Releases: hakwerk/labca
Releases · hakwerk/labca
v26.03.1
v26.03
- Bump boulder version to v0.20260309.0
- Try to deal with broken pipe issue to bpkimetal (#218)
- Renew issuer CRL after restarting bpkimetal on broken pipe (#218)
- Fix issuer CRL validity period
- Fix mysql up check in commander
- Remove now obsolete Contact and InitialIP from accounts (#217)
- Add LabCA Control Log to gui
- Cosmetic: bump year
v25.12
- Bump boulder version to v0.20251216.0
- Bump several GitHub actions to latest version
- Update go dependencies to address security issues
- Add apt update in github actions; bump golangci-lint
- Add new arm64 apt sources file
- Use deb822 format for APT sources to properly handle ARM64 cross-compilation
- Fix 'error on line 239' when restoring backup (#194)
- Fix backup/restore of nginx ssl files (#194)
- Run mysql_upgrade every time the compose stack starts
- Try to prevent emtpy fqdn setting (#203)
v25.09
- Allow non-self-signed CA certificate as 'root' (#160, #196) -- i.e. you now can use a sub-CA as the root CA in LabCA
- Also allow names in standalone DB config (#198)
- Tweak max upload size for backups (#189)
- Bump actions/checkout from 4 to 5
- Bump actions/setup-go from 5 to 6
- Bump boulder version to v0.20250908.0
v25.08
v25.07
v25.05
- Fix previous CRL check when renewing CRL (#169)
- Fix missing labca-gui from control container
- Fix check in bad-key-revoker to skip SMTP TLS verification (#171)
- Fix CA links on public homepage (#166)
- Remove old comment about keeping root key offline - not possible anymore (#160)
- Replace acme_tiny.py with certbot as ACME client
- Bump boulder version to release-2025-05-27
- Update README files to make docker-only the primary setup
- Add golangci-lint for GUI
- Add packages write permission to workflows
- Fix linting issues
- Bump golang.org/x/crypto (#176 by dependabot[bot])
- Bump golang.org/x/net in /gui in the go_modules group across 1 directory (#177 by dependabot[bot])
- Add syntax parser directive to Dockerfiles
- Bump golangci/golangci-lint-action from 7 to 8
- Bump golangci-lint to v2.1
v25.03
- Clarify in README that offline root CA key is no longer supported
- Allow big uploads to /admin/ for restoring backups (#156)
- Create home dir for edge case where it was removed (#157)
- Fix certificate revoke command (#158)
- Fix CRL shard detection when revoking certs (#158)
- Fix issue where ceremony tool is not compiled in time
- Fix restart policy on bredis and bpkilint containers (#162)
- Fix root certificate link on setup page (#166)
- Update some GUI mod versions (dependabot)
- Remove obsolete instruction about update button (#165)
- Bump boulder version to release-2025-03-18
- Use latest tag for nginx docker image
- Prevent huge MySQL slow queries log file (#168)
- Fix cleanup of now obsolete bpkilint container
v25.02
- Use Let's Encrypt ceremony tool for generating keys and certs instead of openssl
- Store keys on SoftHSM instead of in plain text files on disk
- Add redis container for boulder rate limiting
- Fix standalone builds (both .debs and container) (#154)
- Use redis for OCSP as well, in different database number
- Fix issuer and CRL URLs in certificates
- Bump boulder version to release-2025-02-14
- Several fixes and tweaks
Allowing the root key to be offline made my code very complex to maintain, and with the change to the ceremony tool it would have become way more difficult. The keys are now stored in SoftHSMv2 and I will be looking into possibly supporting physical HSMs (Hardware Security Modules) in the future.