0.8.0

Validation:

• Introduced asynchronous fetches of the repositories that are detected to be slow or time out. Such repositories are skipped by the top-down validation and fetched in a separate concurrent job to avoid blocking the top-down algorithm. That significantly reduces latency of the "repository -> router" path (time for revalidation drops from minutes with default timeouts to small tens of seconds) and prevents some types of slowloris attacks.
• We allow extra fetchers to run after some period (1 minute by default) of waiting for a semaphore. It is a workaround for potentially very large number of hanging repositories so there is always some progress.

API:

• Added /api/tals end-point for showing TALs

Optimisations:

• Switched from GHC 8.10 to 9.6, as a result CPU usage reduced by 10-12% for validation and by 10-15% for repository fetching and object parsing. Also 5-10% reduction in memory usage.

0.7.1

• Fix extracting publication points from TA certificate (Afrinic's RRDP -> rsync fall-back)
• Support ETag headers for fetching notification.xml files from RRDP repositories

0.7.0

Features:

• Improve /api/object view to have a stable and more informative JSON output.
• Improve validation and output for GBRs and ASPA objects.

Optimisations:

• Fixed a performance bug: drastically reduce the volume of IO writes on every validation run.
• Reduce lock contention when validating with large number of CPUs.

Fixes and improvements:

• Fix parsing of rsync URLs with explicit port number that led to a spurious validation warning about object locations
• Fix attribution of RRDP parsing errors to multiple object locations
• Check that AIA of certificates match location of their parent certificates
• Fixes in LMDB statitistics calculation
• Reduce default cache lifetime of unused objects from 72 to 24 hours
• Compact the storage after erasing incompatible cache on the startup

0.6.1

Bug fix release

• Clean LMDB reader table after every validation. Under certain circumstances read-only transactions can leak and these entries may stay in the reader table of LMDB even after the process exists. Over time it leads to exhaustion of readers and requires restart of the validator. Also fix the way initial reader count is estimated.
• Fix cleanup corner case for an old cache. Stopping the validator for long time and then starting it again could lead to objects removed from the cache prematurely.
• Fix validation of manifests and ASPA objects to follow RFC 9286 more precisely.

0.6.0

• Added support of BGPSec certificates in RPKI repositories (https://datatracker.ietf.org/doc/rfc8209/), validation and sending them through RTR.
• Added --rtr-log-file option for setting a separate log file for RTR server. RTR protocol generates a lot of log messages, especially in debug mode, so it may be inconvenient to mix RTR and other log messages. By default, all log messages go to stdout.
• Multiple optimisations of cache structure, serialisation and data compression resulted in reduced CPU usage (by ~40-50%), heap usage (by 20-30% for the validation process) and disk space usage (by ~45% with the default settings).

0.5.0

• Support for ASPA objects (https://datatracker.ietf.org/doc/draft-ietf-sidrops-aspa-profile/). Parsing, validation, returning them with /api/aspa API call.
• Added Swagger/UI for the API, it's available using /swagger-ui link
• Rsync pre-fetch option --rsync-prefetch-url. It is an optimisation for fetching rsync repositories (mainly as a fall-back from RRDP). Setting 'rsync://rpki.apnic.net/member_repository' as a prefetch URL will result in this repository downloaded instead of downloading every individual sub-directory of it for each CA. For some repositories with hundreds or thousands or CAs, it reduces the total fetch time multiple times also reducing server load. There are reasonable defaults for these option, so most of the times no action needed.
• LMDB cache is now versioned and automatically gets erased if the validator internal data representation is incompatible with the serialised data in the cache. That can happen (and likely will) during major version upgrades.

0.4.0

• Support RPKI Signed Checklists (https://datatracker.ietf.org/doc/draft-ietf-sidrops-rpki-rsc/)
• Prevent TA certificate re-play attacks by keeping track of the latest TA certificate and rejecting spurious updates.
• Periodic jobs scheduling is now persistent, which prevents the situation when some jobs are not run because of frequent process restarts.
• Validation for all TAs runs as a separate timed process with restricted memory allocations. That makes it quite difficult to crash the application with some form of resource exhaustion attack. After this change, every repository fetch and every validation run is a separate process limited in time and memory, which prevents a lot of possible DoS attacks.
• Clean local copies of rsync repositories every 30 days. That keeps the rsync folder tidy without affecting rsync traffic too much.

0.3.3

Fixes and adjustments in metrics names and tags.

0.3.2

• Add /api/config API end-point that dumps the configuration of the running instance.
• Add rpkiprover_ prefix to all metrics.

0.3.1

• Add --no-rrdp and --no-rsync options to control repository fetching. Setting both options means validation will work with only cached objects.
• Add --max-total-tree-size, --max-ta-repositories, --max-certificate-path-depth, --max-object-size, --min-object-size, --top-down-timeout for setting validation fencing limits. Run rpki-prover --help for more information.
• Optimise fetching of large rsync trees

NOTE: Cache format is incompatible with the previous releases, so ~/.rpki/cache directory needs to be cleaned up for this release to start.