Down Under
This release fixes an interoperability issue with the APNIC CA system which didn't occur in the public test environment. See issue #933. Because of this issue APNIC could not be added as a parent to Krill 0.10.0/1/2. CAs with an existing relationship with APNIC would log errors, but the certificate issued to them by APNIC would not be affected by this.
The Krill 0.10.x series introduces the following major features:
- BGPSec Router Certificate Signing
- Support the use of Hardware Security Modules (HSMs) for key operations
The documentation has more information:
| Subject | Section |
|---|---|
| API changes | https://krill.docs.nlnetlabs.nl/en/stable/upgrade.html#v0-10-0 |
| BGPSec | https://krill.docs.nlnetlabs.nl/en/stable/cli.html#krillc-bgpsec |
| HSM support | https://krill.docs.nlnetlabs.nl/en/stable/hsm.html |
Besides these major features we added a number of small improvements and bug fixes:
- CRL revocation dates in the future #788
- Prevent that two krill instances modify the same data #829
- Let user force RRDP session reset on restore #828
- Various code improvements aimed at maintainability
- Using a jitter of 0 results in a panic #859
- Security fixes in KMIP dependencies #860 (HSM support)
- Add SSLKEYLOGFILE support #615
- Allow explicit disabling of HTTPS #913
The full list of changes can be found here:
https://github.com/NLnetLabs/krill/projects/19