github NLnetLabs/routinator v0.7.0
0.7.0 ‘Your Time Starts … Now’
on GitHub

latest releases: v0.13.2, v0.13.1, v0.13.1-rc1...
4 years ago

Breaking Changes

  • Routinator now filters out rsync URIs and RRDP URIs that contain dubious host names that should not be present in the public RPKI. In this version they are ‘localhost,’ any IP address, and any URI with the port explicitly specified. This filter can be disabled via the --allow-dubious-hosts command line and config option for test deployments. (#293)
  • Only CRLs mentioned on the manifest are now considered when checking any published objects except for the manifest itself. If the hash of the CRL on the manifest does not match the CRL, it is rejected. Objects referencing a CRL that is not on a manifest or has a hash mismatch are rejected. [(#299)]
  • The minimal supported Rust version is now 1.39.0.

New

  • The new option --stale allows selecting a policy for dealing with stale objects – i.e., manifests and CRLs that are past their next-update date. The policies are reject, warn, and accept. The previous hard-coded policy of warn, i.e., accept but log a warning, is the default. (#288)
  • New output formats bird and bird2 which produce a roa table for Bird 1 and a route table for Bird 2, respectively. (#290, by @netravnen)
  • New output format csvcompat which produces CSV output as similar to that of the RIPE NCC Validator as possible. (#292)
  • The new config file option tal-labels allows defining explicit names to be used when TALs are referenced in output. This way, the output can be made to be even more similar to that produced by the RIPE NCC Validator. (#291)
  • The csvext output format is now also available via the HTTP server at the /csvext path. (#294)
  • New metrics for the status of the RTR and HTTP servers. (#298)
  • New metric of the number of stale objects encountered in the last validation run. (#298)

Other Changes

  • Update to Rust’s new asynchronous IO framework for the RTR and HTTP servers. Repository synchronization and validation remain synchronous atop a thread pool. (#282)
  • Changed concurrency strategy for repository update and validation. Previously, each trust anchor was updated and validated synchronously. Now processing of a CA is deferred if its repository publication point hasn’t been updated yet. Processing is then picked up by the next available worker thread. This should guarantee that all worker threads are busy all the time. ([#284)]
  • Optimized what information to keep for each ROA, bringing maximum memory consumption down to about a quarter. (#293)
  • The Docker image now wraps Routinator into tini for properly dealing with signals and child processes. (#277)
Check out latest releases or
releases around NLnetLabs/routinator v0.7.0

Don't miss a new routinator release

NewReleases is sending notifications on new releases.

Get notifications