Skip to content
Permalink

Comparing changes

Choose two branches to see what’s changed or to start a new pull request. If you need to, you can also or learn more about diff comparisons.

Open a pull request

Create a new pull request by comparing changes across two branches. If you need to, you can also . Learn more about diff comparisons here.
base repository: letsencrypt/boulder
Failed to load repositories. Confirm that selected base ref is valid, then try again.
Loading
base: v0.20251118.0
Choose a base ref
...
head repository: letsencrypt/boulder
Failed to load repositories. Confirm that selected head ref is valid, then try again.
Loading
compare: v0.20251202.0
Choose a head ref
  • 9 commits
  • 123 files changed
  • 5 contributors

Commits on Nov 18, 2025

  1. sa: use dummy date instead of zero date (#8481) 

    Fixes #8466
    @jsha
    jsha authored Nov 18, 2025
    Configuration menu
    Copy the full SHA
    d0d89a7 View commit details
    Browse the repository at this point in the history

Commits on Nov 19, 2025

  1. borp/sa: Update borp to pass Transaction args through BoulderTypeConv… 

    …erter (#8494)

Today, timestamp truncation happens for queries using `*borp.DbMap` but
not `*borp.Transaction`. That means comparisons still see sub-seconds,
but inserts into MariaDB `DATETIME` columns silently truncate them to
whole seconds.

On MySQL 8, the same queries will still include sub-seconds, but inserts
into `DATETIME` columns will round to the nearest second instead of
truncate. This leads to issues for queries like the one in
`*StorageAuthority.UpdateCRLShard()`. When two CRL updaters write within
the same second one may be rounded up to the next second. When the other
updater attempts its own `UPDATE .. WHERE thisUpdate <= ?`, the
condition fails because the stored timestamp now appears to be in the
future.

Ahead of the transition from ProxySQL + MariaDB to Vitess + MySQL 8 in
#8468, update borp (letsencrypt/borp#12) to
expose Transaction arguments to the BoulderTypeConverter, allowing it to
truncate all timestamps passed through Transactions and keep behavior
consistent across `*borp.DbMap` and `*borp.Transaction`, as well as
MariaDB and MySQL 8.

Part of #7736
    @beautifulentropy
    beautifulentropy authored Nov 19, 2025
    Configuration menu
    Copy the full SHA
    1f6ec8c View commit details
    Browse the repository at this point in the history

Commits on Nov 21, 2025

  1. sfe: Keep loading intervals in sync with promise, fix wording (#8500) 

    Small comments to keep these three areas of our code in sync. Small fix
to wording; not all of our limits are for a 1 week period.
    @beautifulentropy
    beautifulentropy authored Nov 21, 2025
    Configuration menu
    Copy the full SHA
    eb6e612 View commit details
    Browse the repository at this point in the history

  2. sfe/redis: Add limiter config to SFE and cleanup creds (#8501) 

    Add limiter stanza to the SFE's config-next JSON. This should have
happened in [#8359](#8359).

Also, Cleanup our Redis credentials and secrets. These were a little
overly specific, especially now that we've dropped support for OCSP and
thus ROCSP. Instead, rely on a single `boulder` user with the same
permissions that each of the other users had.
    @beautifulentropy
    beautifulentropy authored Nov 21, 2025
    Configuration menu
    Copy the full SHA
    2076d74 View commit details
    Browse the repository at this point in the history

  3. Make CAA checking more like DCV checking (#8491) 

    If the primary perspective CAA check returns an error, return early
rather than always kicking off the remote checks anyway.

As part of this change, rearrange the code in DoCAA to more closely
mirror the code in DoDCV. In particular, move the creation of the result
protobuf into a helper function which can be called at both the
early-return and late-return locations.
    @aarongable
    aarongable authored Nov 21, 2025
    Configuration menu
    Copy the full SHA
    16fbe27 View commit details
    Browse the repository at this point in the history

Commits on Nov 22, 2025

  1. Update Public Suffix List to v0.50.1 (#8495) 

    This brings in several new public suffixes under the Bangladesh (.bd)
ccTLD.

Also transitively update various golang.org/x/ packages.

Fixes #8492
    @aarongable
    aarongable authored Nov 22, 2025
    Configuration menu
    Copy the full SHA
    b0b718c View commit details
    Browse the repository at this point in the history

  2. sa: Stop injecting max_statement_time and long_query_time into DSNs (#… 

    …8490)
    @beautifulentropy
    beautifulentropy authored Nov 22, 2025
    Configuration menu
    Copy the full SHA
    9564684 View commit details
    Browse the repository at this point in the history

Commits on Dec 1, 2025

  1. Remove dead code (#8506) 

    This started with noticing the semaphore package (forked for use in
OCSP) was dead.

That followed by using the golang `deadcode` tool and Goland's various
"Unused ..." inspection tools to find other dead code.

Nothing in here looks like it would be used externally to Boulder, as
far as I can tell.
    @mcpherrinm
    mcpherrinm authored Dec 1, 2025
    Configuration menu
    Copy the full SHA
    981a78a View commit details
    Browse the repository at this point in the history

  2. build(deps): bump github/codeql-action from 3 to 4 (#8507) 

    Bumps https://github.com/github/codeql-action from v3 to v4.

Context: https://github.blog/changelog/2025-10-28-upcoming-deprecation-of-codeql-action-v3/
    @dependabot
    dependabot[bot] authored Dec 1, 2025
    Configuration menu
    Copy the full SHA
    01eee61 View commit details
    Browse the repository at this point in the history
Loading