Skip to content

Down Under

Compare
Choose a tag to compare
@timbru timbru released this 14 Sep 13:27
· 292 commits to main since this release

This release fixes an interoperability issue with the APNIC CA system which didn't occur in the public test environment. See issue #933. Because of this issue APNIC could not be added as a parent to Krill 0.10.0/1/2. CAs with an existing relationship with APNIC would log errors, but the certificate issued to them by APNIC would not be affected by this.

The Krill 0.10.x series introduces the following major features:

  • BGPSec Router Certificate Signing
  • Support the use of Hardware Security Modules (HSMs) for key operations

The documentation has more information:

Subject Section
API changes https://krill.docs.nlnetlabs.nl/en/stable/upgrade.html#v0-10-0
BGPSec https://krill.docs.nlnetlabs.nl/en/stable/cli.html#krillc-bgpsec
HSM support https://krill.docs.nlnetlabs.nl/en/stable/hsm.html

Besides these major features we added a number of small improvements and bug fixes:

  • CRL revocation dates in the future #788
  • Prevent that two krill instances modify the same data #829
  • Let user force RRDP session reset on restore #828
  • Various code improvements aimed at maintainability
  • Using a jitter of 0 results in a panic #859
  • Security fixes in KMIP dependencies #860 (HSM support)
  • Add SSLKEYLOGFILE support #615
  • Allow explicit disabling of HTTPS #913

The full list of changes can be found here:
https://github.com/NLnetLabs/krill/projects/19