Change Routinator refresh behaviour#1027
Merged
Merged
Conversation
partim
reviewed
Apr 28, 2025
partim
approved these changes
Apr 28, 2025
partim
added a commit
that referenced
this pull request
Sep 18, 2025
Breaking changes * Removed the `rrdp-keep-responses` feature. We suggest the use of an HTTP proxy such as [mitmproxy] instead. ([#1055]) * Messages about issues with repositories and publication points are now logged separately and by default are only visible in the status HTTP server endpoints. The new `log-repository-issues` option can be used to have these messages also written to the log. ([#1054]) * Changed how server mode deals with broken or missing local exception files. Previously, Routinator would just stop updating until they are fixed, leading to updates being stalled if the operator misses the error messages. Now it will log a warning and keep using the previous set of local exceptions. When starting, it will exit with an error message if there are broken or missing local exception files. ([#1060]) * Changed the RRDP timeouts: introduced a new config variable `rrdp-read-timeout` that provides a timeout for individual network operations (primarily: read from the server). Its default is 10 seconds. This timeout is also used for connecting if no specific value is given, significantly speeding up validation runs. In addition, the RRDP timeout was increased from 300 to 600 seconds to better deal with slow transmission of large snapshots of some repositories. ([#1061]) New * Added a quick initial run after starting the server which only uses stored data and aborts if any required data hasn’t been requested before to deal with configuration changes. This will shorten the wait time for an initial data set when restarting Routinator. ([#1057]) * Added support for SLURM v2 as output format which includes ASPA payload. ([#1021]) * Changed refresh behaviour to better cope with short-lived objects. By default, Routinator will now wait for the time defined by `refresh` even if objects expire earlier. The new `min-refresh` option can be used to specify a short minimum refresh time if objects expire before the refresh time. If this value is set to 0, the old behaviour is restored. ([#1027]) * The order in which manifest entries are processed is now randomized. ([#1041]) * Reduced the overhead of storing RRDP snapshot downloads, significantly improving the snapshot update times. ([#1035]) * The `dump` command now prints the source directories of the data it dumps. ([#1045]) * Added a `--update-after` option to the `vrps` subcommand that skips updating the local cache if the last successful validation run was known to be less than a given number of minutes ago. ([#1049]) * Error responses for API-related HTTP endpoints now contain JSON bodies. ([#1050]) * The `/validity` HTTP server endpoint now accepts POST requests with a JSON body containing multiple routes to be checked all at once. ([#1053]) * Better protect against corrupted stored publication points by double checking cached manifest properties against the actual manifest and discard the stored publication point if they mismatch. This fixes an issue where an accidentally or maliciously manipulated locally stored manifest could block update of a legitimate new manifest which was reported by Zizhi Shang, Zhechao Lin, Jiahao Cao, Yangyang Wang, Mingwei Xu of the Institute for Network Sciences and Cyberspace (INSC), Tsinghua University. Bug fixes * Fixed a crash if certain invalid character appear in a manifest file name by limiting the name to the rules defined in [RFC9286]. This issue was reported by Niklas Vogel of Goethe University Frankfurt and ATHENE. ([rpki-rs#342]) * Re-implemented RRDP client metrics based on the much simpler model used by RTRTR to fix recurring errors in the metrics. ([#1039]) * Changed the message logged when an RRDP update times out to actually say that. ([#1052]) Other changes * Improved performance of file system operations on validate subcommand. ([#1043] by [@kawaemon]) * Add package.homepage to Cargo.toml ([#1024]) * Added building packages for RHEL 10 and Debian 13. ([#1034], [#1047]) * Added building packages for ARMv6 and ARM64 for Debian Bookworm. ([#1036]) * Added additional restrictions to the systemd unit files used in the various binary packages. ([#1056]) * Upgrades various dependencies. ([#1004], [#1005], [#1006])
