Skip to content

1.19.0 (2021-10-09)

Compare
Choose a tag to compare
@mathiasertl mathiasertl released this 09 Oct 20:57
1.19.0
9566875

WARNING: docker-compose users: See the update notes or you might loose private keys!

  • Implement DNS-01 validation for ACMEv2. Note that ACMEv2 support is still experimental and disabled by default.
  • Support rendering distinguished names with any NameOID known to cryptography.
  • Support creating certificates with a subject containing a dnQualifier, PC, DC, title, uid and serialNumber.
  • Only fetch expected number of bytes when validating ACME challenges via HTTP to prevent DOS attacks.
  • Ensure that a certificates issuer always matches the subject from the CA that signed it.
  • Fix manage.py regenerate_ocsp_key with celery enabled.
  • Fix parsing of ASN.1 OtherNames from the command line. Previously, UTF8 strings where not DER encoded.
  • Fix ACMEv2 paths in NGINX configuration included in Docker images.
  • Include a healthcheck script for uWSGI in the Docker image. Because the image is also shared for the Celery worker, it is not enabled by default, but the docker-compose configuration enables it.
  • Add support for creating certificates with Boolean, Null, Integer, UniversalString, IA5String, GeneralizedTime and UTCTime values in the format described in ASN1_GENERATE_NCONF(3SSL).
  • Preliminary support for OpenSSH CAs via EdDSA keys.
  • The Docker image is now based on python:3.10-alpine3.14.
  • Add support for Python 3.10.
  • Add support for cryptography 35.0.0.
  • Add support for idna 3.0, 3.1 and 3.2.

Backwards incompatible changes

  • Drop support for cryptography 3.0, 3.1 and 3.2.
  • Remove support for configuring absolute paths for manually configured django_ca.views.OCSPView. This functionality was officially supposed to be removed in django-ca 1.14.0.

Minor non-functional changes

  • The whole source code is now type hinted.
  • Consistently use f-strings for faster string formatting.
  • Documentation is now always generated in nitpicky mode and with warnings turned into errors.
  • Remove the now redundant html-check target for documentation generation.

Deprecation notices

  • This is the last release to support Python 3.6.
  • This is the last release to support Django 3.1.
  • This is the last release to support idna<=3.1.
  • The issuer_name field in a profile is deprecated and no longer has any effect. The parameter will be removed in django-ca 1.22.