From berry at nlnetlabs.nl Sat Sep 11 11:04:46 2021 From: berry at nlnetlabs.nl (Berry van Halderen) Date: Sat, 11 Sep 2021 13:04:46 +0200 Subject: [Opendnssec-user] Release of OpenDNSSEC 2.1.10 In-Reply-To: References: Message-ID: <734dde909b6981eababda569b2e5e2e0@nlnetlabs.nl> Dear all, Just released, OpenDNSSEC 2.1.10, available immediately from our regular download site: https://dist.opendnssec.org/source/opendnssec-2.1.10.tar.gz SHA256: c0a8427de241118dccbf7abc508e4dd53fb75b45e9f386addbadae7ecc092756 This release addresses an automatic resalting after a migration from 1.4 and an error manifesting as a key_data_update failure in the logs where a retired key wasn't removed from the signer configuration in time in certain circumstances. Also an RPM is now provided for RHEL/CentOS distros at the same download location: https://dist.opendnssec.org/source/ \Berry * OPENDNSSEC-957: Fix exit code signer daemon to not always report failure. * OPENDNSSEC-958: Fix immediate resalting after migration from 1.4. * OPENDNSSEC-959: Emit warning on ods-kaspcheck for NSEC iteration count that is deemed too high. * SUPPORT-265: Resolve conflict when deleting keys from HSM whilst also performing step in key roll process. Typically a message "key_data_update failed" is present in logs. * Provided RedHat/CentOS spec file in contrib directory.