Breaking Changes
- The minimal supported Rust version is now 1.52. (#681)
New
- Add TLS support to the RTR and HTTP servers. (#677)
- Add support for BGPsec router keys. This needs to be explicitly enabled via the new
enable-bgpseccommand line and config file option. (#693) - Reject so-called premature manifests, i.e., manifests that have an issue time before the current time. This is a new requirement in draft-ietf-sidrops-6486bis. (#681, #690)
- Add a new output format
slurmthat produces a JSON file formatted according to RFC 8416 with the validated payload included in the locally added assertions. (#702) - Make the (standard) JSON payload output available under
/api/v1/originswith the same URL parameters.(#707) - Add a new URI parameter
include=more-specificsto all HTTP payload output paths to include all route origins for prefixes that are more specifics of the selected prefixes. (#707) - Add a new option
--more-specificsto thevrpscommand to include all route origins for prefixes that are more specifics of the selected prefixes. (#714) - Accept and process HEAD requests for all HTTP paths. (#707)
Bug Fixes
- Encountering stray files at the top level of the rsync cache directory will not cause Routinator to exit any more. Instead, it will just delete those files. (#675)
- Don’t exit when a directory to be deleted doesn’t exist. In particular, this fixes an error in the
dumpcommand. (#682) - Count all valid CRLs for metrics generation during a validation run. (#683)
- Don’t claim filtering of unsafe VRPs when the policy is
warn. (Only the log message was wrong, no VRPs were filtered in this case.) (#699) - Use a TCP listener socket for the RTR server passed in via systemd socket activation if configured. This was already implemented but got lost a few versions ago. (#709)
- Enable TCP keepalive on RTR connections when configured. This, too, was already implemented but got lost a few versions ago. (#710)
Other Changes
- Update the NLnet Labs RPKI testbed TAL to the one used by the new server. (#637)