###################
1.19.0 (2021-10-09)
###################

.. WARNING::

   **docker-compose users:** See :ref:`the update notes <update_119>` or you might loose private keys!

* Implement DNS-01 validation for ACMEv2. Note that ACMEv2 support is still experimental and disabled by
  default.
* Support rendering distinguished names with any NameOID known to cryptography.
* Support creating certificates with a subject containing a ``dnQualifier``, ``PC``, ``DC``, ``title``,
  ``uid`` and ``serialNumber``.
* Only fetch expected number of bytes when validating ACME challenges via HTTP to prevent DOS attacks.
* Ensure that a certificates ``issuer`` always matches the ``subject`` from the CA that signed it.
* Fix ``manage.py regenerate_ocsp_key`` with celery enabled.
* Fix parsing of ASN.1 OtherNames from the command line. Previously, ``UTF8`` strings where not DER encoded.
* Fix ACMEv2 paths in NGINX configuration included in Docker images.
* Include a healthcheck script for uWSGI in the Docker image. Because the image is also shared for the
  Celery worker, it is not enabled by default, but the docker-compose configuration enables it.
* Add support for creating certificates with Boolean, Null, Integer, UniversalString, IA5String,
  GeneralizedTime and UTCTime values in the format described in :manpage:`ASN1_GENERATE_NCONF(3SSL)`.
* Preliminary support for OpenSSH CAs via ``EdDSA`` keys.
* The Docker image is now based on ``python:3.10-alpine3.14``.
* Add support for Python 3.10.
* Add support for cryptography 35.0.0.
* Add support for idna 3.0, 3.1 and 3.2.

******************************
Backwards incompatible changes
******************************

* Drop support for cryptography 3.0, 3.1 and 3.2.
* Remove support for configuring absolute paths for manually configured :py:class:`django_ca.views.OCSPView`.
  This functionality was officially supposed to be removed in django-ca 1.14.0.

****************************
Minor non-functional changes
****************************

* The whole source code is now type hinted.
* Consistently use f-strings for faster string formatting.
* Documentation is now always generated in nitpicky mode and with warnings turned into errors.
* Remove the now redundant ``html-check`` target for documentation generation.

*******************
Deprecation notices
*******************

* This is the last release to support Python 3.6.
* This is the last release to support Django 3.1.
* This is the last release to support ``idna<=3.1``.
* The ``issuer_name`` field in a profile is deprecated and no longer has any effect. The parameter will be
  removed in django-ca 1.22.