Skip to content

1.26.0 (2023-08-26)

Compare
Choose a tag to compare
@mathiasertl mathiasertl released this 26 Aug 09:58
· 502 commits to main since this release
1.26.0
4dc67fd
  • Add experimental support for a REST API (fixes #107).
  • Add support for configuring certificate authorities to automatically include a Certificate Policy extension when signing certificates.
  • Add support for configuring how long automatically generated OCSP responder certificates are valid.
  • Add support for configuring how long OCSP responses of the automatically configured OCSP responder will be valid (fixes #102).
  • The web interface now allows creating certificates with arbitrary or even empty subjects (fixes #77).
  • The certificate subject is now displayed as a unambiguous list instead of a string. The issuer is now also shown in the same way.
  • Fix NGINX configuration updates when using Docker Compose. The previous setup did not update configuration on update if parts of it changed.
  • Fix POSTGRES_ configuration environment variables when using the default PostgreSQL backend. It previously only worked for an old, outdated alias name.
  • The root URL path can now be configured via the CA_URL_PATH setting. This allows you to use shorter URLs (that is, without the django_ca/ prefix).
  • The admin interface can now be disabled by setting the new ENABLE_ADMIN setting to False.

Backwards incompatible changes

  • Drop support for cryptography 37 and cryptography 39, acme 2.4.0 and celery 5.1.
  • Passing ECC and EdDSA as key types (e.g when using :command:manage.py init_ca) was removed. Use EC and Ed25519 instead. The old names where deprecated since 1.23.0.
  • Removed support for the old --pathlen and --no-pathlen options for manage.py init_ca in favor of --path-length and -no-path-length. The old options where deprecated since 1.24.0.
  • Using comma-separated lists for the --key-usage, --extended-key-usage and --tls-feature command-line options was removed. The old format was deprecated since 1.24.0.
  • Remove support for HTTP Public Key Pinning, as it is obsolete.

Deprecation notices

  • This is the last release to support Django 4.1.
  • This is the last release to support cryptography 40.
  • This is the last release to support acme 2.5.0.
  • This is the last release to support celery 5.2.