partim
added a commit
that referenced
this pull request
Sep 30, 2025
Breaking changes * Removed the `rrdp-keep-responses` feature. We suggest the use of an HTTP proxy such as [mitmproxy] instead. This once and for all fixes [CVE-2023-39916] which returned again in release 0.14.0. ([#1055]) * Messages about issues with repositories and publication points are now logged separately and by default are only visible in the status HTTP server endpoints. The new `log-repository-issues` option can be used to have these messages also written to the log. ([#1054]) * Changed how server mode deals with broken or missing local exception files. Previously, Routinator would just stop updating until they are fixed, leading to updates being stalled if the operator misses the error messages. Now it will log a warning and keep using the previous set of local exceptions. When starting, it will exit with an error message if there are broken or missing local exception files. ([#1060]) * Changed the RRDP timeouts: introduced a new config variable `rrdp-read-timeout` that provides a timeout for individual network operations (primarily: read from the server). Its default is 10 seconds. This timeout is also used for connecting of no specific value is given, significantly speeding up validation runs. In addition, the RRDP timeout was increased from 300 to 600 seconds to better deal with slow transmission of large snapshots of some repositories. ([#1061]) New * Added a quick initial run after starting the server which only uses stored data and aborts if any required data hasn’t been requested before to deal with configuration changes. This will shorten the wait time for an initial data set when restarting Routinator. ([#1057]) * Added support for SLURM v2 as output format which includes ASPA payload. ([#1021]) * Changed refresh behaviour to better cope with short-lived objects. By default, Routinator will now wait for the time defined by `refresh` even if objects expire earlier. The new `min-refresh` option can be used to specify a short minimum refresh time if objects expire before the refresh time. If this value is set to 0, the old behaviour is restored. ([#1027]) * The order in which manifest entries are processed is now randomized. ([#1041]) * Reduced the overhead of storing RRDP snapshot downloads, significantly improving the snapshot update times. ([#1035]) * The `dump` command now prints the source directories of the data it dumps. ([#1045]) * Added a `--update-after` option to the `vrps` subcommand that skips updating the local cache if the last successful validation run was known to be less than a given number of minutes ago. ([#1049]) * Error responses for API-related HTTP endpoints now contain JSON bodies. ([#1050]) * The `/validity` HTTP server endpoint now accepts POST requests with a JSON body containing multiple routes to be checked all at once. ([#1053]) * Better protect against corrupted stored publication points by double checking cached manifest properties against the actual manifest and discard the stored publication point if they mismatch. This fixes an issue where an accidentally or maliciously manipulated locally stored manifest could block update of a legitimate new manifest which was reported by Zizhi Shang, Zhechao Lin, Jiahao Cao, Yangyang Wang, Mingwei Xu of the Institute for Network Sciences and Cyberspace (INSC), Tsinghua University. Bug fixes * Fixed a crash if certain invalid character appear in a manifest file name by limiting the name to the rules defined in [RFC9286]. This issue was reported by Niklas Vogel of Goethe University Frankfurt and ATHENE. ([rpki-rs#342]) * Re-implemented RRDP client metrics based on the much simpler model used by RTRTR to fix recurring errors in the metrics. ([#1039]) * Changed the message logged when an RRDP update times out to actually say that. ([#1052]) Other changes * Improved performance of file system operations on validate subcommand. ([#1043] by [@kawaemon]) * Add package.homepage to Cargo.toml ([#1024]) * Added building packages for RHEL 10 and Debian 13. ([#1034], [#1047]) * Added building packages for ARMv6 and ARM64 for Debian Bookworm. ([#1036]) * Added additional restrictions to the systemd unit files used in the various binary packages. ([#1056]) * Upgrades various dependencies. ([#1004], [#1005], [#1006])
