Skip to content

Releases: sil-org/certmagic-storage-dynamodb

v3.1.4 - security update

24 Feb 01:05
@briskt briskt
v3.1.4
23882e7
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v3.1.4 - security update Latest
Latest

What's Changed

Full Changelog: v3.1.3...v3.1.4

Contributors

briskt
Assets 2
Loading

v3.1.3 - Go update and bump golang.org/x/crypto

10 Dec 03:44
@briskt briskt
v3.1.3
5a41b01
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v3.1.3 - Go update and bump golang.org/x/crypto

What's Changed

Full Changelog: v3.1.2...v3.1.3

Contributors

briskt and dependabot
Loading

v3.1.2

12 Nov 11:40
@briskt briskt
v3.1.2
e4dafbc
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v3.1.2

What's Changed

  • Rename docker-compose.yml to compose.yaml by @briskt in #55
  • Bump github.com/quic-go/quic-go from 0.48.2 to 0.49.1 by @dependabot[bot] in #56

Full Changelog: v3.1.1...v3.1.2

Contributors

briskt and dependabot
Loading

v3.1.1

14 May 13:22
@briskt briskt
v3.1.1
7bb8b6c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v3.1.1

What's Changed

Full Changelog: v3.1.0...v3.1.1

Contributors

dependabot
Loading

v3.1.0 -- enhance locking, security patch

09 Apr 14:04
@briskt briskt
v3.1.0
6e12ee0
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v3.1.0 -- enhance locking, security patch

What's Changed

  • Enhance locking with atomic acquisition and refresh by @hrko in #51
  • Bump golang.org/x/net from 0.33.0 to 0.36.0 by @dependabot in #52

New Contributors

  • @hrko made their first contribution in #51

Full Changelog: v3.0.11...v3.1.0

Contributors

hrko and dependabot
Loading

v3.1.0-pre.0

06 Mar 02:48
@briskt briskt
v3.1.0-pre.0
5fab82b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v3.1.0-pre.0 Pre-release
Pre-release

Overview

This PR introduces crucial changes to enhance the reliability and robustness of the locking mechanism. Specifically, it adds the functionality to make lock acquisition atomic and to periodically refresh the lock's expiration time. These changes reduce the risk of race conditions in concurrent environments, leading to more stable certificate management.

Key Changes

1. Atomic Lock Acquisition Logic:

  • In the previous implementation, checking for lock existence and creating the lock were separate steps, which could allow another process to acquire the lock in between.
  • The new implementation uses DynamoDB's PutItem operation with a ConditionExpression to make lock existence check and creation atomic.
  • By combining the attribute_not_exists and ExpiresAt conditions, the lock is only acquired if it does not exist or if it exists but has expired.
  • Furthermore, each lock is assigned a unique UUID (LockID), and the UpdateItem operation's ConditionExpression checks the LockID to ensure that only the lock created by itself can be updated.

2. Periodic Lock Expiration Refresh:

  • The previous implementation had a fixed lock expiration time, which could lead to the lock expiring if the critical section took too long.
  • The new implementation starts a goroutine within the Lock method to periodically refresh the lock's expiration time at LockRefreshInterval (defaulting to LockTimeout / 3).
  • This ensures that the lock is held until the critical section's process is complete.

Problems Solved and Benefits of the Changes

  • Race Condition Prevention: Atomic lock acquisition prevents race conditions where multiple processes attempt to acquire the lock simultaneously.
  • Critical Section Protection: Periodic lock refreshes prevent other instances from entering the critical section at the same time due to the lock expiring during the execution of the critical section. This prevents situations like:
    1. An instance acquires the lock and enters the critical section.
    2. The critical section's processing takes a long time, and the lock expires.
    3. Another instance acquires the lock and enters the critical section simultaneously.
    4. As a result, unexpected behavior occurs (for example, the certificate issuance process in the instance that first acquired the lock may stall).
  • Improved Reliability: A more robust locking mechanism improves the reliability of certificate acquisition and renewal processes.
  • Improved Stability in Clustered Environments: More stable behavior is expected, especially in clustered environments where multiple application instances share DynamoDB.

What's Changed

  • Enhance locking with atomic acquisition and refresh by @hrko in #51

New Contributors

  • @hrko made their first contribution in #51

Full Changelog: v3.0.11...v3.1.0-pre.0

Contributors

hrko
Loading

update AWS SDK to version 2

30 Jan 01:49
@briskt briskt
v3.0.11
faad0c5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
update AWS SDK to version 2

What's Changed

Full Changelog: v3.0.10...v3.0.11

Contributors

briskt
Loading

bump golang.org/x/net

09 Jan 18:45
@briskt briskt
v3.0.10
f6661f5
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
bump golang.org/x/net

What's Changed

Full Changelog: v3.0.9...v3.0.10

Contributors

dependabot
Loading

bump golang.org/x/crypto

13 Dec 01:49
@briskt briskt
v3.0.9
322bb0e
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
bump golang.org/x/crypto

What's Changed

Full Changelog: v3.0.8...v3.0.9

Contributors

briskt
Loading

Bump quic-go to 0.48.2

10 Dec 05:21
@briskt briskt
v3.0.8
b385bed
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
Bump quic-go to 0.48.2

What's Changed

  • Bump github.com/quic-go/quic-go from 0.44.0 to 0.48.2 by @dependabot in #45

Full Changelog: v3.0.7...v3.0.8

Contributors

dependabot
Loading