From 2efd4458f4db7f489ecc81f4039b8e8103edf9d9 Mon Sep 17 00:00:00 2001 From: Guilhem Moulin Date: Tue, 16 Feb 2021 17:24:31 +0100 Subject: Don't load configuration files from ./ by default. This is a breaking change: lacme(8) resp. lacme-accountd(1) no longer consider ./lacme.conf resp. ./lacme-accountd.conf as default location for the configuration file. Doing so has security implications when running these program from insecure directories. --- Changelog | 3 +++ 1 file changed, 3 insertions(+) (limited to 'Changelog') diff --git a/Changelog b/Changelog index efefb1e..2ccb0e1 100644 --- a/Changelog +++ b/Changelog @@ -19,6 +19,9 @@ lacme (0.7.1) upstream; validate provided X.509 chains using that self-contained bundle, regardless of which CAs is marqued as trusted under /etc/ssl/certs. This change bumps the minimum OpenSSL version to 1.1.0. + * Breaking change: lacme(8) resp. lacme-accountd(1) no longer consider + ./lacme.conf resp. ./lacme-accountd.conf as default location for the + configuration file. + Improve nginx/apache2 snippets for direct serving of challenge files (with the new 'challenge-directory' logic symlinks can be disabled). + Add support for TLS Feature extension from RFC 7633; this is mostly -- cgit v1.2.3