Releases: google/certificate-transparency-go
v1.3.0
What's Changed
CTFE Storage Saving: Extra Data Issuance Chain Deduplication
This feature now supports PostgreSQL, in addition to the support for MySQL/MariaDB that was added in v1.2.0.
Log operators can choose to enable this feature for new PostgreSQL-based CT logs by adding new CTFE configs in the LogMultiConfig and importing the database schema. The other available options are documented in the v1.2.0 changelog entry.
This change is tested in Cloud Build tests using the postgres:17
Docker image as of the time of writing.
- Add IssuanceChainStorage PostgreSQL implementation by @robstradling in #1618
Misc
- [Dependabot] Update all docker images in one PR by @mhutchinson in #1614
- Explicitly include version tag by @mhutchinson in #1617
- Add empty cloudbuild_postgresql.yaml by @roger2hk in #1623
Dependency update
- Bump the all-deps group with 4 updates by @dependabot in #1609
- Bump golang from 1.23.2-bookworm to 1.23.3-bookworm in /internal/witness/cmd/feeder in the all-deps group by @dependabot in #1611
- Bump github/codeql-action from 3.27.0 to 3.27.1 in the all-deps group by @dependabot in #1610
- Bump golang from 1.23.2-bookworm to 1.23.3-bookworm in /trillian/examples/deployment/docker/ctfe in the all-deps group by @dependabot in #1612
- Bump github.com/golang-jwt/jwt/v4 from 4.5.0 to 4.5.1 in the go_modules group by @dependabot in #1613
- Bump the docker-deps group across 3 directories with 2 updates by @dependabot in #1616
- Bump github/codeql-action from 3.27.1 to 3.27.2 in the all-deps group by @dependabot in #1615
- Bump the docker-deps group across 4 directories with 2 updates by @dependabot in #1622
- Bump github/codeql-action from 3.27.2 to 3.27.4 in the all-deps group by @dependabot in #1620
- Bump the all-deps group with 4 updates by @dependabot in #1621
- Bump github.com/google/trillian from 1.6.1 to 1.7.0 in the all-deps group by @dependabot in #1624
- Bump github/codeql-action from 3.27.4 to 3.27.5 in the all-deps group by @dependabot in #1625
Full Changelog: v1.2.2...v1.3.0
v1.2.2
What's Changed
- Recommended Go version for development: 1.22
- Using a different version can lead to presubmits failing due to unexpected diffs.
Add TLS Support
Add TLS support for Trillian: By using --trillian_tls_ca_cert_file
flag, users can provide a CA certificate, that is used to establish a secure communication with Trillian log server.
Add TLS support for ct_server: By using --tls_certificate
and --tls_key
flags, users can provide a service certificate and key, that enables the server to handle HTTPS requests.
- Add TLS support for CTLog server by @fghanmi in #1523
- Add TLS support for migrillian by @fghanmi in #1525
- fix TLS configuration for ct_server by @fghanmi in #1542
- Add Trillian TLS support for ct_server by @fghanmi in #1551
HTTP Idle Connection Timeout Flag
A new flag http_idle_timeout
is added to set the HTTP server's idle timeout value in the ct_server binary. This controls the maximum amount of time to wait for the next request when keep-alives are enabled.