netbsd-srcmastr
pushed a commit
to NetBSD/pkgsrc
that referenced
this pull request
Oct 8, 2025
Pkgsrc changes: * Version bump + checksum updates. Upstream changes: ## 0.15.1 "Ain't No Country Club Either" Released 2025-10-07. Bug fixes * Abort the optimistic initial run if there are no stored TA certificates for a TAL instead of succeeding with an empty data set. ([#1071]) * Undo `PrivateUsers` restriction in systemd unit files to allow user to run Routinator on privileged ports. ([#1068]) [#1068]: NLnetLabs/routinator#1068 [#1071]: NLnetLabs/routinator#1071 ## 0.15.0 "This Ain't No Disco" Released 2025-09-30 There have been no changes since 0.15.0-rc1. ## 0.15.0-rc1 Released 2025-09-18. Breaking changes * Removed the `rrdp-keep-responses` feature. We suggest the use of an HTTP proxy such as [mitmproxy] instead. This once and for all fixes [CVE-2023-39916] which returned again in release 0.14.0. ([#1055]) * Messages about issues with repositories and publication points are now logged separately and by default are only visible in the status HTTP server endpoints. The new `log-repository-issues` option can be used to have these messages also written to the log. ([#1054]) * Changed how server mode deals with broken or missing local exception files. Previously, Routinator would just stop updating until they are fixed, leading to updates being stalled if the operator misses the error messages. Now it will log a warning and keep using the previous set of local exceptions. When starting, it will exit with an error message if there are broken or missing local exception files. ([#1060]) * Changed the RRDP timeouts: introduced a new config variable `rrdp-read-timeout` that provides a timeout for individual network operations (primarily: read from the server). Its default is 10 seconds. This timeout is also used for connecting of no specific value is given, significantly speeding up validation runs. In addition, the RRDP timeout was increased from 300 to 600 seconds to better deal with slow transmission of large snapshots of some repositories. ([#1061]) New * Added a quick initial run after starting the server which only uses stored data and aborts if any required data hasn't been requested before to deal with configuration changes. This will shorten the wait time for an initial data set when restarting Routinator. ([#1057]) * Added support for SLURM v2 as output format which includes ASPA payload. ([#1021]) * Changed refresh behaviour to better cope with short-lived objects. By default, Routinator will now wait for the time defined by `refresh` even if objects expire earlier. The new `min-refresh` option can be used to specify a short minimum refresh time if objects expire before the refresh time. If this value is set to 0, the old behaviour is restored. ([#1027]) * The order in which manifest entries are processed is now randomized. ([#1041]) * Reduced the overhead of storing RRDP snapshot downloads, significantly improving the snapshot update times. ([#1035]) * The `dump` command now prints the source directories of the data it dumps. ([#1045]) * Added a `--update-after` option to the `vrps` subcommand that skips updating the local cache if the last successful validation run was known to be less than a given number of minutes ago. ([#1049]) * Error responses for API-related HTTP endpoints now contain JSON bodies. ([#1050]) * The `/validity` HTTP server endpoint now accepts POST requests with a JSON body containing multiple routes to