3.7.0 (2026-01-29)

Bug Fixes

• Fix: update service name to lamassu-db-migration in docker image work… (#385)
• Fix: ca: Root CA Extended Key Usages (#370)

Chores

• Chore: release: prepare release 3.7.0 (#384)
• Chore: Add JSON Patch support documentation (RFC 6902) (#379)
• Chore: openapi - standardize authentication schemes (#372)
• Chore: Go dependency cleanup (#364)
• Chore: Add OpenAPI specifications for all APIs (#363)

Features

• Feat: add lamassu-db-migration Dockerfile and update references in workflows and README (#383)
• Feat: support sort using jsonpath expressions (#381)
• Feat: migrate metadata columns to JSONB and add JSONPath filtering (#378)
• Feat: Implement CA reissuance functionality (#357)
• Feat: add expiration date info for device identity slots (#377)
• Feat: implement device filtering statistics functionality (#376)
• Feat: enable Docker-less local development via SQLite storage and In-Memory bus (#374)
• Feat: add CA issuance profile support for CreateCA functionality (#371)

Refactor

• Refactor: Isolate backend assembler tests for better coverage and optimize CI timeouts (#365)
• Refactor: CA Service to External KMS (#350)

3.6.3 (2025-11-17)

Bug Fixes

• Fix: VA ski encoding in crl dp (#358)
• Fix: ca: remove sensitive info in audit events (#356)

3.6.2 (2025-11-11)

Bug Fixes

• Fix: VA: service returns 500 HTTP code for unknown SKIs (#352)
• Fix: fixing keysize for aws-based cryptoengines(#353)
• Fix: AWS Connector: incorrect IoT metadata key in error messages (#340)
• Fix: CA: add issuance profile validation for CA operations (#339)
• Fix: improve AWS KMS key and alias retrieval with pagination support (#336)
• Fix: VA: Use certificate’s actual revocation timestamp in CRL calculation (#333)

Chores

• Chore: release: prepare release 3.6.2 (#354)
• Chore: Adjust test timeout in CI workflow (#348)

Features

• Feat: add independent database migration tool (#337)

3.6.1 (2025-10-09)

Bug Fixes

• Fix: remove key casting in kms module (#331)

3.6.0 (2025-10-09)

Bug Fixes

• Fix: DMS creation date filtering functionality (#329)
• Fix: test configuration and database dependency issues (#327)
• Fix: CA: add migration to remove hyphens from issuer_meta_serial_number fields (#325)
• Fix: va: use CRL service interface (#322)

Chores

• Chore: readme update (#323)

Features

• Feat: CA: enhanced CA deletion with cascade operations and private key management (#308)
• Feat: KMS Service v1 (#267)
• Feat: add support to filter certs by subject_key_id (#326)

Refactor

• Refactor: streamline event bus handling and service middleware integration across multiple assemblers (#324)

3.5.2 (2025-09-26)

Bug Fixes

• Fix: fixed support for dedicated DLQ event bus configuration across services (#319)
• Fix: ca: add migration for profile_id with null in validity_time column in ca_certificates table (#316)
• Fix: devicemanager: normalize device certificate serial numbers (#317)

Features

• Feat: make issuance profile optional at the certificate sign operation (#318)

3.5.1 (2025-09-24)

Bug Fixes

• Fix: all: add correct source in cloud events (#311)
• Fix: add missing engines to release finalization workflow (#312)
• Fix: monolithic: deploy v4 ui in monolithic with correct port mapping (#310)
• Fix: ca: import ca without key when profileid not supplied (#309)

3.5.0 (2025-09-23)

Bug Fixes

• Fix: ca: SKI and AKI extracrted from certificates (if any) (#295)
• Fix: add dlq to event bus after 3 retries (#302)
• Fix: allow signing certs expiring after ca (#299)
• Fix: middleware: missing DeleteDevice operation
• Fix: ca: fix crl urls in generated certificates to include hex encoded with colons (#279)
• Fix: no tmp_dir for fileblob persistence (#277)
• Fix: CRL Initialization on event (#273)
• Fix: update bookmark encoding to use URL-safe base64 encoding (#272)

