Skip to content

Tags

Tags give the ability to mark specific points in history as being important
  • debian/2.6.0+ds1-1
    pebble Debian release 2.6.0+ds1-1
  • upstream/2.6.0+ds1
    Upstream version 2.6.0+ds1
  • debian/2.4.0+ds1-2
    pebble Debian release 2.4.0+ds1-2
  • debian/2.4.0+ds1-1
    pebble Debian release 2.4.0+ds1-1
  • upstream/2.4.0+ds1
    Upstream version 2.4.0+ds1
  • debian/2.3.1+ds-1
    pebble Debian release 2.3.1+ds-1
  • upstream/2.3.1+ds
  • debian/2.3.0+ds-3
    pebble Debian release 2.3.0+ds-3
  • debian/2.3.0+ds-2
    pebble Debian release 2.3.0+ds-2
  • debian/2.3.0+ds-1
    pebble Debian release 2.3.0+ds-1
  • upstream/2.3.0+ds
    46dbdfd3 · Remove vendor/ directory. ·
  • upstream/2.3.0
    Upstream version 2.3.0
  • v2.3.0
    Pebble v2.3.0
    
    Features:
    
    * Added an ACME account "orders list" endpoint for finding order URLs
      associated with an account. See RFC 8555 §7.1.2.1.
    * Updated pebble-challtestsrv with an API for mocking DNS `SERVFAIL` responses
      for a hostname.
    * Added support for ACME external account binding (EAB) for new account
      requests. See RFC 8555 §7.3.4.
    
    Bug-fixes:
    
    * The `pebble-challtestsrv`'s mock CNAME delete API is fixed to remove the
      CNAME mock record instead of the CAA mock record for the given hostname.
    * Changed `PEBBLE_ALTERNATE_ROOTS` intermediate certificates to have the same
      subject, matching the issuer of issued leaf certificate's.
    * Fixed key rollover request handling for requests that fail inner JWS
      verification.
    * Finalize requests that include a CSR that specifies a certificate public key
      already used by an ACME account now receive a `badCSR` type problem. See RFC
      8555 §11.1.
    * Authorizations for ACME-IP identifiers are fixed to only contain HTTP-01 and
      TLS-ALPN-01 challenges, not DNS-01. See draft-ietf-acme-ip §7.
    * Added support for POST-as-GET requests in addition to GET/HEAD for directory
      and newNonce endpoints. See RFC §6.3
    * Fixed handling of HTTP-01 validation requests that are redirected to a
      different port (e.g. `443`).
    
    Misc:
    
    * A Subject Key Identifier value is now included in all issued certificates. See
      RFC 5280 §4.2.1.2.
    * The Pebble ACME API and management API ports (`14000` and `15000`) are now
      marked exposed in Dockerfile metadata.
    * TLS 1.3 for Pebble's validation requests is explicitly enabled by env var in
      the Docker environment.
    * The project and CI now use Go 1.13 and `golangci-lint` v1.21.0
    
    New configuration options:
    
    * The `PEBBLE_WFE_ORDERS_PER_PAGE` env var can be used to control the account
      orders list endpoint's pagination. By default up to 15 order URLs are
      returned per response.
    * The `"externalAccountBindingRequired"` config file boolean field can be used
      to control whether all `newAccount` requests must use external account binding.
    * The `"externalAccountMACKeys"` config file key/value object field can be used
      to specify external account binding key IDs and encoded MAC keys  See
      `test/config/pebble-config-external-account-binding.json` for an example.
    
    Heartfelt thanks to @felixfontein, @sergioaugrod, @0pq76r, @Drakezul, @JoshVanL
    and @munnerz for their contributions to this release.
    
  • v2.2.2
    Pebble v2.2.2
    
    Bug-fixes:
    
    * fix TLS-ALPN-01 with custom -dnsserver (thanks @adferrand)
    
    Misc:
    
    * updated project .gitignore (thanks @eggsampler)
    
  • v2.2.1
    Pebble release v2.2.1.
    
    The v2.2.0 release mistakenly tagged the wrong commit. Apologies for the
    mistake. The v2.2.1 fixes this issue.
    
    * separate HTTP management interface/listener.
    * cert-status-by-serial management endpoint for checking revocation status.
    * probabilistic valid authorization reuse.
    
    * fix missing returns in WFE error paths.
    * fix WFE rendering of empty contact/authz challenge arrays.
    * fix custom DNS resolver on Windows.
    
    * update docker-compose.yml to use latest image tags.
    * update docker base images to use Go 1.12.
    * WFE "marshaling" typo fixes/consistency.
    
    Heartfelt thanks to @adferrand, @alexzorin, @eggsampler and @felixfontein for
    their contributions to this release.
    
  • v2.2.0
    Pebble release v2.2.0
    
    features:
    * separate HTTP management interface/listener.
    * cert-status-by-serial management endpoint for checking revocation status.
    * probabilistic valid authorization reuse.
    
    bug-fixes:
    * fix missing returns in WFE error paths.
    * fix WFE rendering of empty contact/authz challenge arrays.
    * fix custom DNS resolver on Windows.
    
    misc:
    * update docker-compose.yml to use v2.1.0.
    * WFE "marshaling" typo fixes/consistency.
    
    Heartfelt thanks to @adferrand, @alexzorin, @eggsampler and @felixfontein for
    their contributions to this release.
    
  • v2.1.0
    v2.1.0
    
    features:
    
    * support for draft-ietf-acme-ip-06 (thanks @orangepizza for impl, @felixfontein
      for bug fixes!)
    * issuer/intermediate key/cert are accessible over HTTP (thanks @adferrand!)
    * support for specifying EE cert OCSP Responder URL (thanks @adferrand!)
    * support for creating and offering alternative cert. chains (thanks
      @felixfontein!)
    * -strict support for rejecting legacy JWS requests
    
    misc:
    
    * CI release asset publication pipeline (thanks @adferrand!)
    
    bug-fixes:
    
    * wfe: unlocking order in updateChallenge after read (thanks @dopey!)
    
  • v2.0.2
    v2.0.2
    
    * Bug fixes for data races between wfe/va.
    
  • v2.0.1
    Release v2.0.1
    
    - Always send Link: rel="index"
    - Implement orderNotReady and badPublicKey errors
    - Add linting, test coverage, code of conduct and make lint fixes
    - Use pre-built release versions of pebble and pebble-challtestsrv in
    docker-compose.yml
    - Add AppVeyor support to auto-publish Windows Docker images
    
  • v2.0.0
    Pebble 2.0.0 release.
    
    This release enables all of the behaviour previously gated behind `-strict` as
    defaults. If you were not running Pebble 1.0.x with `-strict` already you may
    find this is a breaking release that requires client bugfixes. If you were
    previously running Pebble 1.0.x with `-strict` you should find 2.0.0 is
    a drop-in upgrade.