be checked all at once. ([#1053]) * Better protect against corrupted stored publication points by double checking cached manifest properties against the actual manifest and discard the stored publication point if they mismatch. This fixes an issue where an accidentally or maliciously manipulated locally stored manifest could block update of a legitimate new manifest which was reported by Zizhi Shang, Zhechao Lin, Jiahao Cao, Yangyang Wang, Mingwei Xu of the Institute for Network Sciences and Cyberspace (INSC), Tsinghua University. Bug fixes * Fixed a crash if certain invalid character appear in a manifest file name by limiting the name to the rules defined in [RFC9286]. This issue was reported by Niklas Vogel of Goethe University Frankfurt and ATHENE. ([rpki-rs#342]) * Re-implemented RRDP client metrics based on the much simpler model used by RTRTR to fix recurring errors in the metrics. ([#1039]) * Changed the message logged when an RRDP update times out to actually say that. ([#1052]) Other changes * Improved performance of file system operations on validate subcommand. ([#1043] by [@kawaemon]) * Add package.homepage to Cargo.toml ([#1024]) * Added building packages for RHEL 10 and Debian 13. ([#1034], [#1047]) * Added building packages for ARMv6 and ARM64 for Debian Bookworm. ([#1036]) * Added additional restrictions to the systemd unit files used in the various binary packages. ([#1056]) * Upgrades various dependencies. ([#1004], [#1005], [#1006]) [#1004]: NLnetLabs/routinator#1004 [#1005]: NLnetLabs/routinator#1005 [#1006]: NLnetLabs/routinator#1006 [#1014]: NLnetLabs/routinator#1014 [#1021]: NLnetLabs/routinator#1021 [#1024]: NLnetLabs/routinator#1024 [#1027]: NLnetLabs/routinator#1027 [#1034]: NLnetLabs/routinator#1034 [#1035]: NLnetLabs/routinator#1035 [#1036]: NLnetLabs/routinator#1036 [#1039]: NLnetLabs/routinator#1039 [#1041]: NLnetLabs/routinator#1041 [#1043]: NLnetLabs/routinator#1043 [#1045]: NLnetLabs/routinator#1045 [#1047]: NLnetLabs/routinator#1047 [#1049]: NLnetLabs/routinator#1049 [#1052]: NLnetLabs/routinator#1052 [#1053]: NLnetLabs/routinator#1053 [#1055]: NLnetLabs/routinator#1055 [#1056]: NLnetLabs/routinator#1056 [#1057]: NLnetLabs/routinator#1057 [#1060]: NLnetLabs/routinator#1060 [#1061]: NLnetLabs/routinator#1061 [rpki-rs#342]: NLnetLabs/rpki-rs#342 [@kawaemon]: https://github.com/kawaemon [mitmproxy]: https://www.mitmproxy.org/ [RFC9286]: https://tools.ietf.org/html/rfc9286 [CVE-2023-39916]: https://nlnetlabs.nl/downloads/routinator/CVE-2023-39916.txt ## 0.14.2 "Roll Initiative!" Released 2025-03-04. There have been no changes since 0.14.2-rc1. ## 0.14.2-rc1 Released 2025-03-04. Other changes * Upgrades the bundled Routinator UI to release [0.4.5][routinator-ui v0.4.5]. ([#1014]) [#1015]: NLnetLabs/routinator#1015 [routinator-ui v0.4.5]: https://github.com/NLnetLabs/routinator-ui/releases/tag/v0.4.5
riastradh
pushed a commit
to riastradh/pkgsrc-test20250901
that referenced
this pull request
Feb 8, 2026
Pkgsrc changes: * Version bump + checksum updates. Upstream changes: ## 0.15.1 "Ain't No Country Club Either" Released 2025-10-07. Bug fixes * Abort the optimistic initial run if there are no stored TA certificates for a TAL instead of succeeding with an empty data set. ([#1071]) * Undo `PrivateUsers` restriction in systemd unit files to allow user to run Routinator on privileged ports. ([#1068]) [#1068]: NLnetLabs/routinator#1068 [#1071]: NLnetLabs/routinator#1071 ## 0.15.0 "This Ain't No Disco" Released 2025-09-30 There have been no changes since 0.15.0-rc1. ## 0.15.0-rc1 Released 2025-09-18. Breaking changes * Removed the `rrdp-keep-responses` feature. We suggest the use of an HTTP proxy such as [mitmproxy] instead. This once and for all fixes [CVE-2023-39916] which returned again in release 0.14.0. ([#1055]) * Messages about issues with repositories and publication points are now logged separately and by default are only visible in the status HTTP server endpoints. The new `log-repository-issues` option can be used to have these messages also written to the