- add flag for HTTP idle connection timeout value by @bobcallaway in #1597
Misc
- Refactor issuance chain service by @mhutchinson in #1512
- Use the version in the go.mod file for vuln checks by @mhutchinson in #1528
Fixes
Dependency update
- Bump go.etcd.io/etcd/v3 from 3.5.13 to 3.5.14 by @dependabot in #1500
- Bump github/codeql-action from 3.25.6 to 3.25.7 by @dependabot in #1501
- Bump golang.org/x/net from 0.25.0 to 0.26.0 by @dependabot in #1503
- Group dependabot updates as much as possible by @mhutchinson in #1506
- Bump golang from 1.22.3-bookworm to 1.22.4-bookworm in /internal/witness/cmd/witness in the all-deps group by @dependabot in #1507
- Bump the all-deps group with 2 updates by @dependabot in #1511
- Bump golang from 1.22.3-bookworm to 1.22.4-bookworm in /trillian/examples/deployment/docker/ctfe in the all-deps group by @dependabot in #1510
- Bump golang from 1.22.3-bookworm to 1.22.4-bookworm in /integration in the all-deps group by @dependabot in #1509
- Bump golang from 1.22.3-bookworm to 1.22.4-bookworm in /internal/witness/cmd/feeder in the all-deps group by @dependabot in #1508
- Bump the all-deps group with 3 updates by @dependabot in #1516
- Bump golang from
aec4784
to9678844
in /internal/witness/cmd/witness in the all-deps group by @dependabot in #1518 - Bump alpine from 3.19 to 3.20 in /trillian/examples/deployment/docker/envsubst by @dependabot in #1492
- Bump golang from
aec4784
to9678844
in /internal/witness/cmd/feeder in the all-deps group by @dependabot in #1517 - Bump golang from
aec4784
to9678844
in /trillian/examples/deployment/docker/ctfe in the all-deps group by @dependabot in #1513 - Bump the all-deps group with 2 updates by @dependabot in #1515
- Bump golang from
aec4784
to9678844
in /integration in the all-deps group by @dependabot in #1514 - Bump alpine from
77726ef
tob89d9c9
in /trillian/examples/deployment/docker/envsubst in the all-deps group by @dependabot in #1519 - Bump k8s.io/klog/v2 from 2.130.0 to 2.130.1 in the all-deps group by @dependabot in #1521
- Bump alpine from
77726ef
tob89d9c9
in /internal/witness/cmd/feeder in the all-deps group by @dependabot in #1520 - Bump github/codeql-action from 3.25.10 to 3.25.11 in the all-deps group by @dependabot in #1526
- Bump version of go used by the vuln checker by @mhutchinson in #1527
- Bump the all-deps group with 3 updates by @dependabot in #1530
- Bump golang from 1.22.4-bookworm to 1.22.5-bookworm in /internal/witness/cmd/feeder in the all-deps group by @dependabot in #1531
- Bump golang from 1.22.4-bookworm to 1.22.5-bookworm in /internal/witness/cmd/witness in the all-deps group by @dependabot in #1532
- Bump the all-deps group in /trillian/examples/deployment/docker/ctfe with 2 updates by @dependabot in #1533
- Bump actions/upload-artifact from 4.3.3 to 4.3.4 in the all-deps group by @dependabot in #1534
- Bump golang from 1.22.4-bookworm to 1.22.5-bookworm in /integration in the all-deps group by @dependabot in #1535
- Bump the all-deps group with 2 updates by @dependabot in #1536
- Bump github/codeql-action from 3.25.12 to 3.25.13 in the all-deps group by @dependabot in #1538
- Bump the all-deps group with 3 updates by @dependabot in #1537
- Bump the all-deps group with 2 updates by @dependabot in #1543
- Bump golang from
6c27802
toaf9b40f
in /trillian/examples/deployment/docker/ctfe in the all-deps group by @dependabot in #1544 - Bump golang from
6c27802
toaf9b40f
in /internal/witness/cmd/witness in the all-deps group by @dependabot in #1548 - Bump golang from
6c27802
toaf9b40f
in /integration in the all-deps group by @dependabot in #1547 - Bump alpine from
b89d9c9
to0a4eaa0
in /trillian/examples/deployment/docker/envsubst in the all-deps group by @dependabot in #1546 - Bump the all-deps group in /internal/witness/cmd/feeder with 2 updates by @dependabot in #1545
- Bump the all-deps group with 2 updates by @dependabot in #1549
- Bump golang.org/x/time from 0.5.0 to 0.6.0 in the all-deps group by @dependabot in #1550
- Bump golang from 1.22.5-bookworm to 1.22.6-bookworm in /internal/witness/cmd/feeder in the all-deps group by @dependabot in #1552
- Bump golang from 1.22.5-bookworm to 1.22.6-bookworm in /trillian/examples/deployment/docker/ctfe in the all-deps group by @dependabot in #1553
- Bump golang from 1.22.5-bookworm to 1.22.6-bookworm in /integration in the all-deps group by @dependabot in #1554
- Bump the all-deps group with 2 updates by @dependabot in #1555
- Bump the all-deps group with 2 updates by @dependabot in #1556
- Bump golang from 1.22.5-bookworm to 1.22.6-bookworm in /internal/witness/cmd/witness in the all-deps group by @dependabot in #1557
- Bump github.com/prometheus/client_golang from 1.19.1 to 1.20.0 in the all-deps group by @dependabot in #1559
- Bump github/codeql-action from 3.26.0 to 3.26.3 in the all-deps group by @dependabot in #1561
- Bump golang from 1.22.6-bookworm to 1.23.0-bookworm in /internal/witness/cmd/witness in the all-deps group by @dependabot in #1558
- Bump golang from 1.22.6-bookworm to 1.23.0-bookworm in /internal/witness/cmd/feeder in the all-deps group by @dependabot in #1563
- Bump golang from 1.22.6-bookworm to 1.23.0-bookworm in /trillian/examples/deployment/docker/ctfe in the all-deps group by @dependabot in #1560
- Bump golang from 1.22.6-bookworm to 1.23.0-bookworm in /integration in the all-deps group by @dependabot in #1562
- Bump go version t...
