Skip to content

1.1.0
Compare
Choose a tag to compare
@JonathanWilbur JonathanWilbur released this 13 Aug 06:57
· 1184 commits to master since this release
v1.1.0
b809e90

Changes

  • Distributed operation is now secure.
  • Production and verification of signed arguments, results, and errors.
  • Strong authentication is now supported.
  • Many performance improvements.
  • The web admin console may now be protected using TLS and HTTP basic
    authentication. It is also secure against CSRF attacks.
  • Fixed a bug with parsing attribute certificates.
  • Fixed hidden LDAP entries that have non-LDAP attribute types in RDNs.
  • Fixed display of dates and times.
  • Fix bug with Trust Anchor List file decoding (not reading a ContentInfo).
  • Search Aliases procedure used the DSA's name in the chaining arguments
    originator field. (Not a security vulnerability, though, since the association was
    used for AC decisions.)
  • Fix bug where entry could be created without required attribute by merely
    providing the attribute with no values.

Migration

  • MEERKAT_TLS_CLIENT_CERT_AUTH no longer controls rejectUnauthorized. This
    was a security bug. In fact, this environment variable is no longer used
    entirely. MEERKAT_TLS_REJECT_UNAUTHORIZED_CLIENTS controls mTLS. If set to
    1, mTLS is enforced.
  • MEERKAT_SIGNING_KEY has been renamed to MEERKAT_SIGNING_KEY_FILE
  • MEERKAT_SIGNING_CERT_CHAIN has been renamed to MEERKAT_SIGNING_CERTS_CHAIN_FILE
  • Removed DANGEROUSLY from ENABLE_DSP and ENABLE_DOP
    • Just use the ENABLE_DSP and ENABLE_DOP environment variables to enable
      DSP and DOP, respectively.
Assets 2
Loading