• Allow non-self-signed CA certificate as 'root' (#160, #196) -- i.e. you now can use a sub-CA as the root CA in LabCA
• Also allow names in standalone DB config (#198)
• Tweak max upload size for backups (#189)
• Bump actions/checkout from 4 to 5
• Bump actions/setup-go from 5 to 6
• Bump boulder version to v0.20250908.0

• Cleanup mailer script that depended on boulder expiration-mailer (#193)
• Remove email details from admin pages
• Bump boulder version to v0.20250728.0
• Miscellaneous updates and clean ups

• Also ignore lint check unknown_tld_in_san (#181)
• Bump boulder version to v0.20250707.0
• Fix redis certificate after IP range changed
• Clarify in README to go to build subdirectory
• Add note about restoring database after upgrade...

• Fix previous CRL check when renewing CRL (#169)
• Fix missing labca-gui from control container
• Fix check in bad-key-revoker to skip SMTP TLS verification (#171)
• Fix CA links on public homepage (#166)
• Remove old comment about keeping root key offline - not possible anymore (#160)
• Replace acme_tiny.py with certbot as ACME client
• Bump boulder version to release-2025-05-27
• Update README files to make docker-only the primary setup
• Add golangci-lint for GUI
• Add packages write permission to workflows
• Fix linting issues
• Bump golang.org/x/crypto (#176 by dependabot[bot])
• Bump golang.org/x/net in /gui in the go_modules group across 1 directory (#177 by dependabot[bot])
• Add syntax parser directive to Dockerfiles
• Bump golangci/golangci-lint-action from 7 to 8
• Bump golangci-lint to v2.1

• Clarify in README that offline root CA key is no longer supported
• Allow big uploads to /admin/ for restoring backups (#156)
• Create home dir for edge case where it was removed (#157)
• Fix certificate revoke command (#158)
• Fix CRL shard detection when revoking certs (#158)
• Fix issue where ceremony tool is not compiled in time
• Fix restart policy on bredis and bpkilint containers (#162)
• Fix root certificate link on setup page (#166)
• Update some GUI mod versions (dependabot)
• Remove obsolete instruction about update button (#165)
• Bump boulder version to release-2025-03-18
• Use latest tag for nginx docker image
• Prevent huge MySQL slow queries log file (#168)
• Fix cleanup of now obsolete bpkilint container

• Use Let's Encrypt ceremony tool for generating keys and certs instead of openssl
• Store keys on SoftHSM instead of in plain text files on disk
• Add redis container for boulder rate limiting
• Fix standalone builds (both .debs and container) (#154)
• Use redis for OCSP as well, in different database number
• Fix issuer and CRL URLs in certificates
• Bump boulder version to release-2025-02-14
• Several fixes and tweaks

⚠️ WARNING: from this version forward it is NOT longer possible to keep the root CA key offline! If your current system does not contain the root key, upgrading to this or future versions will fail. Either setup a new instance of LabCA and import the root certificate WITH the key, or stick with v25.01.1 or earlier.
Allowing the root key to be offline made my code very complex to maintain, and with the change to the ceremony tool it would have become way more difficult. The keys are now stored in SoftHSMv2 and I will be looking into possibly supporting physical HSMs (Hardware Security Modules) in the future.

• Fix new(ish) db migration so data is preserved when upgrading
• Remove unnecessary make that causes an issue (#138)

• Also build arm64 standalone .deb package when releasing
• Add action to build standalone docker images (#124)
• Temporarily issue both ECDSA and RSA from same issuer (#138 #144 #150)
• Bump boulder version to release-2025-01-06

• Bump boulder version to release-2024-12-10
• Bump golang.org/x/crypto from 0.21.0 to 0.31.0
• Bump nginx from 1.27.1 to 1.27.3
• Add minica binary to control image
• Improve message parsing of JSON audit lines
• Fix detection of all containers being up

• SMTP server can now use LabCA issued certificate (#139)
• Bump nginx from 1.26.0 to 1.27.1
• Remove bsetup container (#138)
• Add printablestring/utf8string import issue to common errors section (#141)