Changelog since v1.4.0-alpha.0
Changes by Kind
Feature
- The Vault issuer now constructs a certificate chain after signing, and populates the CertificateRequest.Status.CA with the root most certificate if available. (#3982, @JoshVanL)
Documentation
- Add @munnerz to SECURITY_CONTACTS.md (#3970, @SgtCoDFish)
Bug or Regression
- The CA issuer now constructs a certificate chain after signing, and populates the CertificateRequest.Status.CA with the root most certificate if available. Correctly passes down CA certificate when chaining CA Issuers together. (#3985, @JoshVanL)
Other (Cleanup or Flake)
- Change Venafi Issuer to populate CertificateRequest.Status.CA with the root most certificate that was returned from signing. (#3983, @JoshVanL)
- Optimistic locking messages (the object has been modified) are now logged at the Info level instead of the Error level, as cert-manager controllers will automatically retry until successful. (#3794, @JoshVanL)
- Istio VirtualService support has been reverted and moved to the next release. (#3988, @jakexks)
- The ACME issuer now constructs a certificate chain after signing, and populates the CertificateRequest.Status.CA with the root most certificate if available. (#3984, @JoshVanL)
- Validating webhook returns a warning if the legacy ACME issuer EAB key algorithm is set. (#3936, @irbekrm)
Dependencies
Added
Nothing has changed.
Changed
- github.com/envoyproxy/go-control-plane: v0.9.4 → 5f8ba28
- google.golang.org/grpc: v1.28.1 → v1.27.0
Removed
- github.com/cncf/udpa/go: 269d4d4
- istio.io/api: 328c3a3
- istio.io/gogo-genproto: 4502960