0.11.0

Breaking Changes

• The minimal supported Rust version is now 1.52. (#681)

New

• Add TLS support to the RTR and HTTP servers. (#677)
• Add support for BGPsec router keys. This needs to be explicitly enabled via the new enable-bgpsec command line and config file option. (#693)
• Reject so-called premature manifests, i.e., manifests that have an issue time before the current time. This is a new requirement in draft-ietf-sidrops-6486bis. (#681, #690)
• Add a new output format slurm that produces a JSON file formatted according to RFC 8416 with the validated payload included in the locally added assertions. (#702)
• Make the (standard) JSON payload output available under /api/v1/origins with the same URL parameters.(#707)
• Add a new URI parameter include=more-specifics to all HTTP payload output paths to include all route origins for prefixes that are more specifics of the selected prefixes. (#707)
• Add a new option --more-specifics to the vrps command to include all route origins for prefixes that are more specifics of the selected prefixes. (#714)
• Accept and process HEAD requests for all HTTP paths. (#707)

Bug Fixes

• Encountering stray files at the top level of the rsync cache directory will not cause Routinator to exit any more. Instead, it will just delete those files. (#675)
• Don’t exit when a directory to be deleted doesn’t exist. In particular, this fixes an error in the dump command. (#682)
• Count all valid CRLs for metrics generation during a validation run. (#683)
• Don’t claim filtering of unsafe VRPs when the policy is warn. (Only the log message was wrong, no VRPs were filtered in this case.) (#699)
• Use a TCP listener socket for the RTR server passed in via systemd socket activation if configured. This was already implemented but got lost a few versions ago. (#709)
• Enable TCP keepalive on RTR connections when configured. This, too, was already implemented but got lost a few versions ago. (#710)

Other Changes

• Update the NLnet Labs RPKI testbed TAL to the one used by the new server. (#637)

0.11.0-rc2

Bug Fixes

• Change the content type of the /log endpoint back to text/plain. (#719)
• Improve the way timed out rsync processes are killed in an attempt to avoid them becoming zombies. (#720)

0.11.0-rc1

Breaking Changes

• The minimal supported Rust version is now 1.52. (#681)

New

• Add TLS support to the RTR and HTTP servers. (#677)
• Add support for BGPsec router keys. This needs to be explicitly enabled via the new enable-bgpsec command line and config file option. (#693)
• Reject so-called premature manifests, i.e., manifests that have an issue time before the current time. This is a new requirement in draft-ietf-sidrops-6486bis. (#681, #690)
• Add a new output format slurm that produces a JSON file formatted according to RFC 8416 with the validated payload included in the locally added assertions. (#702)
• Make the (standard) JSON payload output available under /api/v1/origins with the same URL parameters.(#707)
• Add a new URI parameter include=more-specifics to all HTTP payload output paths to include all route origins for prefixes that are more specifics of the selected prefixes. (#707)
• Add a new option --more-specifics to the vrps command to include all route origins for prefixes that are more specifics of the selected prefixes. (#714)
• Accept and process HEAD requests for all HTTP paths. (#707)

Bug Fixes

• Encountering stray files at the top level of the rsync cache directory will not cause Routinator to exit any more. Instead, it will just delete those files. (#675)
• Don’t exit when a directory to be deleted doesn’t exist. In particular, this fixes an error in the dump command. (#682)
• Count all valid CRLs for metrics generation during a validation run. (#683)
• Don’t claim filtering of unsafe VRPs when the policy is warn. (Only the log message was wrong, no VRPs were filtered in this case.) (#699)
• Use a TCP listener socket for the RTR server passed in via systemd socket activation if configured. This was already implemented but got lost a few versions ago. (#709)
• Enable TCP keepalive on RTR connections when configured. This, too, was already implemented but got lost a few versions ago. (#710)

Other Changes

• Update the NLnet Labs RPKI testbed TAL to the one used by the new server. (#637)

0.10.2 ‘Skuffet, men ikke overrasket’

