3] - 2021-09-24
Added
- go 1.17 to github action test matrix
- Support for CloudKMS RSA-PSS signers without using templates.
- Add flags to support individual passwords for the intermediate and SSH keys.
- Global support for group admins in the OIDC provisioner.
Changed
- Using go 1.17 for binaries
Fixed
- Upgrade go-jose.v2 to fix a bug in the JWK fingerprint of Ed25519 keys.
Security
- Use cosign to sign and upload signatures for multi-arch Docker container.
- Add debian checksum
[0.17.2] - 2021-08-30
Added
- Additional way to distinguish Azure IID and Azure OIDC tokens.
Security
- Sign over all goreleaser github artifacts using cosign
[0.17.1] - 2021-08-26
[0.17.0] - 2021-08-25
Added
- Add support for Linked CAs using protocol buffers and gRPC
step-ca init
adds support for- configuring a StepCAS RA
- configuring a Linked CA
- congifuring a
step-ca
using Helm
Changed
- Update badger driver to use v2 by default
- Update TLS cipher suites to include 1.3
Security
- Fix key version when SHA512WithRSA is used. There was a typo creating RSA keys with SHA256 digests instead of SHA512.