v1.2.1
What's Changed
Fixes
Dependency update
- Bump google.golang.org/grpc from 1.63.2 to 1.64.0 by @dependabot in #1482
Full Changelog: v1.2.0...v1.2.1
v1.2.0
What's Changed
CTFE Storage Saving: Extra Data Issuance Chain Deduplication
To reduce CT/Trillian database storage by deduplication of the entire issuance chain (intermediate certificate(s) and root certificate) that is currently stored in the Trillian merkle tree leaf ExtraData field. Storage cost should be reduced by at least 33% for new CT logs with this feature enabled. Currently only MySQL/MariaDB is supported to store the issuance chain in the CTFE database.
Existing logs are not affected by this change.
Log operators can choose to opt-in this change for new CT logs by adding new CTFE configs in the LogMultiConfig and importing the database schema. See example.
ctfe_storage_connection_string
extra_data_issuance_chain_storage_backend
An optional LRU cache can be enabled by providing the following flags.
cache_type
cache_size
cache_ttl
This change is tested in Cloud Build tests using the mysql:8.4
Docker image as of the time of writing.
- Add issuance chain storage interface by @roger2hk in #1430
- Add issuance chain cache interface by @roger2hk in #1431
- Add CTFE extra data storage saving configs to config.proto by @roger2hk in #1432
- Add new types
PrecertChainEntryHash
andCertificateChainHash
for TLS marshal/unmarshal in storage saving by @roger2hk in #1435 - Add IssuanceChainCache LRU implementation by @roger2hk in #1454
- Add issuance chain service by @roger2hk in #1452
- Add CTFE extra data storage saving configs validation by @roger2hk in #1456
- Add IssuanceChainStorage MySQL implementation by @roger2hk in #1462
- Fix errcheck lint in mysql test by @roger2hk in #1464
- CTFE Extra Data Issuance Chain Deduplication by @roger2hk in #1477
- Fix incorrect deployment doc and server config by @roger2hk in #1494
Submission proxy: Root compatibility checking
Fixes
- Return 429 Too Many Requests for gRPC error code
ResourceExhausted
from Trillian by @roger2hk in #1401 - Safeguard against redirects on PUT request by @mhutchinson in #1418
- Fix CT client upload to be safe against no-op POSTs by @mhutchinson in #1424
Misc
- Prefix errors.New variables with the word "Err" by @aaomidi in #1399
- Remove lint exceptions and fix remaining issues by @silaselisha in #1438
- Fix invalid Go toolchain version by @roger2hk in #1471
- Regenerate proto files by @roger2hk in #1489
Dependency update
- Bump distroless/base-debian12 from
5eae9ef
to28a7f1f
in /trillian/examples/deployment/docker/ctfe by @dependabot in #1388 - Bump github/codeql-action from 3.24.6 to 3.24.7 by @dependabot in #1389
- Bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #1390
- Bump golang from
6699d28
to7f9c058
in /integration by @dependabot in #1391 - Bump golang from
6699d28
to7f9c058
in /trillian/examples/deployment/docker/ctfe by @dependabot in #1392 - Bump golang from
6699d28
to7a392a2
in /internal/witness/cmd/witness by @dependabot in #1393 - Bump golang from
6699d28
to7a392a2
in /internal/witness/cmd/feeder by @dependabot in #1394 - Bump golang from
7a392a2
