Skip to content

Release Notes v2.143

Jump to bottom
NeySlim edited this page May 3, 2026 · 1 revision

Release Notes — v2.143

Stable hotfix release (2026-05-03). Two fixes targeting PostgreSQL deployments and ACME proxy key storage.

For the previous release see Release Notes v2.141 → v2.142 and the full CHANGELOG.

[2.143] - 2026-05-03

Fixed

  • PostgreSQL migration runner crashed on startup (#103, #104). When a pending migration written for the legacy Engine interface was applied, _run_pending_pg() blew up. It now opens a single transactional Connection via engine.begin() and passes it to mod.upgrade(conn), matching the SQLite path and the migration module signatures. Without this fix, fresh PostgreSQL deployments couldn't boot past first start, and existing PG instances couldn't apply any future migration. SQLite deployments were not affected.
  • ACME proxy account private key was stored in plaintext in system_config (#105). It is now encrypted at rest with the application key via encrypt_private_key() / decrypt_private_key(). Existing plaintext keys are migrated transparently on first read — no manual action required.
  • KeyEncryption.decrypt() no longer raises binascii.Error on PEM-formatted input that was never encrypted in the first place. The probe now isolates base64 detection from Fernet decryption, so legacy plaintext keys round-trip cleanly through the new ACME proxy decrypt path.

Changed

  • Cross-target release validation now covers PostgreSQL in addition to SQLite for every supported package (DEB, RPM, Docker). The PostgreSQL backend is now part of the mandatory pre-release smoke matrix because the #103 regression only manifested on PostgreSQL and would have shipped silently against a SQLite-only matrix.

Upgrade notes

  • Docker (SQLite)docker pull neyslim/ultimate-ca-manager:2.143 (or :latest).
  • Docker (PostgreSQL) — same image. Set DATABASE_URL=postgresql://user:pass@host:5432/dbname in the environment.
  • DEBwget https://github.com/NeySlim/ultimate-ca-manager/releases/download/v2.143/ucm_2.143_all.deb && sudo dpkg -i ucm_2.143_all.deb.
  • RPMwget https://github.com/NeySlim/ultimate-ca-manager/releases/download/v2.143/ucm-2.143-1.fc43.noarch.rpm && sudo dnf install ./ucm-2.143-1.fc43.noarch.rpm.

Operator-visible behaviour changes

  1. PostgreSQL deployments on v2.142 — strongly recommended to upgrade. The next migration shipped after v2.142 would have failed to apply on PG; v2.143 unblocks future migrations on PG instances.
  2. ACME proxy key migration — on first read after upgrade, an existing plaintext ACME proxy account key is re-encrypted at rest. The migration is one-way and transparent; nothing to do on the operator side.

No database schema migration is introduced by v2.143 itself.

Clone this wiki locally