log. ([#1054]) * Changed how server mode deals with broken or missing local exception files. Previously, Routinator would just stop updating until they are fixed, leading to updates being stalled if the operator misses the error messages. Now it will log a warning and keep using the previous set of local exceptions. When starting, it will exit with an error message if there are broken or missing local exception files. ([#1060]) * Changed the RRDP timeouts: introduced a new config variable `rrdp-read-timeout` that provides a timeout for individual network operations (primarily: read from the server). Its default is 10 seconds. This timeout is also used for connecting of no specific value is given, significantly speeding up validation runs. In addition, the RRDP timeout was increased from 300 to 600 seconds to better deal with slow transmission of large snapshots of some repositories. ([#1061]) New * Added a quick initial run after starting the server which only uses stored data and aborts if any required data hasn't been requested before to deal with configuration changes. This will shorten the wait time for an initial data set when restarting Routinator. ([#1057]) * Added support for SLURM v2 as output format which includes ASPA payload. ([#1021]) * Changed refresh behaviour to better cope with short-lived objects. By default, Routinator will now wait for the time defined by `refresh` even if objects expire earlier. The new `min-refresh` option can be used to specify a short minimum refresh time if objects expire before the refresh time. If this value is set to 0, the old behaviour is restored. ([#1027]) * The order in which manifest entries are processed is now randomized. ([#1041]) * Reduced the overhead of storing RRDP snapshot downloads, significantly improving the snapshot update times. ([#1035]) * The `dump` command now prints the source directories of the data it dumps. ([#1045]) * Added a `--update-after` option to the `vrps` subcommand that skips updating the local cache if the last successful validation run was known to be less than a given number of minutes ago. ([#1049]) * Error responses for API-related HTTP endpoints now contain JSON bodies. ([#1050]) * The `/validity` HTTP server endpoint now accepts POST requests with a JSON body containing multiple routes to be checked all at once. ([#1053]) * Better protect against corrupted stored publication points by double checking cached manifest properties against the actual manifest and discard the stored publication point if they mismatch. This fixes an issue where an accidentally or maliciously manipulated locally stored manifest could block update of a legitimate new manifest which was reported by Zizhi Shang, Zhechao Lin, Jiahao Cao, Yangyang Wang, Mingwei Xu of the Institute for Network Sciences and Cyberspace (INSC), Tsinghua University. Bug fixes * Fixed a crash if certain invalid character appear in a manifest file name by limiting the name to the rules defined in [RFC9286]. This issue was reported by Niklas Vogel of Goethe University Frankfurt and ATHENE. ([rpki-rs#342]) * Re-implemented RRDP client metrics based on the much simpler model used by RTRTR to fix recurring errors in the metrics. ([#1039]) * Changed the message logged when an RRDP update times out to actually say that. ([#1052]) Other changes * Improved performance of file system operations on validate subcommand. ([#1043] by [@kawaemon]) * Add package.homepage to Cargo.toml ([#1024]) * Added building packages for RHEL 10 and Debian 13. ([#1034], [#1047]) * Added building packages for ARMv6 and ARM64 for Debian Bookworm. ([#1036]) * Added additional restrictions to the systemd unit files used in the various binary packages. ([#1056]) * Upgrades various dependencies. ([#1004], [#1005], [#1006]) [#1004]: NLnetLabs/routinator#1004 [#1005]: NLnetLabs/routinator#1005 [#1006]: NLnetLabs/routinator#1006 [#1014]: NLnetLabs/routinator#1014 [#1021]: NLnetLabs/routinator#1021 [#1024]: NLnetLabs/routinator#1024 [#1027]: NLnetLabs/routinator#1027 [#1034]: NLnetLabs/routinator#1034 [#1035]: