From 2efd4458f4db7f489ecc81f4039b8e8103edf9d9 Mon Sep 17 00:00:00 2001
From: Guilhem Moulin <guilhem@fripost.org>
Date: Tue, 16 Feb 2021 17:24:31 +0100
Subject: Don't load configuration files from ./ by default.

This is a breaking change: lacme(8) resp. lacme-accountd(1) no longer
consider ./lacme.conf resp. ./lacme-accountd.conf as default location
for the configuration file.  Doing so has security implications when
running these program from insecure directories.
---
 Changelog | 3 +++
 1 file changed, 3 insertions(+)

(limited to 'Changelog')

diff --git a/Changelog b/Changelog
index efefb1e..2ccb0e1 100644
--- a/Changelog
+++ b/Changelog
@@ -19,6 +19,9 @@ lacme (0.7.1) upstream;
    validate provided X.509 chains using that self-contained bundle,
    regardless of which CAs is marqued as trusted under /etc/ssl/certs.
    This change bumps the minimum OpenSSL version to 1.1.0.
+ * Breaking change: lacme(8) resp. lacme-accountd(1) no longer consider
+   ./lacme.conf resp. ./lacme-accountd.conf as default location for the
+   configuration file.
  + Improve nginx/apache2 snippets for direct serving of challenge files
    (with the new 'challenge-directory' logic symlinks can be disabled).
  + Add support for TLS Feature extension from RFC 7633; this is mostly
-- 
cgit v1.2.3