4.18.0

[4.18.0] - 2024-09-17

🚀 Features

• Add ReKey KMIP operation (#294)
• Add API token authentication between server and
  clients (#290)
• Build a generic database upgrade mechanism (#299)
• Export of certificates can now be performed using the certificate id (instead of just the private
  key id)
• More intuitive PKCS#12 import (#306)
• Support for export under legacy PKCS#12 format (#306)
• Documentation (S/MIME)

🐛 Bug Fixes

• KMIP Attributes:
  • In get_attributes, use attributes from ObjectWithMetadata instead of
    Object.Attributes (#278)
  • When inserting in db, force Object::Attributes to be synced with
    Attributes (#279)
• Certificates handling/tasks:
  • Validate KMIP operation:
    • Simplify getting CRLs and get returned
      errors (#268)
    • Validate certificate generation (#283)
    • Use certificate file path in ckms
      arguments (#292)
  • Certify KMIP operation: Server must sign x509 after adding X509
    extensions (#282)
• Merge decrypt match in same function (#295)
• Fix Public RSA Key size in get attributes (#275)
• RUSTSEC:
  • RUSTSEC-2024-0357: MemBio::get_buf has undefined behavior with empty buffers: upgrade
    crate openssl from 1.0.64 to 1.0.66 (#280)
  • RUSTSEC-2024-0363: Binary Protocol Misinterpretation caused by Truncating or Overflowing
    Casts: bump sqlx to 0.8.1 (#291
    and #297)
• CLI doc fixes (certificates certify)
• Fix PKCS#12 export of self-signed cert (#305)
• Fix serialization of Attributes in redis-findex (#307)

⚙️ Miscellaneous Tasks

• clippy tasks:
  • Only expose pub functions that need to be
    public (#277)
  • Hardcode clippy lints (#293)
• Rename MacOS artifacts giving CPU architecture
• Configure ckms to build reqwest with minimal idle connections
  reuse (#272)
• Do not delete tags if none are provided (#276)
• De-activated Google CSE tests when tokens are not supplied through env. var.
• Cleaned-up and improved certificates import tests
• Made test DB backend selectable using env. var. KMS_TEST_URL