Source: python-certbot Version: 0.31.0-1 Severity: serious Tags: upstream Because of changes to the ACME v2 standard, unauthenticated GET requests to ACME compatible APIs must be performed as special POST-as-GET requests to be valid. The primary ACME API, Let's Encrypt, has deprecated support for unauthenticated GET requests as of October 2018, and plans on removing support for them entirely on November 1, 2019.
To prevent the version being frozen into buster from becoming RC-buggy on November 1, a backport is being prepared to add this functionality before buster is released in coordination with upstream. -- System Information: Debian Release: buster/sid APT prefers testing APT policy: (900, 'testing') Architecture: amd64 (x86_64) Foreign Architectures: i386 Kernel: Linux 4.19.0-4-amd64 (SMP w/4 CPU cores) Kernel taint flags: TAINT_WARN Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) LSM: AppArmor: enabled
