Tags

debian/2.6.0+ds1-1

pebble Debian release 2.6.0+ds1-1

upstream/2.6.0+ds1

Upstream version 2.6.0+ds1

debian/2.4.0+ds1-2

pebble Debian release 2.4.0+ds1-2

debian/2.4.0+ds1-1

pebble Debian release 2.4.0+ds1-1

upstream/2.4.0+ds1

Upstream version 2.4.0+ds1

debian/2.3.1+ds-1

pebble Debian release 2.3.1+ds-1

upstream/2.3.1+ds

debian/2.3.0+ds-3

pebble Debian release 2.3.0+ds-3

debian/2.3.0+ds-2

pebble Debian release 2.3.0+ds-2

debian/2.3.0+ds-1

pebble Debian release 2.3.0+ds-1

upstream/2.3.0+ds

upstream/2.3.0

Upstream version 2.3.0

v2.3.0

Pebble v2.3.0

Features:

* Added an ACME account "orders list" endpoint for finding order URLs
  associated with an account. See RFC 8555 §7.1.2.1.
* Updated pebble-challtestsrv with an API for mocking DNS `SERVFAIL` responses
  for a hostname.
* Added support for ACME external account binding (EAB) for new account
  requests. See RFC 8555 §7.3.4.

Bug-fixes:

* The `pebble-challtestsrv`'s mock CNAME delete API is fixed to remove the
  CNAME mock record instead of the CAA mock record for the given hostname.
* Changed `PEBBLE_ALTERNATE_ROOTS` intermediate certificates to have the same
  subject, matching the issuer of issued leaf certificate's.
* Fixed key rollover request handling for requests that fail inner JWS
  verification.
* Finalize requests that include a CSR that specifies a certificate public key
  already used by an ACME account now receive a `badCSR` type problem. See RFC
  8555 §11.1.
* Authorizations for ACME-IP identifiers are fixed to only contain HTTP-01 and
  TLS-ALPN-01 challenges, not DNS-01. See draft-ietf-acme-ip §7.
* Added support for POST-as-GET requests in addition to GET/HEAD for directory
  and newNonce endpoints. See RFC §6.3
* Fixed handling of HTTP-01 validation requests that are redirected to a
  different port (e.g. `443`).

Misc:

* A Subject Key Identifier value is now included in all issued certificates. See
  RFC 5280 §4.2.1.2.
* The Pebble ACME API and management API ports (`14000` and `15000`) are now
  marked exposed in Dockerfile metadata.
* TLS 1.3 for Pebble's validation requests is explicitly enabled by env var in
  the Docker environment.
* The project and CI now use Go 1.13 and `golangci-lint` v1.21.0

New configuration options:

* The `PEBBLE_WFE_ORDERS_PER_PAGE` env var can be used to control the account
  orders list endpoint's pagination. By default up to 15 order URLs are
  returned per response.
* The `"externalAccountBindingRequired"` config file boolean field can be used
  to control whether all `newAccount` requests must use external account binding.
* The `"externalAccountMACKeys"` config file key/value object field can be used
  to specify external account binding key IDs and encoded MAC keys  See
  `test/config/pebble-config-external-account-binding.json` for an example.

Heartfelt thanks to @felixfontein, @sergioaugrod, @0pq76r, @Drakezul, @JoshVanL
and @munnerz for their contributions to this release.

v2.2.2

Pebble v2.2.2

Bug-fixes:

* fix TLS-ALPN-01 with custom -dnsserver (thanks @adferrand)

Misc:

* updated project .gitignore (thanks @eggsampler)

v2.2.1

Pebble release v2.2.1.

The v2.2.0 release mistakenly tagged the wrong commit. Apologies for the
mistake. The v2.2.1 fixes this issue.

* separate HTTP management interface/listener.
* cert-status-by-serial management endpoint for checking revocation status.
* probabilistic valid authorization reuse.

* fix missing returns in WFE error paths.
* fix WFE rendering of empty contact/authz challenge arrays.
* fix custom DNS resolver on Windows.

* update docker-compose.yml to use latest image tags.
* update docker base images to use Go 1.12.
* WFE "marshaling" typo fixes/consistency.

Heartfelt thanks to @adferrand, @alexzorin, @eggsampler and @felixfontein for
their contributions to this release.

v2.2.0

Pebble release v2.2.0

features:
* separate HTTP management interface/listener.
* cert-status-by-serial management endpoint for checking revocation status.
* probabilistic valid authorization reuse.

bug-fixes:
* fix missing returns in WFE error paths.
* fix WFE rendering of empty contact/authz challenge arrays.
* fix custom DNS resolver on Windows.

misc:
* update docker-compose.yml to use v2.1.0.
* WFE "marshaling" typo fixes/consistency.

Heartfelt thanks to @adferrand, @alexzorin, @eggsampler and @felixfontein for
their contributions to this release.

v2.1.0

v2.1.0

features:

* support for draft-ietf-acme-ip-06 (thanks @orangepizza for impl, @felixfontein
  for bug fixes!)
* issuer/intermediate key/cert are accessible over HTTP (thanks @adferrand!)
* support for specifying EE cert OCSP Responder URL (thanks @adferrand!)
* support for creating and offering alternative cert. chains (thanks
  @felixfontein!)
* -strict support for rejecting legacy JWS requests

misc:

* CI release asset publication pipeline (thanks @adferrand!)

bug-fixes:

* wfe: unlocking order in updateChallenge after read (thanks @dopey!)

v2.0.2

v2.0.2

* Bug fixes for data races between wfe/va.

v2.0.1

Release v2.0.1

- Always send Link: rel="index"
- Implement orderNotReady and badPublicKey errors
- Add linting, test coverage, code of conduct and make lint fixes
- Use pre-built release versions of pebble and pebble-challtestsrv in
docker-compose.yml
- Add AppVeyor support to auto-publish Windows Docker images

v2.0.0

Pebble 2.0.0 release.

This release enables all of the behaviour previously gated behind `-strict` as
defaults. If you were not running Pebble 1.0.x with `-strict` already you may
find this is a breaking release that requires client bugfixes. If you were
previously running Pebble 1.0.x with `-strict` you should find 2.0.0 is
a drop-in upgrade.