-
Notifications
You must be signed in to change notification settings - Fork 8
Release Notes v2.155
Stable release (2026-05-10). Auto-renewal UI, PostgreSQL migration recovery, LAN-friendly rate limiting, and master-key backup safeguards.
Smoke-tested 6/6 on SQLite and PostgreSQL across Debian (DEB), RHEL/Fedora (RPM), and Docker.
For the previous releases see Release Notes v2.154 and the full CHANGELOG.
- Auto-renewal settings UI — configure global renewal threshold, retry policy, scheduler interval, and per-CA overrides from Settings.
-
Master-key backup — one-time download of master key with confirmation modal. Docker declares
/etc/ucmas VOLUME for persistence. - PostgreSQL migration recovery — migrations 029–034 were silently skipped on PostgreSQL. Migration 035 reconciles the schema.
- LAN rate-limit bypass — RFC1918/loopback IPs bypass rate limiting by default (UCM is LAN-deployed).
Dedicated section in Settings page to configure automatic certificate renewal:
| Setting | Description |
|---|---|
auto_renewal_enabled |
Global on/off toggle |
auto_renewal_days |
Renew certificates N days before expiry |
auto_renewal_sources |
Whitelist sources: scep, acme, est, manual, webui, api
|
auto_renewal_notify_emails |
Email addresses for renewal notifications |
auto_renewal_notify_on_renewal |
Notify on successful renewal |
auto_renewal_notify_on_failure |
Notify on renewal failure |
GET /api/v2/settings/auto-renewal — Get current settings
PATCH /api/v2/settings/auto-renewal — Update settings
POST /api/v2/settings/auto-renewal/run — Trigger manual renewal run (requires admin:settings)
GET /api/v2/system/security/master-key/download — Download master key as attachment (admin:system, audited)
POST /api/v2/system/security/enable-encryption now returns the master key inline (one-time) with backup_required: true.
- "Back Up Master Key" action in Settings → Security when key is file-sourced
- Confirmation modal forces download + acknowledgment before dismissal
- Returns 409 when key is supplied via environment variable (operator must back up out-of-band)
-
DockerfiledeclaresVOLUME ["/etc/ucm", "/opt/ucm/data"] -
/etc/ucmholdsmaster.key— the symmetric key for all encrypted private keys in DB - If container is recreated without this volume bind-mounted, ALL encrypted keys become unrecoverable
Migrations 029, 031, 032, 033, 034 were missing pg_compatible = True and were silently marked "applied" on PostgreSQL without executing, leaving the schema out of sync with the models.
- All migrations 029–034 now have
pg_compatible = Trueand proper dual-backend logic - New migration
035_reconcile_pg_schema.pyreconciles any PG instances that booted on a SQLite-only release - Migration runner now FAILS HARD on missing
pg_compatiblefor migrations ≥ 020
| # | Description |
|---|---|
| 029 | Encrypt ACME account keys |
| 031 | ACME client accounts table |
| 032 | CA HSM key unique (no-op, healed by 035) |
| 033 | ACME authz order_id nullable |
| 034 | CA offline columns |
- RFC1918, loopback and link-local IPs bypass rate limiting by default (
RATE_LIMIT_TRUST_LAN=true) - Standard tier raised from 300/min → 600/min and 60 burst → 100 burst
- Auth tier: 30 rpm / 10 burst
- Configurable via
RATE_LIMIT_TRUST_LAN,RATE_LIMIT_STANDARD_RPM,RATE_LIMIT_STANDARD_BURSTin/etc/ucm/ucm.env
UCM is a LAN-deployed PKI. Private subnets are the primary use case, not an attack vector. The previous limits caused false positives on busy on-prem deployments.
Migration 035_reconcile_pg_schema.py (reconciles 029–034 on PostgreSQL). No new columns.
Drop-in replacement for v2.154. One migration (035) runs automatically at first boot.
-
Docker Hub:
docker pull neyslim/ultimate-ca-manager:2.155 -
DEB:
wget https://github.com/NeySlim/ultimate-ca-manager/releases/download/v2.155/ucm_2.155_all.deb -
RPM:
wget https://github.com/NeySlim/ultimate-ca-manager/releases/download/v2.155/ucm-2.155-1.fc43.noarch.rpm