We’ve released ncdns v0.2.2. This release contains multiple bugfixes, in particular a patch to generate_nmc_cert that works around a CryptoAPI connectivity bug. We strongly recommend that all users upgrade. All domain owners who have TLS enabled will need to re-generate their TLS certificates and TLS records after upgrading.

Full changelog of what’s new since v0.2:

  • ncdns
    • Remove tlsrestrict_chromium_tool binary. (certinject should be used instead now.)
    • Code quality improvements.
  • generate_nmc_cert
    • Disable AIA over HTTPS. (No major TLS clients support it, and it was tickling a CryptoAPI connectivity bug. Thanks to mjgill89.)
    • Rebase against Go 1.17.
    • Code quality improvements.
  • ncp11
    • Temporarily suspend providing macOS binaries of ncp11. (macOS support for ncp11 will return after the ongoing p11mod refactor has completed.)
  • Windows installer
    • Support chain-installing and configuring Electrum-NMC.
    • Redesign Components dialogs.
    • Fix installation error on certain non-English locales, e.g. Swedish. (Thanks to Jonas Ostman.)
    • Warn users of Windows 7 and earlier. (ncdns hasn’t supported these EOL Windows versions for a while; users who are okay with security degradation will be able to bypass the warning and install anyway.)
    • Relicense under GPLv3+.
    • Remove non-freedom build dependency.
    • Code quality improvements.
  • Build system:
    • Downgrade to BIND 9.16 branch for Windows. (Upstream BIND has dropped Windows support in 9.17 branch.)
    • Relicense ncdns-repro under tor-browser-build license. (Thanks to Nicolas Vigier and Georg Koppen.)
    • Code quality improvements.
    • Bump dependencies:
      • tor-browser-build
      • gobtcd
      • godns
      • goisatty
      • gopretty
      • gotoml

As usual, you can download it at the Beta Downloads page.

This work was funded by NLnet Foundation’s Internet Hardening Fund.