tod996c64
in /internal/witness/cmd/witness by @dependabot in #1395 - Bump golang from
7f9c058
tod996c64
in /trillian/examples/deployment/docker/ctfe by @dependabot in #1396 - Bump golang from
7a392a2
tod996c64
in /internal/witness/cmd/feeder by @dependabot in #1397 - Bump golang from
7f9c058
tod996c64
in /integration by @dependabot in #1398 - Bump github/codeql-action from 3.24.7 to 3.24.8 by @dependabot in #1400
- Bump github/codeql-action from 3.24.8 to 3.24.9 by @dependabot in #1402
- Bump go.etcd.io/etcd/v3 from 3.5.12 to 3.5.13 by @dependabot in #1405
- Bump distroless/base-debian12 from
28a7f1f
to611d30d
in /trillian/examples/deployment/docker/ctfe by @dependabot in #1406 - Bump golang from 1.22.1-bookworm to 1.22.2-bookworm in /trillian/examples/deployment/docker/ctfe by @dependabot in #1407
- Bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in #1408
- update govulncheck go version from 1.21.8 to 1.21.9 by @phbnf in #1412
- Bump golang from 1.22.1-bookworm to 1.22.2-bookworm in /integration by @dependabot in #1409
- Bump golang from 1.22.1-bookworm to 1.22.2-bookworm in /internal/witness/cmd/witness by @dependabot in #1410
- Bump golang.org/x/crypto from 0.21.0 to 0.22.0 by @dependabot in #1414
- Bump golang from 1.22.1-bookworm to 1.22.2-bookworm in /internal/witness/cmd/feeder by @dependabot in #1411
- Bump github/codeql-action from 3.24.9 to 3.24.10 by @dependabot in #1415
- Bump golang.org/x/net from 0.23.0 to 0.24.0 by @dependabot in #1416
- Bump google.golang.org/grpc from 1.62.1 to 1.63.2 by @dependabot in #1417
- Bump github.com/fullstorydev/grpcurl from 1.8.9 to 1.9.1 by @dependabot in #1419
- Bump golang from
48b942a
to3451eec
in /integration by @dependabot in #1421 - Bump golang from
48b942a
to3451eec
in /trillian/examples/deployment/docker/ctfe by @dependabot in #1423 - Bump golang from
48b942a
to3451eec
in /internal/witness/cmd/witness by @dependabot in #1420 - Bump golang from
3451eec
tob03f3ba
in /integration by @dependabot in #1426 - Bump golang from
3451eec
tob03f3ba
in /trillian/examples/deployment/docker/ctfe by @dependabot in #1425 - Bump golang from
48b942a
to3451eec
in /internal/witness/cmd/feeder by @dependabot in #1422 - Bump golang from
3451eec
tob03f3ba
in /internal/witness/cmd/witness by @dependabot in #1427 - Bump golang from
3451eec
tob03f3ba
in /internal/witness/cmd/feeder by @dependabot in #1428 - Bump github/codeql-action from 3.24.10 to 3.25.0 by @dependabot in #1433
- Bump github/codeql-action from 3.25.0 to 3.25.1 by @dependabot in #1434
- Bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in #1436
- Bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #1437
- Bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in #1440
- Bump github/codeql-action from 3.25.1 to 3.25.2 by @dependabot in #1441
- Bump golang from
b03f3ba
tod0902ba
in /internal/witness/cmd/feeder by @dependabot in #1444 - Bump golang from
b03f3ba
tod0902ba
in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github...
v1.1.8
What's Changed
- Recommended Go version for development: 1.21
- Using a different version can lead to presubmits failing due to unexpected diffs.
