0.13.0 ‘Should Have Started This in a Screen’
New
- Added support for ASPA. Processing needs to be enabled via the new option
enable-aspa
which is only available if theaspa
feature is explicitly selected during compilation. This is due to the specification still changing. The implementation currently conforms with draft-ietf-sidrops-aspa-profile-15. (#847, #873, #874, #878) - Added support for version 2 of the RTR protocol. This primarly means support for the ASPA payload type. (#847)
- Sending SIGUSR2 to Routinator will re-open a log file if logging to a file is enabled. (#859)
- The HTTP server provides a new endpoint
/json-delta/notify
that can be used to wait for updated data similar to the RTR Notify PDU. (#863) - Added support for filtering and adding router keys via local exception files. (#865)
- The
vrps
command and the HTTP payload output endpoints now allow excluding specific payload types for output. (#866) - Added a new member
payload
to the output of the/api/v1/status
endpoint that gives an overall summary of the produced payload. (#867) - Added new members
generated
andgeneratedTime
to the JSON object produced by the/json-delta
endpoint. (#868)
Breaking Changes
- A new field
aspa
was added to the jsonext format. See the manual page for more information. (#847) - A number of ASPA-related fields have been added to all metrics and status formats. (#847)
- Renamed functions and attributes that refer to standalone end entity certificates to refer to router certificates so they don’t get confused with the end entity certificates included with signed objects. (#854)
- Renamed the JSON member in the HTTP status API from
validEECerts
tovalidRouterCerts
. The old name is still available but may be removed in the future. (#854) - The regular
json
output format now includes router key and ASPA output. Since both are disabled by default, the format will still be compatible by default. (#866) - The minimal required Rust version has been increased to 1.70. (#847, #853, #869, #879)
Bug Fixes
- Fixed a bug in the RTR server where it would include router key PDUs even if the negotiated protocol version was 0. (via rpki-rs #250)
- Restored the ability to parse ASNs in JSON input to the
validity
command as string or number. (#861) - Update bcder to at least 0.7.3 to fix various decoding issues that could lead to a panic when processing invalid RPKI objects.
- Check the request URI when generating a path for storing a copy of a RRDP response with the
rrdp-keep-responses
option to avoid path traversal. (#894. Found by Haya Shulman, Donika Mirdita and Niklas Vogel. Assigned CVE-2023-39916.)
Other Changes