1.19.0 (2021-10-09)
WARNING: docker-compose users: See the update notes or you might loose private keys!
- Implement DNS-01 validation for ACMEv2. Note that ACMEv2 support is still experimental and disabled by default.
- Support rendering distinguished names with any NameOID known to cryptography.
- Support creating certificates with a subject containing a
dnQualifier
,PC
,DC
,title
,uid
andserialNumber
. - Only fetch expected number of bytes when validating ACME challenges via HTTP to prevent DOS attacks.
- Ensure that a certificates
issuer
always matches thesubject
from the CA that signed it. - Fix
manage.py regenerate_ocsp_key
with celery enabled. - Fix parsing of ASN.1 OtherNames from the command line. Previously,
UTF8
strings where not DER encoded. - Fix ACMEv2 paths in NGINX configuration included in Docker images.
- Include a healthcheck script for uWSGI in the Docker image. Because the image is also shared for the Celery worker, it is not enabled by default, but the docker-compose configuration enables it.
- Add support for creating certificates with Boolean, Null, Integer, UniversalString, IA5String, GeneralizedTime and UTCTime values in the format described in ASN1_GENERATE_NCONF(3SSL).
- Preliminary support for OpenSSH CAs via
EdDSA
keys. - The Docker image is now based on
python:3.10-alpine3.14
. - Add support for Python 3.10.
- Add support for cryptography 35.0.0.
- Add support for idna 3.0, 3.1 and 3.2.
Backwards incompatible changes
- Drop support for cryptography 3.0, 3.1 and 3.2.
- Remove support for configuring absolute paths for manually configured django_ca.views.OCSPView. This functionality was officially supposed to be removed in django-ca 1.14.0.
Minor non-functional changes
- The whole source code is now type hinted.
- Consistently use f-strings for faster string formatting.
- Documentation is now always generated in nitpicky mode and with warnings turned into errors.
- Remove the now redundant
html-check
target for documentation generation.
Deprecation notices
- This is the last release to support Python 3.6.
- This is the last release to support Django 3.1.
- This is the last release to support
idna<=3.1
. - The
issuer_name
field in a profile is deprecated and no longer has any effect. The parameter will be removed in django-ca 1.22.