Monitoring
Add support for AIX
Fixes
- Use the appropriate HTTP response code for backend timeouts by @robstradling in #1313
Misc
- Move golangci-lint from Cloud Build to GitHub Action by @roger2hk in #1230
- Set golangci-lint GH action timeout to 5m by @roger2hk in #1231
- Added Slack channel details by @mhutchinson in #1246
- Improve fuzzing by @AdamKorcz in #1345
Dependency update
- Bump golang from
20f9ab5
to5ee1296
in /trillian/examples/deployment/docker/ctfe by @dependabot in #1216 - Bump golang from
20f9ab5
to5ee1296
in /internal/witness/cmd/witness by @dependabot in #1217 - Bump golang from
20f9ab5
to5ee1296
in /internal/witness/cmd/feeder by @dependabot in #1218 - Bump k8s.io/klog/v2 from 2.100.1 to 2.110.1 by @dependabot in #1219
- Bump golang from
20f9ab5
to5ee1296
in /integration by @dependabot in #1220 - Bump golang from
5ee1296
to5bafbbb
in /integration by @dependabot in #1221 - Bump golang from
5ee1296
to5bafbbb
in /internal/witness/cmd/feeder by @dependabot in #1222 - Bump golang from
5ee1296
to5bafbbb
in /internal/witness/cmd/witness by @dependabot in #1223 - Bump golang from
5ee1296
to5bafbbb
in /trillian/examples/deployment/docker/ctfe by @dependabot in #1224 - Update the minimal image to gcr.io/distroless/base-debian12 by @roger2hk in #1148
- Bump jq from 1.6 to 1.7 by @roger2hk in #1225
- Bump github.com/spf13/cobra from 1.7.0 to 1.8.0 by @dependabot in #1226
- Bump golang.org/x/time from 0.3.0 to 0.4.0 by @dependabot in #1227
- Bump github.com/mattn/go-sqlite3 from 1.14.17 to 1.14.18 by @dependabot in #1228
- Bump github.com/gorilla/mux from 1.8.0 to 1.8.1 by @dependabot in #1229
- Bump golang from 1.21.3-bookworm to 1.21.4-bookworm in /trillian/examples/deployment/docker/ctfe by @dependabot in #1232
- Bump golang from 1.21.3-bookworm to 1.21.4-bookworm in /internal/witness/cmd/witness by @dependabot in #1233
- Bump golang from 1.21.3-bookworm to 1.21.4-bookworm in /integration by @dependabot in #1234
- Bump golang from 1.21.3-bookworm to 1.21.4-bookworm in /internal/witness/cmd/feeder by @dependabot in #1235
- Bump go-version-input from 1.20.10 to 1.20.11 in govulncheck.yml by @roger2hk in #1238
- Bump golang.org/x/net from 0.17.0 to 0.18.0 by @dependabot in #1236
- Bump github/codeql-action from 2.22.5 to 2.22.6 by @dependabot in #1240
- Bump github/codeql-action from 2.22.6 to 2.22.7 by @dependabot in #1241
- Bump golang from
85aacbe
todadce81
in /integration by @dependabot in #1243 - Bump golang from
85aacbe
todadce81
in /internal/witness/cmd/feeder by @dependabot in #1242 - Bump golang from
85aacbe
todadce81
in /trillian/examples/deployment/docker/ctfe by @dependabot in #1244 - Bump golang from
85aacbe
todadce81
in /internal/witness/cmd/witness by @dependabot in #1245 - Bump golang from
dadce81
to52362e2
in /internal/witness/cmd/witness by @dependabot in #1247 - Bump golang from
dadce81
to52362e2
in /integration by @dependabot in #1248 - Bump golang from
dadce81
to52362e2
in /trillian/examples/deployment/docker/ctfe by @dependabot in #1249 - Bump golang from
dadce81
to52362e2
in /internal/witness/cmd/feeder by @dependabot in #1250 - Bump github/codeql-action from 2.22.7 to 2.22.8 by @dependabot in #1251
- Bump golang.org/x/net from 0.18.0 to 0.19.0 by @dependabot in #1252
- Bump golang.org/x/time from 0.4.0 to 0.5.0 by @dependabot in #1254
- Bump alpine from
eece025
to34871e7
in /internal/witness/cmd/feeder by @dependabot in #1256 - Bump alpine from
eece025
to34871e7
in /trillian/examples/deployment/docker/envsubst by @dependabot in #1257 - Bump go-version-input from 1.20.11 to 1.20.12 in govulncheck.yml by @roger2hk in #1264
- Bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot in #1261
- Bump golang from 1.21.4-bookworm to 1.21.5-bookworm in /internal/witness/cmd/witness by @dependabot in #1259
- Bump golang from 1.21.4-bookworm to 1.21.5-bookworm in /integration by @dependabot in #1263
