Release 2.18.0.

CHANGELOG.rst

@@ -4,6 +4,40 @@ Community Crypto Release Notes
 
 .. contents:: Topics
 
+v2.18.0
+=======
+
+Release Summary
+---------------
+
+Bugfix and feature release.
+
+Minor Changes
+-------------
+
+- x509_crl - the new option ``serial_numbers`` allow to configure in which format serial numbers can be provided to ``revoked_certificates[].serial_number``. The default is as integers (``serial_numbers=integer``) for backwards compatibility; setting ``serial_numbers=hex-octets`` allows to specify colon-separated hex octet strings like ``00:11:22:FF`` (https://github.com/ansible-collections/community.crypto/issues/687, https://github.com/ansible-collections/community.crypto/pull/715).
+
+Deprecated Features
+-------------------
+
+- openssl_csr_pipe, openssl_privatekey_pipe, x509_certificate_pipe - the current behavior of check mode is deprecated and will change in community.crypto 3.0.0. The current behavior is similar to the modules without ``_pipe``: if the object needs to be (re-)generated, only the ``changed`` status is set, but the object is not updated. From community.crypto 3.0.0 on, the modules will ignore check mode and always act as if check mode is not active. This behavior can already achieved now by adding ``check_mode: false`` to the task. If you think this breaks your use-case of this module, please `create an issue in the community.crypto repository <https://github.com/ansible-collections/community.crypto/issues/new/choose>`__ (https://github.com/ansible-collections/community.crypto/issues/712, https://github.com/ansible-collections/community.crypto/pull/714).
+
+Bugfixes
+--------
+
+- luks_device - fixed module a bug that prevented using ``remove_keyslot`` with the value ``0`` (https://github.com/ansible-collections/community.crypto/pull/710).
+- luks_device - fixed module falsely outputting ``changed=false`` when trying to add a new slot with a key that is already present in another slot. The module now rejects adding keys that are already present in another slot (https://github.com/ansible-collections/community.crypto/pull/710).
+- luks_device - fixed testing of LUKS passphrases in when specifying a keyslot for cryptsetup version 2.0.3. The output of this cryptsetup version slightly differs from later versions (https://github.com/ansible-collections/community.crypto/pull/710).
+
+New Plugins
+-----------
+
+Filter
+~~~~~~
+
+- parse_serial - Convert a serial number as a colon-separated list of hex numbers to an integer
+- to_serial - Convert an integer to a colon-separated list of hex numbers
+
 v2.17.1
 =======
 

changelogs/changelog.yaml

@@ -1007,6 +1007,51 @@ releases:
     - 701-private_key_info-consistency.yml
     - 705-openssl_privatekey_info-consistency.yml
     release_date: '2024-01-27'
+  2.18.0:
+    changes:
+      bugfixes:
+      - luks_device - fixed module a bug that prevented using ``remove_keyslot`` with
+        the value ``0`` (https://github.com/ansible-collections/community.crypto/pull/710).
+      - luks_device - fixed module falsely outputting ``changed=false`` when trying
+        to add a new slot with a key that is already present in another slot. The
+        module now rejects adding keys that are already present in another slot (https://github.com/ansible-collections/community.crypto/pull/710).
+      - luks_device - fixed testing of LUKS passphrases in when specifying a keyslot
+        for cryptsetup version 2.0.3. The output of this cryptsetup version slightly
+        differs from later versions (https://github.com/ansible-collections/community.crypto/pull/710).
+      deprecated_features:
+      - 'openssl_csr_pipe, openssl_privatekey_pipe, x509_certificate_pipe - the current
+        behavior of check mode is deprecated and will change in community.crypto 3.0.0.
+        The current behavior is similar to the modules without ``_pipe``: if the object
+        needs to be (re-)generated, only the ``changed`` status is set, but the object
+        is not updated. From community.crypto 3.0.0 on, the modules will ignore check
+        mode and always act as if check mode is not active. This behavior can already
+        achieved now by adding ``check_mode: false`` to the task. If you think this
+        breaks your use-case of this module, please `create an issue in the community.crypto
+        repository <https://github.com/ansible-collections/community.crypto/issues/new/choose>`__
+        (https://github.com/ansible-collections/community.crypto/issues/712, https://github.com/ansible-collections/community.crypto/pull/714).'
+      minor_changes:
+      - x509_crl - the new option ``serial_numbers`` allow to configure in which format
+        serial numbers can be provided to ``revoked_certificates[].serial_number``.
+        The default is as integers (``serial_numbers=integer``) for backwards compatibility;
+        setting ``serial_numbers=hex-octets`` allows to specify colon-separated hex
+        octet strings like ``00:11:22:FF`` (https://github.com/ansible-collections/community.crypto/issues/687,
+        https://github.com/ansible-collections/community.crypto/pull/715).
+      release_summary: Bugfix and feature release.
+    fragments:
+    - 2.18.0.yml
+    - 710-luks_device-keyslot-fixes.yml
+    - 714-pipe-check-mode-deprecation.yml
+    - 715-x509_crl-serial.yml
+    plugins:
+      filter:
+      - description: Convert a serial number as a colon-separated list of hex numbers
+          to an integer
+        name: parse_serial
+        namespace: null
+      - description: Convert an integer to a colon-separated list of hex numbers
+        name: to_serial
+        namespace: null
+    release_date: '2024-02-25'
   2.2.0:
     changes:
       bugfixes: