Dear Community, It has been a while after the previous release. The 2.1 release has been quite stable with a few corner case problems. However there is now a need for a release to fix an issue with zone signing that can potentially lead to missing signatures so definitely warrants a release.
The 2.1.4 release is available immediately from the download site below, we urge you to upgrade. Also for installations still on the 1.4 release should consider upgrading as a number of incidents reported against 1.4 have not occurred on 2.1 installations due to better stability. To make sure this release is picked out we will not include a fix that was to the issue for a double KSK roll. This fix is available on our develop branch, but includes more changes, and this fix needs to go out on its own. MIGRATION There are no migration steps needed from a previous 2.1 release. FIXES * SUPPORT-229: Missing signatures for key new while signatures for old key still present under certain kasp policies, leading to bogus zones. Root cause for bug existed but made prominent since 2.1.3 release. * OPENDNSSEC-943: support build on MacOS with missing pthread barriers * SUPPORT-229: fixed for too early retivement of signatures upon double rrsig key roll signing strategy. * Strip build directory from doxygen docs, remove bashisms from ods-kasp2html.in * The ods-signer and ods-signerd man page should be in section 8 not 22 Note that this might mean that package managers should remove the older man pages from the old location. Thanks to Mathieu Mirmont for providing the latter two fixes. Download: * https://dist.opendnssec.org/source/opendnssec-2.1.4.tar.gz * https://dist.opendnssec.org/source/opendnssec-2.1.4.tar.gz.sig * Checksum SHA256: 77e85e417d1067a5e4529b636248875a9e2d1925d5e90f022449007e59d6a293 Kind regards, The OpenDNSSEC team _______________________________________________ Opendnssec-user mailing list [email protected] https://lists.opendnssec.org/mailman/listinfo/opendnssec-user
