Skip to content

v0.11.0 "Schibegütsch"

Compare
Choose a tag to compare
@matzf matzf released this 14 May 13:24
· 99 commits to master since this release
3f4629d

What's Changed

Path Segment Validity / CP-PKI

Path segment validation is now more strict. The lifetime of a path segment needs to be fully covered by the validity period of the signing certificate chain. Previously, the certificate chain only needed to be valid at the time of verification.
Segments that are valid under this stricter regime have been created since v0.9.0, thus this stricter check is expected to be compatible with all ASes operating at least v0.9.0.
See #4286 for more details.

Configuration

Simplify the configuration of the local address of a router interface. The fields public and bind have been combined into a single field local. The new field explicitly allows omitting the IP address, in which case the router binds to the wildcard IP.
The old public and bind fields are still accepted, but have been documented as deprecated and will be removed in a future release.
Refer to manual section on the topology.json file or #4489 for more details.

Management API

Added support for deleting segments and beacons.
Refer to the Open API section in the control service manual for more details (DELETE /segments/{segment-id}, DELETE /beacons/{segment-id}).

Dependencies

Update various dependencies; in particular, update quic-go to v0.43.1, go-toml to v2, security updates for lestrrat-go/jwx, x/crypto, and x/net.

Packages

In addition to the Debian packages built since the last release, we now also build packages for OpenWRT.
As the toolchain is relatively complicated, only x86_64 is supported for now. Like the .deb packages, these OpenWRT packages are not published in a package repository just yet. Packages for release versions are attached to the release. Packages for in-development versions are available from the latest nightly build.
See the installation manual page for more details.

Bug fixes

  • paths: Add check for hopfield count <= 64 when deserializing a scion path by @jiceatscion in #4483
    Thanks to @jcp and the VerifiedSCION project for this bug report #4482
  • router: factor out platform-dependent underlay conn flags by @marcfrei in #4507
    This allows building the router for non-Linux platforms, in particular macOS or BSD.
  • pathpol: ensure deserialized ACL has default rule by @fbuetler in #4505
  • router: forbid bouncing packets internally by @matzf in #4502
    Thanks to @mlimbeck and the VerifiedSCION project for this bug report #4497
  • router: optimize computeProcID by @jiceatscion in #4520

New Contributors

Full Changelog: v0.10.0...v0.11.0