1.19.0 (2021-10-09)¶
Warning
docker-compose users: See the update notes or you might loose private keys!
Implement DNS-01 validation for ACMEv2. Note that ACMEv2 support is still experimental and disabled by default.
Support rendering distinguished names with any NameOID known to cryptography.
Support creating certificates with a subject containing a
dnQualifier
,PC
,DC
,title
,uid
andserialNumber
.Only fetch expected number of bytes when validating ACME challenges via HTTP to prevent DOS attacks.
Ensure that a certificates
issuer
always matches thesubject
from the CA that signed it.Fix
manage.py regenerate_ocsp_key
with celery enabled.Fix parsing of ASN.1 OtherNames from the command line. Previously,
UTF8
strings where not DER encoded.Fix ACMEv2 paths in NGINX configuration included in Docker images.
Include a healthcheck script for uWSGI in the Docker image. Because the image is also shared for the Celery worker, it is not enabled by default, but the docker-compose configuration enables it.
Add support for creating certificates with Boolean, Null, Integer, UniversalString, IA5String, GeneralizedTime and UTCTime values in the format described in ASN1_GENERATE_NCONF(3SSL).
Preliminary support for OpenSSH CAs via
EdDSA
keys.The Docker image is now based on
python:3.10-alpine3.14
.Add support for Python 3.10.
Add support for cryptography 35.0.0.
Add support for idna 3.0, 3.1 and 3.2.
Backwards incompatible changes¶
Drop support for cryptography 3.0, 3.1 and 3.2.
Remove support for configuring absolute paths for manually configured
django_ca.views.OCSPView
. This functionality was officially supposed to be removed in django-ca 1.14.0.
Minor non-functional changes¶
The whole source code is now type hinted.
Consistently use f-strings for faster string formatting.
Documentation is now always generated in nitpicky mode and with warnings turned into errors.
Remove the now redundant
html-check
target for documentation generation.
Deprecation notices¶
This is the last release to support Python 3.6.
This is the last release to support Django 3.1.
This is the last release to support
idna<=3.1
.The
issuer_name
field in a profile is deprecated and no longer has any effect. The parameter will be removed in django-ca 1.22.