Bug Fixes

• The rrdp-timeout configuration setting now correctly limits the maximum length an RRDP request can take. This prevents a possible issue where a RRDP repository maliciously or erroneously delays a request and subsequently a validation run. (#666, CVE-2021-43173)

New

• The new configuration setting max-ca-depth limits the length a chain of CAs from a trust anchor. By default it is set to 32. This fixes a possible vulnerability where a CA creates an infinite chain of CAs. (#665, CVE-2021-43172)

Other Changes

• Support for the gzip transfer encoding for RRDP has been removed because gzip in combination with XML provides multiple ways to delay validation. The configuration setting rrdp-disable-gzip is now deprecated and will be removed in the next breaking release. (#667, CVE-2021-43174)

0.10.1 ‘That’s No Moon’

Other Changes

• Extended UI with BGP and allocation data lookups. (#635, #648, #651)
• The UI now lives in its own crate routinator-ui. (#635)

0.10.1-rc3

Other Changes

• Update UI to 0.3.4. (#651)
  • Fixed links for prefixes.

0.10.1-rc2

Bug Fixes

• Redirect / to /ui to bring back the UI for the blank hostname. (#648)

Other Changes

• Update UI to 0.3.3.
  • Fixes UI loading with query parameters.

0.10.1-rc1

Other Changes

• Extended UI with BGP and allocation data lookups. [(#635)]
• The UI now lives in its own crate routinator-ui. [(#635)]

0.10.0 ‘Through Many Dangers, Toils, and Snares’

Breaking changes

• Data is now stored directly in the file system again. This returns memory consumption to pre-0.9 levels. All improvements to robustness have been maintained. (#590, #601, #604)
• The json and jsonext output formats now include a metadata object that contains the time the data set was created in the generated and generatedTime fields as Unix and ISO time stamps, respectively. (#605)
• The JSON output of the validate command and the of the /validity HTTP endpoint now include a generatedTime field that provides the generation time of the data set that was used for validation as an ISO time stamp. (#605)
• The default RRDP timeout (via the rrdp-timeout option) has been increased to 300 seconds. (#612)

New

• The maximum of delta steps performed during an update of an RRDP repository is now limited via the rrdp-max-delta option. If more steps are necessary, the snapshot is used instead. This will improve the update times in cases where Routinator isn’t running constantly. The default limit is 100 steps. (#615)
• It is now possible to disable the use of the gzip transfer encoding in the RRDP client via the new rrdp-disable-gzip option. (#602)
• The start of a validation run is now logged as an info message. (#609)
• A reference to the global help appears now at the end of a sub-command’s help message. (#607)
• A summary of the data set similar to the summary output format is now logged at log level info at the end of a validation run. (#617)
• Strict checking for address and prefix lengths in certificates, and for prefix and max-length in ROAs. (via rpki #154, based on an error report by @job)

Bug Fixes

• Catch and log error output from rsync. (#577)
• Local exception files that contain prefix assertions with a shorter max-length than the prefix length are now rejected instead of addingthese invalid prefix assertions to the output data set. (#608)
• The rrdp-timeout command line option was setting both the RRDP timeout and the RRDP connection timeout. Now the rrdp-connect-timeout is correctly used for the latter. (Note: The config file was using the correct keys.) (#611)
• Added --rrdp-fallback-time option to the command line parser. It was documented and supposed to be present previously, but wasn’t. (#614)
• The RTR server now returns the correct PDU as a cache reset response, which is returned when the server cannot provide a delta update to a client. Previously, a broken End of Data PDU was returned. (Via rpki #151.)
• Make parsing of local exception files much more strict to avoid introducing illegal VRPs into the data set. Parsing will now fail if any aspect of a prefix or prefix assertion is incorrect. This includes a non-zero host portion of a prefix. (#627)

Other

• In the JSON metrics for RRDP repositories, the fields serial, session, delta, and snapshotReason are left out entirely when the server reported no changes via a 304 response. (#613)

0.10.0-rc3

New

• Strict checking for address and prefix lengths in certificates, and for prefix and max-length in ROAs. (via rpki #154, based on an error report by @job)