Releases: 18F/identity-pki
Releases · 18F/identity-pki
RC 10
RC 10]
Improvements/Changes
- LG-3167: Send
is_auth_cert
in token for HSDPD-12 (#159)
RC 11
Improvements/Changes
- LG-873 Add x509_issuer to piv/cac response data for OIDC
- Add updated certs for Treasury and State (LG-3513) (#164)
- Update .gitignore to allow .pem files (#166)
- Remove reek (#165)
- Certificate Chain Service (#167)
RC 9
Features
Bugs and Enhancements
- Update newrelic to use gov endpoint (#156)
PIV/CAC Issuing Certificates
- LG-3043: map bridge certs (#154)
RC 8
Features
None
Bugs and Enhancements
- Expand bundled certs into repo #144
- Bump websocket-extensions from 0.1.4 to 0.1.5 #149
- Bump puma from 3.12.4 to 3.12.6 #150
PIV/CAC Issuing Certificates
- Add DOD missing certs #151
RC 7
Features
Bugs and Enhancements
- Restore caching of OCSP revocations #63
PIV/CAC Issuing Certificates
None
RC 6
Features
- Validate issuing certs only on-demand rather than at startup
- Cache OCSP responses for a short time
RC 4
Features
Bugs and Enhancements
- Support proxies in deployed environments #46, #47
- Update gems to avoid potential security issues #44, #48
PIV/CAC Issuing Certificates
- Remove revoked RRB certificate
- Add additional State certificates
RC 3
Features
- Add more policy OIDs
- Trust Treasury CA Root
RC 2
Features
- Check for policy OIDs in PIV/CAC public certs.
New CA Certs
- /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-49
- /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-51
- /C=US/O=U.S. Government/OU=DoD/OU=PKI/CN=DOD EMAIL CA-52
RC 1
Features:
- More signing certs.
- Logging of unverifiable certs to an S3 bucket.
- Authenticate token decryption requests.
Bugs:
- Gracefully handle unparsable http referrers.