We are happy to announce the most significant upgrade in a while.
Version 1.6.0 is an internal overhaul that improves overall stability
and will allow us to implement new features more quickly.
This version is a big step in the new direction that we want to take the
project, one where we aim for a high standard of quality and security.
Version 1.6.0 fixes several bugs, including some of high severity, so we
recommend updating.
Finally, we have redoubled our efforts with the FORT project, so we plan
to release more frequently and implement the features that the community
needs.
Bug fixes:
- #40: Induce crash on memory allocation failures, to prevent Fort from
accidentally advertising incomplete information.
- #71: Implement HTTP redirects.
- #76: Reset `FILE` handle during retries, to prevent HTTP code from
dumping unparseable garbage into the local cache.
- #77: Treat HTTP response 304 as download success.
- #78: Provide a dedicated namespace for each RRDP notification, to
prevent malicious RRDP sources from overriding each other's files.
- #79: Stop caching RRDP sessions and serials on RAM; extract them from
actual cached notification files. (This prevents all RRDP from being
considered outdated during startup.)
- #80: Deprecate and no-op `rsync.strategy`. (Only `root`
synchronizations are supported now.)
- #94: Merge `ASID.h` and `ASId.h` into a single module. (Likely used to
cause issues cloning the code into case-insensitive filesystems.)
- #98: Reduce severity of some RTR disconnection error messages.
- #100: Overhaul of default rsync command argument list.
- Remove ARIN's RPA confirmation from `--init-tals`, since it's no
longer required.
- Purge old deprecated configuration options:
- `init-locations`
- `sync-strategy`
- `rrdp.enabled`
- `rrdp.priority`
- `rrdp.retry.count`
- `rrdp.retry.interval`
- `http.idle-timeout`
- Deprecate (and no-op) several configuration options:
- `shuffle-uris` (It was a seemingly pointless function.)
- `stale-repository-period` (The relevant warning no longer
exists.)
- `rsync.strategy` (See #80 above.)
- `rsync.arguments-flat` (Flat rsyncs are no longer employed.)
- `thread-pool.validation.max` (It's best if Fort computes this
value on its own.)
- Remove deprecated `fort_setup.sh` script.
- 2b2f7c3cea147796ed92cc25aade90701221c210: Remove `SO_REUSEPORT` (a
portability liability) from the RTR socket bind.
- 6d8081c992da9d677e3bd9cdf21bb63e604f0b4d: Change RRDP serials from
`long`s to `BIGNUM`s.
(The RFCs define these as "unbounded," which made Fort's old
implementation incorrect.)
- Rudimentary startup for automatic cache cleanup.
- 63e71946db91119417b94bd09ea6829d8f11f84a: Allow some `null`s in the
configuration JSON.
In case you're parsing Fort's output, please be aware that several
logging messages changed. In particular, the functionality that used to
print the following message in the operation logs was removed:
> The following repositories URIs couldn't be fetched (it can be a local
> issue or a server issue), please review previous log messages related
> to such URIs/servers:
Please complain if this affects you.
In addition to all this, the review revealed several instances of unsafe
code that yielded undefined behavior that might have caused some of the
crashes people have observed over the years. (#46, #65, #83, #89, #99.)
The directory layout of Fort 1.6.0's cache is incompatible with the one
from previous versions. To save some disk space, you might want to empty
your existing cache during the upgrade.
-----BEGIN PGP SIGNATURE-----
projects / thirdparty / FORT-validator.git / tag
