chore(main): release 0.10.0

[mender-test-bot]

---

0.10.0 - 2026-03-05

Bug fixes

• (build) Set default value for secondary CA cert to false
  (MEN-8351) (aca8e5d) by @lluiscampos

  The secondary CA cert is really optional, as a custom Mender Server
  could use the same domain for both API calls and Artifacts storage.

  Set MENDER_NET_CA_CERTIFICATE_TAG_SECONDARY_ENABLED default to n and
  instead select it when selecting hosted Mender option(s).

• (storage) Use fs_size instead of fs_off for flash erase size
  (e5afb0c) by @hkenken

  The third argument of flash_area_flatten() should be the size to erase,
  not the offset. Using fs_off caused incorrect erase size calculation.

Documentation

• Document how to skip TLS peer verification
  (MEN-8351) (3b5d1fc) by @lluiscampos

Features

• Add backup root cert to Zephyr certs chain
  (MEN-8494) (5e061d5) by @elkoniu

  For disaster recovery and emergency having single certificate is risky.
  This change introduces 2nd root certificate to be used on the platform.

• Support Zephyr 4.2.0
  (MEN-8638) (2d8e634) by @danielskinstad

• Send tier in authentication request
  (MEN-8559) (ecfa717) by @danielskinstad

  Add device tier support to authentication requests. The client now
  sends a 'tier' parameter in authentication requests, supporting "standard"
  (default) and "micro" tiers. The tier is configurable via Kconfig or
  through the client config struct before initialization, which will take
  precedence over the Kconfig option.

• Default device tier to "micro"
  (6fb81d2) by @danielskinstad

  Set the default device tier to "micro" rather
  than "standard".

• Change default intervals for update polling and inventory refresh to 7 days
  (MEN-9038) (4e987ba) by @michalkopczan

• Produce a warning during build if configured intervals are too short
  (MEN-9038) (32a2340) by @michalkopczan

  When configured update polling and inventory refresh intervals are
  shorter than the minimum allowed for micro tier, produce a warning during build.

• Handle rate limits with value provided by server
  (MEN-8849) (98b4cbc) by @danielskinstad

  Added support for reading the Retry-After header on HTTP 429 errors.
  When a 429 error is detected, parse the Retry-After header value and use
  it to schedule the next HTTP request instead of using the backoff mechanism.

• Add a kernel configuration for the HTTP request timeout
  (MEN-9051) (4a238e6)

  This feature replaces the HTTP request timeout with a kernel config as
  some network connections could not finish the download within the
  provided time. The kernel config allows application developers to
  determine what is suitable for their use case.

  In addition, by default, the timeout is set to 5 minutes if a cellular
  modem has configured.

  config MENDER_HTTP_REQUEST_TIMEOUT_MS
      int "The HTTP request timeout in milliseconds"
      default 300000 if MODEM_CELLULAR
      default 60000
  

  Ticket MEN-9051.

Build

• Support warning/failing on artifact sizes
  (MEN-8584) (330f72e) by @danielskinstad

  Add support for specifying size limits for Mender
  Artifacts during a build. This uses the feature implemented in
  mender-artifact 4.2.0. The limits can be configured through the Kconfig,
  or by enabling MENDER_ARTIFACT_SIZE_LIMITS and setting
  MENDER_ARTIFACT_WARN_SIZE and or MENDER_ARTIFACT_MAX_SIZE.

• Fix misc typos in Kconfig
  (aefe5cc) by @lluiscampos

---