Archives
/
smallstep-certificates
mirror of https://github.com/smallstep/certificates
2
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity
You cannot select more than 25 topics Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
master
wire-acme-extensions
mariano/init-provisioners
fix-1637
dependabot/go_modules/github.com/slackhq/nebula-1.8.2
herman/wire-dpop-struct
herman/fix-nebula-curve-param
herman/wrapped-listener
herman/configure-server-http-timeout
josh/fips
herman/acme-macos-properties
josh/webhook-error-response-content
user-regex
max/nebula-sign-curve
carl/bootstrap-error-clarity
max/capabilities
herman/acme-cname-txt
max/test
herman/acme-da-roots
backports
but
collections
update-step-env-vars
panos/api/flow
errors-internal
docker-dns-names
docker-init
carl/sysd-update
carl/readmes
carl/ssh-host-matchbug
nosql-0.3.2
dcow/challenge-retry
ssh
printAud
getHosts
ssh-config
certificate-transparency
seb/ct-local
seb/markdown-issues
seb/anchors
v0.25.3-rc7
v0.25.3-rc6
v0.25.3-rc4
v0.25.3-rc.1
v0.22.2-rc14
v0.22.2-rc13
v0.0.1-rc.1
v0.0.1-rc.2
v0.0.1-rc.3
v0.10.0
v0.11.0
v0.11.0-rc.1
v0.11.0-rc.2
v0.11.0-rc.3
v0.11.0-rc.4
v0.12.0
v0.13.0
v0.13.1
v0.13.2
v0.13.3
v0.14.0
v0.14.0-rc.1
v0.14.0-rc.10.badger2
v0.14.0-rc.14
v0.14.0-rc.15
v0.14.0-rc.16
v0.14.0-rc.2
v0.14.0-rc.3
v0.14.0-rc.4.badger2
v0.14.0-rc.5
v0.14.0-rc.6
v0.14.0-rc.7
v0.14.0-rc.8
v0.14.0-rc.9
v0.14.0.rc.11.badger2
v0.14.0.rc.12.badger2
v0.14.0.rc.13.badger2
v0.14.1
v0.14.2
v0.14.3
v0.14.3-rc.1.badger2
v0.14.3-rc.2.32bitbadger2
v0.14.4
v0.14.5
v0.14.5-rc.1.100MB.badgerV2
v0.14.5-rc.2.100MB.badgerV2
v0.14.5-rc.3.cullACMEOrders
v0.14.5-rc.4
v0.14.6
v0.14.7-rc.1.docker-buildx
v0.14.7-rc.2.deb-name-test
v0.15.0
v0.15.0-rc.1
v0.15.1
v0.15.1-rc.1
v0.15.10
v0.15.11
v0.15.12
v0.15.12-rc1
v0.15.12-rc2
v0.15.12-rc3
v0.15.12-rc4
v0.15.12-rc5
v0.15.13
v0.15.14
v0.15.15
v0.15.16
v0.15.16-rc1.test-arm6
v0.15.16-rc2.test-arm6
v0.15.16-rc3.test-arm6
v0.15.16-rc4
v0.15.16-rc5
v0.15.16-rc6
v0.15.16-rc7
v0.15.2
v0.15.2-rc.1
v0.15.3
v0.15.4
v0.15.5
v0.15.5-rc.1
v0.15.6
v0.15.7
v0.15.7-rc.1
v0.15.8
v0.15.9
v0.15.9-rc1
v0.15.9-rc10
v0.15.9-rc11
v0.15.9-rc12
v0.15.9-rc13
v0.15.9-rc14
v0.15.9-rc15
v0.15.9-rc16
v0.15.9-rc17
v0.15.9-rc18
v0.15.9-rc19
v0.15.9-rc2
v0.15.9-rc3
v0.15.9-rc4
v0.15.9-rc5
v0.15.9-rc6
v0.15.9-rc7
v0.15.9-rc8
v0.15.9-rc9
v0.16.0
v0.16.0-rc.1
v0.16.0-rc.2
v0.16.1
v0.16.2
v0.16.3
v0.16.4
v0.17.0
v0.17.0-rc1
v0.17.1
v0.17.2
v0.17.2-rc1
v0.17.3
v0.17.3-rc1
v0.17.3-rc2
v0.17.3-rc3
v0.17.3-rc4
v0.17.3-rc5
v0.17.3-rc6
v0.17.3-rc7
v0.17.3-rc8
v0.17.3-rc9
v0.17.4
v0.17.4-rc1
v0.17.5
v0.17.5-rc1
v0.17.6
v0.17.6-rc1
v0.17.6-rc2
v0.17.7-rc1
v0.18.0
v0.18.1
v0.18.1-rc1
v0.18.1-rc2
v0.18.1-rc3
v0.18.2
v0.18.3-rc1
v0.18.3-rc2
v0.18.3-rc3
v0.18.3-rc4
v0.19.0
v0.20.0
v0.21.0
v0.22.0
v0.22.1
v0.22.2-rc10
v0.22.2-rc11
v0.22.2-rc12
v0.22.2-rc15
v0.22.2-rc16
v0.22.2-rc17
v0.22.2-rc18
v0.22.2-rc2
v0.22.2-rc3
v0.22.2-rc4
v0.22.2-rc5
v0.22.2-rc6
v0.22.2-rc7
v0.22.2-rc8
v0.22.2-rc9
v0.23.0
v0.23.0-rc.1
v0.23.0-rc.2
v0.23.0-rc.3
v0.23.1
v0.23.1-rc.1
v0.23.2
v0.24.0
v0.24.0-rc.2
v0.24.0-rc1
v0.24.1
v0.24.2
v0.24.3-rc.1
v0.24.3-rc.2
v0.24.3-rc.3
v0.24.3-rc.4
v0.24.3-rc.5
v0.24.3-rc1
v0.25.0
v0.25.1
v0.25.2
v0.25.3-rc2
v0.25.3-rc3
v0.25.3-rc5
v0.26.0
v0.26.0-rc1
v0.26.0-rc2
v0.26.1
v0.8.1
v0.8.1-rc.1
v0.8.1-rc.2
v0.8.2
v0.8.2-rc.1
v0.8.3
v0.8.4
v0.8.4-rc.1
v0.8.4-rc.2
v0.8.5
v0.8.5-rc.1
v0.8.5-rc.2
v0.8.5-rc.3
v0.8.5-rc.4
v0.8.5-rc.5
v0.9.0
v0.9.0-rc.1
v0.9.1
v0.9.1-rc.1
v0.9.1-rc.2
v0.9.2
v0.9.2-rc.1
Branches Tags
${ item.name }
Create tag ${ searchTerm }
Create branch ${ searchTerm }
from '4cb74e7d8b'
${ noResults }
smallstep-certificates/CHANGELOG.md

