Version of OpenDNSSEC has now been released.


  • Support for RFC5011 style KSK rollovers. KSK section in the KASP now accepts element.
  • Enforcer: New repository option allows to generate keys with CKA_EXTRACTABLE attribute set to TRUE so keys can be wrapped and extracted from HSM.


  • SUPPORT-145: EOF handling an ARM architecture caused signer to hang.
  • Fixed signer hitting assertion on short reply XFR handler.
  • Include revoke bit in keytag calculation.
  • Increased stacksize on some systems (thanks Patrik Lundin!).
  • Stop ods-signerd on SIGINT.


  • By error 1.4.8 did not include database migration scripts for upgrading existing installations. resolves this issue.


Comments are closed.