Changelog since v1.3.0
Urgent Upgrade Notes
(No, really, you MUST read this before you upgrade)
- The CA issuer now attempts to store the root CA instead of the issuing CA into the
ca.crt
field for issued certificates; this is a change of behavior. All of the information which was previously available is still available: the intermediate should appear as part of the chain intls.crt
. (#3865, @erikgb)
Changes by Kind
Feature
- Add support for routing ACME HTTP01 challenges using Istio VirtualService CRs. (#3724, @inteon)
- The webhook can now be configured to be accessible from outside of the cluster. (#3876, @anton-johansson)
Documentation
- Add a vulnerability reporting process in SECURITY.md (#3818, @SgtCoDFish)
- Add both style info and warnings about importing cert-manager as a module to README (#3902, @SgtCoDFish)
Bug or Regression
- Fix RFC2136 DNS-01 challenges with multiple DNS names (#3622, @foosinn)
- Fix incorrect
PublicKeysEqual
comparison function for public keys and improve doc comments on related functions (#3914, @SgtCoDFish) - Fixes Helm upgrade issue (#3882, @irbekrm)
- Set the Ready condition to False when a CertificateRequest has been denied for all CertificateRequests that reference a cert-manager.io signer (#3878, @JoshVanL)
Other (Cleanup or Flake)
- Deprecate Issuer.spec.acme.externalAccountBinding.keyAlgorithm field. EAB MAC algorithm is now hardcoded to HS256. (#3877, @irbekrm)
- Removes legacy util functions for issuer generation from test/e2e/util/util.go. Use functions in test/unit/gen/issuer.go instead. (#3873, @irbekrm)
- Updated details of FindZoneByFqdn error message when an unexpected DNS response code is received. (#3906, @clatour)
Dependencies
Added
- github.com/cert-manager/crypto: d4c1975
- github.com/cncf/udpa/go: 269d4d4
- golang.org/x/term: 7de9c90
- istio.io/api: 328c3a3
- istio.io/gogo-genproto: 4502960
Changed
- github.com/envoyproxy/go-control-plane: 5f8ba28 → v0.9.4
- golang.org/x/net: c890458 → e18ecbb
- golang.org/x/sys: ed371f2 → f84b799
- google.golang.org/grpc: v1.27.0 → v1.28.1
Removed
- github.com/meyskens/crypto: 6ca9aec