acra v0.92.0 Release Notes

Release Date: 2022-03-01 // about 1 year ago
  • ๐Ÿš€ This release brings stability and performance fixes to AcraServer and AcraTranslator. It officially deprecates usage ๐Ÿ”ง of AcraConnector in favour of TLS everywhere. Some default configuration params are changed in favour of more secure & ๐Ÿ‘ better performance settings.


    • AcraServer, AcraTranslator:
      • Improved TLS certificate validation performance with CRL. #482
      • Poison record detection turned off by default. Flag --poison_detect_enable changed default value from true to false. #484
      • Removed SecureSession and AcraConnector support as transport encryption. #481
      • Improved and clarified log messages. Removed messages with error level for success cases (not detected poison record), clarified context of messages. #487
      • Added suggestions in log messages how to solve issues with TLS connections. #493
      • Improved in-memory caching keys:
      • Added caching symmetric keys like asymmetric #489
      • Added caching metadata about rotated keys #498
      • Added new flag --keystore_cache_on_start_enable that turns on loading all keys into in-memory cache on startup. #497
      • Changed default value for --keystore_cache_size parameter from -1 (which means no limits for cache) to 1000 (cache items). #497
      • Legacy keys that were used with AcraConnector are now ignored during initial caching on startup. #510
    • AcraServer:
      • The default CryptoEnvelope has changed from acrastruct to acrablock in the encryptor_config. Now AcraServer will use faster encryption by default. You can select which CryptoEnvelope to use in encryptor_config. See AcraStructs vs AcraBlocks documentation, #485
      • Extended PostgreSQL's SQL syntax support with null::<type> type casts. #479
      • Changed the default values for next CLI parameters:
      • --tls_client_id_from_cert changed from false to true. Now AcraServer require app's TLS certificates and map them to keys. #481
      • Improved performance for:
      • querycapture handler in AcraCensor. #483
      • transparent encryption and poison record detection. #487, #496
      • searchable encryption. #490
      • Removed next CLI parameters due to removed AcraConnector support:
      • --securesession_id, --acraconnector_tls_transport_enable, --acraconnector_transport_encryption_disable. #481
    • AcraTranslator: Now AcraTranslator works with TLS by default, it doesn't support AcraConnector anymore. #481
      • Removed next CLI parameters due to removed AcraConnector support:
      • --securesession_id, --acratranslator_tls_transport_enable, --acraconnector_transport_encryption_disable. #481
    • AcraKeymaker:
      • Now handle correctly generation symmetric keys into not existing folders. #486
      • Removed next CLI parameters due to removed AcraConnector support:
      • --generate_acraconnector_keys, --generate_acraserver_keys, --generate_acratranslator_keys. #481
    • AcraKeys:
      • Removed next key types for all commands (generate, read, destroy): transport-connector, transport-server, transport-translator. #481
    • AcraConnector:

    Example projects and demos: