v0.20260406.0

What's Changed

• test: Upgrade consul to 1.22.6 by @inahga in #8696
• Remove registrations.LockCol by @aarongable in #8698
• bad-key-revoker: Require maxExpectedReplicationLag by @jprenken in #8693
• deps: update pkcs11 and pkcs11key by @jsha in #8692
• build(deps): bump github.com/go-jose/go-jose/v4 from 4.1.3 to 4.1.4 by @dependabot[bot] in #8699

Full Changelog: v0.20260331.0...v0.20260406.0

v0.20260331.0

What's Changed

• grpc: implement OnHealthy by @jsha in #8686
• deps: update grpc to 1.79.3 by @jsha in #8685
• Remove deprecated flags by @jsha in #8684
• test: make nonce-srv-v2 / noncev2 the default by @jsha in #8689
• va: Add experimental VA for testing Hickory by @beautifulentropy in #8688
• ra: remove MaxNames config field by @jsha in #8691
• grpc: Advertise h2 support in ALPN by @inahga in #8697

New Contributors

• @inahga made their first contribution in #8697

Full Changelog: v0.20260324.0...v0.20260331.0

v0.20260324.0

What's Changed

• test: add health check for bvitess by @jsha in #8658
• crl/va/test: Let the bodies hit the Close() by @beautifulentropy in #8682
• noncebalancer: use endpointsharding, ignore ready status by @jsha in #8679
• wfe/ra/va/pa: Add support for draft-ietf-acme-dns-persist-00 by @beautifulentropy in #8660
• CTPolicy: always try to get SCTs from a tiled log first by @aarongable in #8676

Full Changelog: v0.20260317.0...v0.20260324.0

v0.20260317.0

What's Changed

• test: Remove badNonce retries and increase nonce maxConnectionAge by @beautifulentropy in #8661
• Remove ra.validateContacts because it is unused by @aarongable in #8666
• Remove TODOs from challenge.RecordsSane by @aarongable in #8670
• Remove sa.Count[Pending|Invalid]Authorizations2 by @aarongable in #8669
• observer: add CCADB CRL prober by @jsha in #8644
• test: make health-checker quieter by @jsha in #8671
• CI: Drop go1.25.x by @beautifulentropy in #8675
• vitess: add vschemas with vindexes by @jsha in #8634
• Update publicsuffix-go (PSL) from v0.50.2 to v0.50.3 by @jprenken in #8678
• ratelimits: stricter() should always prefer denied decisions by @beautifulentropy in #8674

Full Changelog: v0.20260309.0...v0.20260317.0

v0.20260309.0

What's Changed

• sa: improve errors from SetOrderError by @jsha in #8656
• test: Update from go1.25.5 and go1.25.7 to go1.25.8 and go1.26.1 by @beautifulentropy in #8664
• features: Small comment fix for DNSAccount01Enabled by @beautifulentropy in #8663
• CI: Update release jobs to use go1.25.8 and go1.26.1 by @beautifulentropy in #8665

Full Changelog: v0.20260303.0...v0.20260309.0

v0.20260303.0

What's Changed

• Reduce maximum allowed valid authorization lifetime by @aarongable in #8648
• observer: Reduce memory usage by @beautifulentropy in #8649
• Remove extraneous top-level struct args to IsAnyNilOrZero by @aarongable in #8651
• Fix miscellaneous value/pointer receiver mismatches by @aarongable in #8652
• test: Update challtestsrv for dns-persist-01 by @beautifulentropy in #8653
• Exempt ARI renewals from on-demand blocklisting by @aarongable in #8655

Full Changelog: v0.20260225.0...v0.20260303.0

v0.20260225.0

What's Changed

• build: support native architecture builds on ARM hosts by @sheurich in #8547
• Run go fix by @mcpherrinm in #8636
• release: tag based on refs/remotes/origin/main. by @jsha in #8640
• observer: remove TCP prober by @jsha in #8637
• Use context.WithoutCancel instead of context.Background by @aarongable in #8635
• Don't modify http.DefaultTransport by @aarongable in #8641
• VA: properly initialize slowRemoteTimeout by @aarongable in #8642
• VA: ensure wildcard hostname is lowercased by @aarongable in #8643
• Add blocklisting for recursive on-demand domains by @aarongable in #8646
• Improve error handling in admin block-key and revoke-cert by @aarongable in #8647

Full Changelog: v0.20260223.0...v0.20260225.0

v0.20260223.0

What's Changed

• sa: use UPDATE for overrides by @jsha in #8632
• ratelimits: Fix potential data race in the limit registry by @beautifulentropy in #8628
• Replace gopkg.in/yaml.v3 v3.0.1 with go.yaml.in/yaml/v3 v3.0.4 by @aarongable in #8627
• build(deps): bump filippo.io/edwards25519 from 1.1.0 to 1.1.1 by @dependabot[bot] in #8633
• sa: remove Update from UpdateRevokedCertificate by @jsha in #8631
• Update otel to v1.40.0. by @jsha in #8639

Full Changelog: v0.20260217.0...v0.20260223.0

v0.20260217.0

What's Changed

• build(deps): bump the aws group with 3 updates by @dependabot[bot] in #8565
• ra: improve error message about IP address support by @jsha in #8592
• sa: Add GetOrderAuthorizations by @jsha in #8605
• test: reduce the numbers of databases by @jsha in #8609
• Bump Go version to 1.25.7 by @jsha in #8622
• sfe/ra/sa/admin: Prevent lower override requests from reducing limits by @beautifulentropy in #8613
• Update PSL from v0.50.1 to v0.50.2 by @aarongable in #8623
• Clean up and deprecate no wait for ready by @maen-bn in #8608
• Use stdlib path.Join to construct URL paths in WFE by @maen-bn in #8601
• build: improve build reproducibility by @sheurich in #8549
• Observer: simplify Probe interface by @aarongable in #8619
• Add AIA certificate prober to boulder-observer by @jsha in #8624

Full Changelog: v0.20260202.0...v0.20260217.0

v0.20260202.0

What's Changed

• sa: collapse migrations into CombinedSchema by @jsha in #8599
• Deprecate IssuerConfig active by @maen-bn in #8597
• Upgrade all audit log lines to structured json by @aarongable in #8595
• Deprecate ServeRenewalInfo feature flag by @maen-bn in #8585
• Jitter the ARI Retry-After header amount 20% either side of 6 hours by @maen-bn in #8576
• Remove error returned from grpc.ProblemDetailsToPB as it's not used by @maen-bn in #8607
• docker: simplify bmariadb container by @jsha in #8611
• Reduce cardinality of structured log keys by @aarongable in #8600
• build(deps): bump actions/setup-go from 5 to 6 by @dependabot[bot] in #8615
• ra: add CAARechecksFailOrder feature flag by @jsha in #8610
• test: use SIGKILL instead of SIGTERM by @jsha in #8612

New Contributors

• @maen-bn made their first contribution in #8597

Full Changelog: v0.20260126.0...v0.20260202.0