1# CHANGELOG 2 3## Table of Contents 4 5* [v0.4.2](#v042) 6* [v0.4.1](#v041) 7* [v0.4.0](#v040) 8* [v0.3.0](#v030) 9* [v0.2.2](#v022) 10* [v0.2.1](#v021) 11* [v0.2.0](#v020) 12 13## v0.4.2 14 15- Log level of "suspicious query" changed to debug 16 17## v0.4.1 18 19- find_cert() should search in all certs, fixes #139. 20- filter_signed_certs() should converts serial to uint32_t before comparison. 21- --cert-file-expire-days supports 'd', 'h', 'm', 's' suffixes 22 23## v0.4.0 24 25- Use sodium_malloc() for the DNS query/response buffers 26- Fix stamp properties; add --nofilter 27- Only publish the most recent certificates 28- Include the signature in SignedCert 29- cache: do not forget to include the server PK in the hash computation 30- Implement a simple cache for shared keys 31- Add support for stamps (dnscrypt-proxy 2.x), and update the documentation 32- In key rotation, old certs should be provided too, see #109. 33- fixes #111, cert/key expires in 24 hours by default for safety see discussion: https://github.com/jedisct1/dnscrypt-proxy/issues/520 34- docs: suggest user to generate short-term key pairs and use key-rotation mechanism See #111. 35 36## v0.3.0 37 38- XChaCha20 supported 39- a lot of tests added 40- and many bug fixes and improvements 41 42## v0.2.2 43 44- remove GPLv2, release under the ISC license 45- update example secret key / cert, etc 46- fix compiler/linker flags handling 47 48## v0.2.1 49 50- Rename --provider-publickey-fingerprint to --show-provider-publickey-fingerprint. It's more conventional to use a verb if you want to do some action, like gen-provider-keypair. 51- Use TCP_QUICKACK instead of TCP_NODELAY if available (Linux 2.4.4+) See https://news.ycombinator.com/item?id=10608356 52- Send a short packet with TC set if the query_len < response_len 53- Support sending server cert over tcp 54- Use the certificate timestamp as a serial number instead of a fixed serial. 55- And some other minor fixes. 56 57## v0.2.0 58 59- Import argparse sources files directly. 60