- Improve use of RRDP data during integration tests.
- Monitor RRDP PAAS repositories through CDN locations.
- Use new flag on deploy to update container. Hotfixes a change to internal infrastructure that was not communicated by the platform team.
- Gradle configuration is now done in Kotlin.
- Various configuration changes.
- hotfix: fix path of duplicate all resources CA; after more debugging a different certificate must be ignored.
- hotfix: ignore duplicate all resources CA; to be removed when keyroll is finished.
- hotfix: Use expiration for expiration instead of creation.
- Do not treat v1 ASPA object as parse failures when
rpkimonitor.accept-aspa-v1: true
- Use new rpki-commons with profile-15 aspa code
- Print the first N overlapping resources and first M URIs of certificates that have overlaps.
- Match metric labels between RRDP serial and object metrics
- 14.5 hour threshold before having alerting on top level CA/manifest expiry
- Switch base image to eclipse-temurin based on focal
- Scan RRDP every minute
- Consolidate rsyncit targets to have a single target behind a load-balancer.
- log the cause when a repo update is aborted, but continue fetching the other repositories.
- hotfix: parse hex sha256 hashes from core: prevents false positive file difference.
- Do not log missing manifests.
- Add
Dockerfilethat does not rely on NCC internal images
- Raise default thread limit to 8 and share semaphore over types.
- Store hashes as byte arrays instead of interned strings.
- Improve (CPU) performance of certificate analysis by removing resources from CertificateEntry hashCode.
- Fix memory explosion during certificate comparison with many overlaps.
- Describe HTTP client in line about snapshot download
- Fix a broken log line
- Log the hash of downloaded snapshot
- Log the rejected file's content
- Use three threads when collecting
- Log the snapshot serial and URL on update
- Add certificate overlap analysis
- Allow-list specific SIAs to alert on for overlap analysis
- Allow short-term overlap (keyroll)
- Limit concurrent fetches to
collector.threadsparallel fetches per repo type.
- Add rsyncit targets for production and prepdev
- Remove beanstalk target from monitoring
- Remove rsync migrate production host from monitoring
- Improve RRDP implementation testability and quality.
- Validate that
session_idis a UUIDv4 - spring boot 3.1.1, rpki-commons 1.34, other dependency updates.
- Disable tracing by default and enable only on prepdev
- Add opentelemetry tracing
- Dependency updates
- Add Linode external publication server
- Spring boot 3.1
- Use connect-to in metric tags, to prevent overwriting metrics from multiple RRDP sources.
- Add
rpkimonitoring_expiry_matchermetrics to match expiry time for objects in specific locations.
- Use resolver that prefers IPv6. Add metrics for HTTP clients that do not use URL in labels.
- Improve exception handling - track aborted non-failure cases
- Track a non-modified snapshot as successful update
- Do not update the last successful URL until processing succeeds.
- HTTP client for RRDP not supports a total-request timeout
- More metrics for http client through spring boot default metrics
- Add metric for maximum observed object size in repository
- Check consistency of RRDP snapshot (serial, structure) before processing
- Include git version information in
/actuator/info - Use abbreviated git commit in user-agent string
- Accept (but log) RRDP snapshot when it contains multiple publish entries for the same URL.
- Support xsd:base64Binary values surrounded by whitespace
- Support ASPA objects
- Upgrade to spring boot 3
- Fix Akamai production RRDP URL
- spring-boot: 2.7.3 -> 2.7.4
- Monitor Akamai production repository
- Enable monitoring of rrdp.int.prepdev repository
- Add url label on object count metrics
- Use records instead of strings as map key for metrics
- Fix rsync URLs so that they work with rsync 3.2.4
- Add Akamai test repository location
- Remove I3d repository locations
- Dependency updates
- Fix core api-key config
- Fix enabling core repository synchronization
- rsync: move hard-coded directories to sync to configuration
- core: allow to enable/disable in configuration
- add PAAS environment configurations
- introduce metrics per object type
- Performance improvements
- Prevent object re-creation when repeatedly disposing the same object.
- Atomically update object map
- Run tests in parallel
- Remove dev environment
- Add metrics for fetcher updates + RRDP serial
- Intern strings in an attempt to save memory.
- Fix AWS Beanstalk RRDP repository configuration
- Prevent overlapping runs of collectors
- Spring boot: 2.6.5 -> 2.6.6
- Spring4Shell: remove data-binder mitigation
- Spring framework: force use of 5.3.18
- Use stricter timeouts for RRDP repositories
- Spring boot: 2.6.4 -> 2.6.5
- Spring4Shell mitigation
- Gradle plugin updates for: jib, git-version
- Introduce
connect-toconfiguration for testing alternative RRDP locations (i.e. inactive CDNs) including TLS handshakes. - Monitor repository on Cloudflare CDN
- Track disposed objects in repositories so that resigned objects from core are not reported as false differences.
- Add endpoints to view repository information:
/diff?lhs=<repo1>&rhs=<repo2>&threshold=0/<repo>/info?theshold=0/<repo>/inspect?uri=<uri>/<repo>/objects?uri=<uri>&threshold=0
- Change rsync target configuration to make it similar to rrdp.
- Enable RenovateBot and apply updates
- Build and run on java 17
- Monitor i3d test endpoint
- remove rpki2 from configuration
- clarify that memory may be set from environment (...)
- Monitor i3d endpoint
- increase Xmx to 3.5GB for the container.
- spring boot: 2.6.2 -> 2.6.3
- spring-boot: 2.5.1 -> 2.5.4
- rpki-commons: 1.21 -> 1.24
- Update Gradle build plugins
- Log unknown objects when encountered.
- Monitor RRDP repository at
https://publish.rpki.prepdev.ripe.net
- Set
JAVA_TOOL_OPTIONSin docker container.
- Hotfix
- Add object expiry monitoring