NLnetLabs/routinator#1035 [#1036]: NLnetLabs/routinator#1036 [#1039]: NLnetLabs/routinator#1039 [#1041]: NLnetLabs/routinator#1041 [#1043]: NLnetLabs/routinator#1043 [#1045]: NLnetLabs/routinator#1045 [#1047]: NLnetLabs/routinator#1047 [#1049]: NLnetLabs/routinator#1049 [#1052]: NLnetLabs/routinator#1052 [#1053]: NLnetLabs/routinator#1053 [#1055]: NLnetLabs/routinator#1055 [#1056]: NLnetLabs/routinator#1056 [#1057]: NLnetLabs/routinator#1057 [#1060]: NLnetLabs/routinator#1060 [#1061]: NLnetLabs/routinator#1061 [rpki-rs#342]: NLnetLabs/rpki-rs#342 [@kawaemon]: https://github.com/kawaemon [mitmproxy]: https://www.mitmproxy.org/ [RFC9286]: https://tools.ietf.org/html/rfc9286 [CVE-2023-39916]: https://nlnetlabs.nl/downloads/routinator/CVE-2023-39916.txt ## 0.14.2 "Roll Initiative!" Released 2025-03-04. There have been no changes since 0.14.2-rc1. ## 0.14.2-rc1 Released 2025-03-04. Other changes * Upgrades the bundled Routinator UI to release [0.4.5][routinator-ui v0.4.5]. ([#1014]) [#1015]: NLnetLabs/routinator#1015 [routinator-ui v0.4.5]: https://github.com/NLnetLabs/routinator-ui/releases/tag/v0.4.5
msk
pushed a commit
to msk/pkgsrc
that referenced
this pull request
May 11, 2026
Pkgsrc changes: * Version bump + checksum updates. Upstream changes: ## 0.15.1 "Ain't No Country Club Either" Released 2025-10-07. Bug fixes * Abort the optimistic initial run if there are no stored TA certificates for a TAL instead of succeeding with an empty data set. ([#1071]) * Undo `PrivateUsers` restriction in systemd unit files to allow user to run Routinator on privileged ports. ([#1068]) [#1068]: NLnetLabs/routinator#1068 [#1071]: NLnetLabs/routinator#1071 ## 0.15.0 "This Ain't No Disco" Released 2025-09-30 There have been no changes since 0.15.0-rc1. ## 0.15.0-rc1 Released 2025-09-18. Breaking changes * Removed the `rrdp-keep-responses` feature. We suggest the use of an HTTP proxy such as [mitmproxy] instead. This once and for all fixes [CVE-2023-39916] which returned again in release 0.14.0. ([#1055]) * Messages about issues with repositories and publication points are now logged separately and by default are only visible in the status HTTP server endpoints. The new `log-repository-issues` option can be used to have these messages also written to the log. ([#1054]) * Changed how server mode deals with broken or missing local exception files. Previously, Routinator would just stop updating until they are fixed, leading to updates being stalled if the operator misses the error messages. Now it will log a warning and keep using the previous set of local exceptions. When starting, it will exit with an error message if there are broken or missing local exception files. ([#1060]) * Changed the RRDP timeouts: introduced a new config variable `rrdp-read-timeout` that provides a timeout for individual network operations (primarily: read from the server). Its default is 10 seconds. This timeout is also used for connecting of no specific value is given, significantly speeding up validation runs. In addition, the RRDP timeout was increased from 300 to 600 seconds to better deal with slow transmission of large snapshots of some repositories. ([#1061]) New * Added a quick initial run after starting the server which only uses stored data and aborts if any required data hasn't been requested before to deal with configuration changes. This will shorten the wait time for an initial data set when restarting Routinator. ([#1057]) * Added support for SLURM v2 as output format which includes ASPA payload. ([#1021]) * Changed refresh behaviour to better cope with short-lived objects. By default, Routinator will now wait for the time defined by `refresh` even if objects expire earlier. The new `min-refresh` option can be used to specify a short minimum refresh time if objects expire before the refresh time. If this value is set to 0, the old behaviour is restored. ([#1027]) * The order in which manifest entries are processed is now randomized. ([#1041]) * Reduced the overhead of storing RRDP snapshot downloads, significantly improving the snapshot update times. ([#1035]) * The `dump` command now prints the source directories of the data it dumps. ([#1045]) * Added a `--update-after` option to the `vrps` subcommand that skips updating the local cache if the last successful validation run was known to be less than a given number of minutes ago. ([#1049]) * Error responses for API-related HTTP endpoints now contain JSON bodies. ([#1050]) * The `/validity` HTTP server endpoint now accepts POST requests with a JSON body containing multiple routes to be checked all at once. ([#1053]) * Better protect against corrupted stored publication points by double checking cached manifest properties against the actual manifest and discard the stored publication point if they mismatch. This fixes an issue where an accidentally or maliciously manipulated locally stored manifest could block update of a legitimate new manifest which was reported by Zizhi Shang, Zhechao Lin, Jiahao Cao, Yangyang Wang, Mingwei Xu of the Institute for Network Sciences and Cyberspace (INSC), Tsinghua University. Bug fixes * Fixed a crash if certain invalid character appear in a manifest file name by limiting the name to the rules defined in [RFC9286]. This issue was reported by Niklas Vogel of Goethe University Frankfurt and ATHENE. ([rpki-rs#342]) * Re-implemented RRDP client metrics based on the much simpler model used by RTRTR to fix recurring errors in the metrics. ([#1039]) * Changed the message logged when an RRDP update times out to actually say that. ([#1052]) Other changes * Improved performance of file system operations on validate subcommand. ([#1043] by [@kawaemon]) * Add package.homepage to Cargo.toml ([#1024]) * Added building packages for RHEL 10 and Debian 13. ([#1034], [#1047]) * Added building packages for ARMv6 and ARM64 for Debian Bookworm. ([#1036]) * Added additional restrictions to the systemd unit files used in the various binary packages. ([#1056]) * Upgrades various dependencies. ([#1004], [#1005], [#1006]) [#1004]: NLnetLabs/routinator#1004 [#1005]: NLnetLabs/routinator#1005 [#1006]: NLnetLabs/routinator#1006 [#1014]: NLnetLabs/routinator#1014 [#1021]: NLnetLabs/routinator#1021 [#1024]: NLnetLabs/routinator#1024 [#1027]: NLnetLabs/routinator#1027 [#1034]: NLnetLabs/routinator#1034 [#1035]: NLnetLabs/routinator#1035 [#1036]: NLnetLabs/routinator#1036 [#1039]: NLnetLabs/routinator#1039 [#1041]: NLnetLabs/routinator#1041 [#1043]: NLnetLabs/routinator#1043 [#1045]: NLnetLabs/routinator#1045 [#1047]: NLnetLabs/routinator#1047 [#1049]: NLnetLabs/routinator#1049 [#1052]: NLnetLabs/routinator#1052 [#1053]: NLnetLabs/routinator#1053 [#1055]: NLnetLabs/routinator#1055 [#1056]: NLnetLabs/routinator#1056 [#1057]: NLnetLabs/routinator#1057 [#1060]: NLnetLabs/routinator#1060 [#1061]: NLnetLabs/routinator#1061 [rpki-rs#342]: NLnetLabs/rpki-rs#342 [@kawaemon]: https://github.com/kawaemon [mitmproxy]: https://www.mitmproxy.org/ [RFC9286]: https://tools.ietf.org/html/rfc9286 [CVE-2023-39916]: https://nlnetlabs.nl/downloads/routinator/CVE-2023-39916.txt ## 0.14.2 "Roll Initiative!" Released 2025-03-04. There have been no changes since 0.14.2-rc1. ## 0.14.2-rc1 Released 2025-03-04. Other changes * Upgrades the bundled Routinator UI to release [0.4.5][routinator-ui v0.4.5]. ([#1014]) [#1015]: NLnetLabs/routinator#1015 [routinator-ui v0.4.5]: https://github.com/NLnetLabs/routinator-ui/releases/tag/v0.4.5
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR adds support for a min-refresh option in the configuration, and changes the default behaviour relating to #1025
Currently Routinator will look at the earliest expiry time of any non-expired object in the RPKI, and set the refresh time to that time. The validation of all objects in the RPKI takes some time. In this time, an object that was already verified as valid might have expired before the run completes. This would cause Routinator to immediately run again after completion.
This PR changes that behaviour by introducing a minimum duration to wait, and if not set to wait the
refreshtime (by default 10 minutes).