Carview!

Bug fixes

Improve performance by using buffered reading and writing in the store.
(#1300, #1301)

Other changes

Updated dependencies.

Other changes

Upgraded the bundled Krill UI to release 0.9.0. (#1295)
Added packaging support for RHEL 10-alikes. (#1297)

Bug fixes

Fix Krill refusing to start if the now unnecessary “refresh announcements info” task is still present by adding it back as a dummy task. (#1292)
Fix redirect of / to /ui and allow additional segments on the /ui path in the HTTP server. (#1293)

Breaking Changes

Refactored command line options processing for all binaries. As a result, options for both krillc and krillta have slightly changed. For krillc, the --server, --token, --format, and --api options are now before the first subcommand (since they affect all commands). For krillta, those options are now after krillta proxy but before the next subcommand, while --format is now after krillta signer. (#1228)
Removed support for RTA in krillc. Support is currently still present in the Krill server, though behind a (non-default) feature flag. (#1228)
Changed how authorization works with OpenID Connect and configuration files. Custom profiles have been replaced with a straightforward mapping from access permission to roles and assigning roles to users. For configuration file-based authentication, the file format has slightly changed but the current format is still accepted. If you are using OpenID Connect, you will have to update your configuration. Please, see the manual for details. (#1232)
Replaced downloading of RISwhois file for ROA analysis with calls to the Roto API. This can be controlled via new configuration settings bgp_api_enabled, bgp_api_uri, and bgp_api_cache_seconds. (#1233, #1266)

New

Added a command to re-initialize the trust anchor signer with different timing values or TAL URLs. (#1255)
Disables the protection against early re-issuance for CA certificates that have the full resource set, typically TA certificates. (#1281)

Bug Fixes

Fixed a potential infinite recursion in PKCS11 error handling. (#1215)
Open ID connect: Re-initialize the connection after 60s to pick up configuration changes at the provider. (#1226)
Fixed the naming of the trust anchor timing configuration. It was expected to be timing_config for the config used by Krill and ta_timing if used by the Krill TA signer. It is now ta_timing in both cases while timing_config is accepted as an alias in both cases. (#1241)

Other changes

Refactored Prometheus metrics generation which resulted in a slightly different formatting but should still be syntactically correct. (#1249)
Added packaging support for Ubuntu Noble; removed packaging support for Ubuntu Xenial and Bionic, and Debian Stretch. (#1239)
The minimum supported Rust version is now 1.85. (#1288)

Other changes

Updates the bundled version of Krill UI to 0.9.0. (#1271)

Bug fixes

Fixed the naming of the trust anchor timing configuration. It was
expected to be timing_config for the config used by Krill and
ta_timing if used by the Krill TA signer. It is now ta_timing in
both cases while timing_config is accepted as an alias in both cases.
(#1242)

Other changes

The minimum supported Rust version is now 1.81. (#1260)

Bug fixes

Fixed the naming of the trust anchor timing configuration. It was expected to be timing_config for the config used by Krill and ta_timing if used by the Krill TA signer. It is now ta_timing in both cases while timing_config is accepted as an alias in both cases. (#1242)

Other changes

The minimum supported Rust version is now 1.81. (#1260)

New

Allow overriding the initial manifest number when initializing the TA signer, either by specifying --initial_manifest_number in the CLI or by including ta_mft_nr_override: #nr in the ImportTa JSON. (#1178)
Allow overriding the TA manifest number when signing a TA proxy request by specifying --ta_mft_number_override in the CLI. (#1178)

Bug fixes

Prevent empty RRDP delta lists to be produced. (#1181)
Correctly encode empty revocation lists in CRLs. (via rpki-rs#295)
Allow read access to the RIS dump while downloading a new dump. (#1179)
Don’t apply “child revoke key” command if the resource class does not exist. (#1208)

Other changes

The minimum supported Rust version is now 1.70.0. (#1198)

Bug fixes

Updated the locked version of the h2 crate to 0.3.26 to fix RUSTSEC-2024-0332. (#1206)
Don’t apply “child revoke key” command if the resource class does not exist. (#1207)

New

Allow overriding the initial manifest number when initializing the TA
signer, either by specifying --initial_manifest_number in the CLI or by
including ta_mft_nr_override: #nr in the ImportTa JSON. (#1178)
Allow overriding the TA manifest number when signing a TA proxy request by
specifying --ta_mft_number_override in the CLI. (#1178)

Bug fixes

Prevent empty RRDP delta lists to be produced. (#1181)
Correctly encode empty revocation lists in CRLs. (via rpki-rs#295)
Allow read access to the RIS dump while downloading a new dump.
(#1179)
Don’t apply “child revoke key” command if the resource class does not
exist. (#1208)

Other changes

The minimum supported Rust version is now 1.70.0. (#1198)

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Releases: NLnetLabs/krill

0.15.0-rc4

Uh oh!

0.15.0-rc3

Uh oh!

0.15.0-rc2

Uh oh!

0.15.0-rc1

Uh oh!

0.14.7-rc1

Uh oh!

0.14.6 ‘Roll Initiative!’

Uh oh!

0.14.6-rc1

Uh oh!

0.14.5 ‘Who dis? New Phone’

Uh oh!

0.13.2 ’Be kind, rewind’

Uh oh!

0.14.5-rc1

Uh oh!