v0.20260623.0

What's Changed

• wfe: add MaxCumulativeIdentifierLength by @jsha in #8804
• test: give more retries to bvitess health checks by @jsha in #8805
• Allow dependabot to manage container versions in docker-compose file by @pgporada in #8807
• ci: build gotip into boulder-tools by @jsha in #8801
• mtpki: use ML-DSA by @jsha in #8803
• Dependabot docker-compose should group changes into a single PR by @pgporada in #8811
• Update zlint to just past v3.7.1 by @aarongable in #8800
• build(deps): bump github/codeql-action from 4.36.0 to 4.36.2 by @dependabot[bot] in #8810
• build(deps): bump golang.org/x/time from 0.11.0 to 0.15.0 by @dependabot[bot] in #8772
• build(deps): bump jaegertracing/all-in-one from 1.50 to 1.76.0 by @dependabot[bot] in #8809
• build(deps): bump the aws group across 1 directory with 4 updates by @dependabot[bot] in #8773
• dependencies: Update go-redis from v9.10.0 to v9.20.1 by @beautifulentropy in #8815

Full Changelog: v0.20260615.0...v0.20260623.0

v0.20260615.0

What's Changed

• Replace errors.As with errors.AsType by @ezekiel in #8779
• test: Add minio for MTC tile storage by @beautifulentropy in #8790
• issuer: don't log HSM PIN on misconfiguration by @inahga in #8794
• ra: call MTCA when profile indicates MTC by @jsha in #8781
• crl-storer: use IfMatch to do a compare-and-swap when uploading by @aarongable in #8791
• mtpublisher: Add skeleton that pushes dummy cosignatures by @beautifulentropy in #8793
• Add int-type Authz ID proto fields alongside any string-type proto fields by @ezekiel in #8754
• wfe: block accounts from YAML config file by @jsha in #8797
• cert-checker: fix logging & push metrics by @lenaunderwood22 in #8763
• wfe: fix test comment by @jsha in #8798

Full Changelog: v0.20260608.0...v0.20260615.0

v0.20260608.0

What's Changed

• web: user-agent can be non-ASCII by @jsha in #8723
• ci: run zizmor by @inahga in #8767
• clean up OCSP functions in helpers.py by @jsha in #8775
• ra: remove deprecated OCSPService config by @jsha in #8777
• issuance: make digitalSignature optional by @jsha in #8774
• test: run unittests in parallel by @jsha in #8780
• ra: rewrite outdated comment by @jsha in #8782
• ci: upload container logs on failure by @jsha in #8784
• doc: remove DESIGN.md by @jsha in #8783
• add boulder-mtca service by @jsha in #8776

Full Changelog: v0.20260602.0...v0.20260608.0

v0.20260602.0

What's Changed

• Expose retry-after in CORS Access-Control-Expose-Headers by @mcpherrinm in #8758
• ci: remediate zizmor finding by @inahga in #8768
• mtca: add generator for test CA by @jsha in #8765
• Ceremony: require configs to specify a profile URL by @aarongable in #8770
• sa: add schema for MTC operations by @jsha in #8764

Full Changelog: v0.20260526.0...v0.20260602.0

v0.20260526.0

What's Changed

• build(deps): bump go.opentelemetry.io/otel/sdk from 1.40.0 to 1.43.0 by @dependabot[bot] in #8706
• ceremony: Remove unused parseOID function by @pgporada in #8756
• build(deps): bump the aws group with 4 updates by @dependabot[bot] in #8755
• sfe/salesforce: Remove donation call-to-action and Cases support by @beautifulentropy in #8751
• Update go to 1.26.3 and golang.org/x/ deps by @aarongable in #8757
• cert-checker: Exit non-zero on check failure by @beautifulentropy in #8759

Full Changelog: v0.20260518.0...v0.20260526.0

v0.20260518.0

What's Changed

• ct-test-srv: cap tracked submissions by @mcpherrinm in #8752
• build(deps): bump the aws group across 1 directory with 3 updates by @dependabot[bot] in #8746
• sa: getAuthorizationStatuses checks results by @jsha in #8726
• Use a unix socket to talk to pkimetal by @mcpherrinm in #8715

Full Changelog: v0.20260512.0...v0.20260518.0

v0.20260512.0

What's Changed

• admin: Support creating incidents and adding serials by @beautifulentropy in #8740
• ceremony: Add support for configuring cross-sign EKUs by @aarongable in #8750

Full Changelog: v0.20260504.0...v0.20260512.0

v0.20260504.0

What's Changed

• Replace docker/login-action with inline docker login by @inahga in #8694
• Update draft-ietf-acme-dns-persist-00 support to 01 by @beautifulentropy in #8725
• cert-checker: remove use of SelectNullInt by @jsha in #8734
• Remove dead code from integration/ari_test.go by @aarongable in #8729
• Remove deprecated Active bool config by @mcpherrinm in #8741
• build(deps): bump actions/github-script from 8 to 9 by @dependabot[bot] in #8742
• Immediately replace a failed CT submission by @mcpherrinm in #8737
• Replace CA-enforcement for MaxNames with Custom Lint by @ezekiel in #8739
• build(deps): bump go.opentelemetry.io/otel from 1.40.0 to 1.41.0 by @dependabot[bot] in #8735
• when GOMEMLIMIT is set, write profiles by @jsha in #8743

Full Changelog: v0.20260428.0...v0.20260504.0

v0.20260428.0

What's Changed

• Supply authz ID in CAA rechecks by @aarongable in #8730
• Update go.mod to go1.26 by @aarongable in #8727
• db: remove IsNoRows by @jsha in #8733
• db: remove MockSQLExecutor by @jsha in #8731
• Add gauges for CRL size in bytes and num entries by @aarongable in #8720
• ca: rand.Read is infallible by @jsha in #8736
• sa: deprecate parallelismPerRPC by @jsha in #8728
• sa: check for sql.ErrNoRows on Get() by @jsha in #8732

Full Changelog: v0.20260420.0...v0.20260428.0

v0.20260420.0

What's Changed

• bump pkimetal to v1.41.0 and ignore new ctlint warning by @mcpherrinm in #8713
• observer: use new URL for AllCertificates by @jsha in #8718
• observer: use CCADB AllCertificates V5 URL by @jsha in #8719

Full Changelog: v0.20260413.0...v0.20260420.0