###################
1.17.0 (2020-12-30)
###################

* New :ref:`CA_DEFAULT_CA <settings-ca-default-ca>` setting to consistently configure the CA used by default.
* Fix the ``--issuer-alt-name`` option for :command:`manage.py init_ca` and :command:`manage.py edit_ca`.
* Correctly handle IDNA domain names in URLs and certificates.
* **Preliminary** :doc:`/acme` (disabled by default).
* CAs have new fields ``caa_identity``, ``website`` and ``terms_of_service``, which are used by ACME.
* Add support for Python 3.9.
* Add support for cryptography 3.1, 3.2 and 3.3.
* Start linting code with `pylint <https://www.pylint.org/>`_.
* Secure CSRF and session cookies using Django's ``SESSION_COOKIE_SECURE``, ``CSRF_COOKIE_HTTPONLY`` and
  ``CSRF_COOKIE_SECURE`` settings.

****************
Docker (Compose)
****************

* Add thorough :doc:`/quickstart/docker_compose`.
* Collect static files on startup instead of during build. The latter causes problems with image updates.
* Make :command:`manage.py` available as the ``manage`` shortcut.
* Add several security related headers to the admin interface (CSP, etc).
* Include a template for a complete TLS configuration.

******************************
Backwards incompatible changes
******************************

* Drop support for Python 3.5.
* Drop support for cryptography 2.7.
* Drop support for Celery 4.2.
* Drop support for idna 2.8.

*******************
Deprecation notices
*******************

* This is the last release to support Celery 4.3 and 4.4.
* This is the last release to support cryptography 2.8 and 2.9.
* This is the last release to support Django 3.0 (2.2 LTS will still be supported).
* This is the last release to support idna 2.9.
* This is the last release to support Alpine 3.10.