4.4 KiB
Raw Blame History

Changelog

All notable changes to this project will be documented in this file.

The format is based on Keep a Changelog and this project adheres to Semantic Versioning.

[Unreleased - 0.19.1] - DATE

Added

Changed

Deprecated

Removed

Fixed

Security

[0.19.0] - 2022-04-19

Added

  • Added support for certificate renewals after expiry using the claim allowRenewalAfterExpiry.
  • Added support for extraNames in X.509 templates.
  • Added armv5 builds.
  • Added RA support using a Vault instance as the CA.
  • Added WithX509SignerFunc authority option.
  • Added a new /roots.pem endpoint to download the CA roots in PEM format.
  • Added support for Azure Managed Identity tokens.
  • Added support for automatic configuration of linked RAs.
  • Added support for the --context flag. It's now possible to start the CA with step-ca --context=abc to use the configuration from context abc. When a context has been configured and no configuration file is provided on startup, the configuration for the current context is used.
  • Added startup info logging and option to skip it (--quiet).

Changed

  • Made SCEP CA URL paths dynamic.
  • Support two latest versions of Go (1.17, 1.18).
  • Upgrade go.step.sm/crypto to v0.16.1.
  • Upgrade go.step.sm/linkedca to v0.15.0.

Deprecated

  • Go 1.16 support.

Removed

Fixed

  • Fixed admin credentials on RAs.
  • Fixed ACME HTTP-01 challenges for IPv6 identifiers.
  • Various improvements under the hood.

Security

[0.18.2] - 2022-03-01

Added

  • Added subscriptionIDs and objectIDs filters to the Azure provisioner.
  • NoSQL package allows filtering out database drivers using Go tags. For example, using the Go flag --tags=nobadger,nobbolt,nomysql will only compile step-ca with the pgx driver for PostgreSQL.

Changed

  • IPv6 addresses are normalized as IP addresses instead of hostnames.
  • More descriptive JWK decryption error message.
  • Make the X5C leaf certificate available to the templates using {{ .AuthorizationCrt }}.

Fixed

  • During provisioner add - validate provisioner configuration before storing to DB.

[0.18.1] - 2022-02-03

Added

  • Support for ACME revocation.
  • Replace hash function with an RSA SSH CA to "rsa-sha2-256".
  • Support Nebula provisioners.
  • Example Ansible configurations.
  • Support PKCS#11 as a decrypter, as used by SCEP.

Changed

  • Automatically create database directory on step ca init.
  • Slightly improve errors reported when a template has invalid content.
  • Error reporting in logs and to clients.

Fixed

  • SCEP renewal using HTTPS on macOS.

[0.18.0] - 2021-11-17

Added

  • Support for multiple certificate authority contexts.
  • Support for generating extractable keys and certificates on a pkcs#11 module.

Changed

  • Support two latest versions of Go (1.16, 1.17)

Deprecated

  • go 1.15 support

[0.17.6] - 2021-10-20

Notes

  • 0.17.5 failed in CI/CD

[0.17.5] - 2021-10-20

Added

  • Support for Azure Key Vault as a KMS.
  • Adapt pki package to support key managers.
  • gocritic linter

Fixed

  • gocritic warnings

[0.17.4] - 2021-09-28

Fixed

  • Support host-only or user-only SSH CA.

[0.17.3] - 2021-09-24

Added

  • go 1.17 to github action test matrix
  • Support for CloudKMS RSA-PSS signers without using templates.
  • Add flags to support individual passwords for the intermediate and SSH keys.
  • Global support for group admins in the OIDC provisioner.

Changed

  • Using go 1.17 for binaries

Fixed

  • Upgrade go-jose.v2 to fix a bug in the JWK fingerprint of Ed25519 keys.

Security

  • Use cosign to sign and upload signatures for multi-arch Docker container.
  • Add debian checksum

[0.17.2] - 2021-08-30

Added

  • Additional way to distinguish Azure IID and Azure OIDC tokens.

Security

  • Sign over all goreleaser github artifacts using cosign

[0.17.1] - 2021-08-26

[0.17.0] - 2021-08-25

Added

  • Add support for Linked CAs using protocol buffers and gRPC
  • step-ca init adds support for
    • configuring a StepCAS RA
    • configuring a Linked CA
    • congifuring a step-ca using Helm

Changed

  • Update badger driver to use v2 by default
  • Update TLS cipher suites to include 1.3

Security

  • Fix key version when SHA512WithRSA is used. There was a typo creating RSA keys with SHA256 digests instead of SHA512.