Chores

• Chore: fix release notes in open-pr-release workflow
• Chore: refactoring release process (#304)
• Chore: update CONTRIBUTING.md to clarify setup instructions (#296)
• Chore: fix linting and typo issues (#287)
• Chore: monolithic: add labels and standard ports in docker containers (#281)
• Chore: Bump dependencies (#278)

Features

• Feat: add DELETE certificate endpoint for orphaned certificate cleanup with issuer CA validation (#301)
• Feat: add support for filtering CAs based on profile_id (#303)
• Feat: all: add audit events (#291)
• Feat: va: add support for CRL certificate reactivation from hold (#297)
• Feat: add support for deleting devices in decommissioned state (#294)
• Feat: ca: avoid redundancy on issuance profiles generation (#292)
• Feat: ca: default issuance profiles for CAs and integrate in dms EST processes (#290)
• Feat: CA: Add Full CRUD Support for Issuance Profiles in CA Service (#286)
• Feat: add PATCH method to metadata endpoints (#284)
• Feat: DMS: implement update metadata endpoint (#283)
• Feat: va: Remove get roles (#280)
• Feat: DMS: add certificate Issuance Profile support (#276)
• Feat: refactor by adding InitCRLRole method to CRLService and its implementations (#271)
• Feat: add case-insensitive filtering support (#270)
• Feat: DMS Manager: add option to toggle CSR signature verification during Enrollment/Reenrollment (#268)

Refactor

• Refactor: CA: homogenize certificate SN format (#289)

Tests

• Test: middleware: add DeleteDevice case to event publisher (#298)

3.4.0 (2025-06-03)

Bug Fixes

• Fix: CA: fix filtering CAs by CN (#265)
• Fix: CA: discard aws reserved kms aliases (#266)
• Fix: DMS Manager: ReEnroll - Add a check to validate the presence of a CommonName in the CSR (#251)
• Fix: DMS Manager: add a null check when decommissioning a device wihtout identity (#250)
• Fix: monolithic ui port now being served correctly (#240)

Bump Versions

• Bump: backend direct deps (#264)
• Bump: go-jose to 4.0.5 (#263)

Chores

• Chore: bump x/net to 0.38.0 (#262)
• Chore: bump go-playground/validator to v10.26.0 (#261)
• Chore: bump aws sdk 1.36.3 (#260)
• Chore: bump ory/dockertest 3.12.0 (#259)
• Chore: Bump golang-jwt to 4.5.2 (#258)
• Chore: bumping go version 1.24 (#255)
• Chore: adjust monolithic monitoring job (#239)

Features

• Feat: DMS Manager: add DMS delete operation (#252)
• Feat: CA: implement AWS KMS import keys (#245)
• Feat: CA: refactor crypto engine keys migration (#246)
• Feat: VA: assemble service conditionally based on config (#244)
• Feat: enhance event filters to use full event data for processing (#242)

3.3.0 (2025-03-18)

Bug Fixes

• Fix: Monolithic: Enable MonitoringJob using negated value of disableMonitor flag (#234)
• Fix: Improved gorm queries to reduce it and avoid recordNotFound errors (#227)
• Fix: aws eventbus - ensure sns topic exists before subscribing to sns (#215)

Chores

• Chore: launch monolithic UI in a random docker port (#238)
• Chore: update contributing guidelines (#233)
• Chore: modularize engine registration with build tags to favour custom builds (#222)
• Chore: show codecov flag for backend module (#220)

Features

• Feat: monolithic: lammassu-ui is launched with monolithic. disable-ui flag added to avoid (#232)
• Feat: DMS Manager: add AWS ALB identity extractor (#237)
• Feat: Change device and CA metadata handling by using JSONPatch expressions (#229)
• Feat: Add job for scheduled build of CAs CRLs (#216)
• Feat: add javascript filters support to subscription conditions (#221)
• Feat: aws-connector - report CA registration error in metadata (#218)
• Feat: Implement JSONPath and JSONSchema filter options for alert subscriptions (#217)
• Feat: va - add Issuing Distribution Point extension to CRL (#214)
• Feat: ca - Add multiple URLs to CRL and OCSP fields in certificates as well as accesing over http instead of https (#213)