- Bump golang from 1.21.4-bookworm to 1.21.5-bookworm in /internal/witness/cmd/feeder by @dependabot in #1262
- Bump golang from 1.21.4-bookworm to 1.21.5-bookworm in /trillian/examples/deployment/docker/ctfe by @dependabot in #1260
- Bump go.etcd.io/etcd/v3 from 3.5.10 to 3.5.11 by @dependabot in #1266
- Bump github/codeql-action from 2.22.8 to 2.22.9 by @dependabot in #1269
- Bump alpine from
34871e7
to51b6726
in /internal/witness/cmd/feeder by @dependabot in #1270 - Bump alpine from 3.18 to 3.19 in /trillian/examples/deployment/docker/envsubst by @dependabot in #1271
- Bump golang from
a6b787c
to2d3b13c
in /internal/witness/cmd/feeder by @dependabot in #1272 - Bump golang from
a6b787c
to2d3b13c
in /internal/witness/cmd/witness by @dependabot in #1273 - Bump golang from
a6b787c
to2d3b13c
in /integration by @dependabot in #1274 - Bump golang from
a6b787c
to2d3b13c
in /trillian/examples/deployment/docker/ctfe by @dependabot in #1275 - Bump github/codeql-action from 2.22.9 to 2.22.10 by @dependabot in #1278
- Bump google.golang.org/grpc from 1.59.0 to 1.60.0 by @dependabot in #1279
- Bump github/codeql-action from 2.22.10 to 3.22.11 by @dependabot in #1280
- Bump distroless/base-debian12 from
1dfdb5e
to8a0bb63
in /trillian/examples/deployment/docker/ctfe by @dependabot in #1281 - Bump github.com/google/trillian from 1.5.3 to 1.5.4-0.20240110091238-00ca9abe023d by @mhutchinson in #1297
- Bump actions/upload-artifact from 3.1.3 to 4.0.0 by @dependabot in #1282
- Bump github/codeql-action from 3.22.11 to 3.23.0 by @dependabot in #1295
- Bump github.com/mattn/go-sqlite3 from 1.14.18 to 1.14.19 by @dependabot in #1283
- Bump golang from 1.21.5-bookworm to 1.21.6-bookworm in /integration by @dependabot in #1300
- Bump d...
v1.1.7
What's Changed
-
Recommended Go version for development: 1.20
- This is the version used by the Cloud Build presubmits. Using a different version can lead to presubmits failing due to unexpected diffs.
-
Bump golangci-lint from 1.51.1 to 1.55.1 (developers should update to this version).
Add support for WASI port
Add support for IBM Z operating system z/OS
- Add build tags for zOS by @onlywork1984 in #1088
Log List
Documentation
Misc
- Escape forward slashes in certificate Subject names when used as user quota id strings by @robstradling in #1059
- Search whole chain looking for issuer match by @mhutchinson in #1112
- Use proper check per @AGWA instead of buggy check introduced in #1112 by @mhutchinson in #1114
- Build the ctfe/ct_server binary without depending on glibc by @roger2hk in #1119
- Migrate CTFE Ingress manifest to support GKE version 1.23 by @roger2hk in #1086
- Remove Dependabot ignore configuration by @roger2hk in #1097
- Add "github-actions" and "docker" Dependabot config by @roger2hk in #1101
- Add top level permission in CodeQL workflow by @roger2hk in #1102
- Pin Docker image dependencies by @roger2hk in #1110
- Remove GO111MODULE from Dockerfile and Cloud Build yaml files by @roger2hk in #1113
- Add docker Dependabot config by @roger2hk in #1126
- Export is_mirror = 0.0 for non mirror instead of nothing by @phbnf in #1133
- Add govulncheck GitHub action by @roger2hk in #1145
- Spelling by @jsoref in #1144
Dependency update
- Bump Go from 1.19 to 1.20 by @roger2hk in #1146
- Bump golangci-lint from 1.51.1 to 1.55.1 by @roger2hk in #1214
- Bump go.etcd.io/etcd/v3 from 3.5.8 to 3.5.9 by @dependabot in #1083
- Bump golang.org/x/crypto from 0.8.0 to 0.9.0 by @dependabot in #108
- Bump github.com/mattn/go-sqlite3 from 1.14.16 to 1.14.17 by @dependabot in #1092
- Bump golang.org/x/net from 0.10.0 to 0.11.0 by @dependabot in #1094
- Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 by @dependabot in #1098
- Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 by @dependabot in #1099
- Bump golang.org/x/net from 0.11.0 to 0.12.0 by @dependabot in #1108
- Bump actions/checkout from 3.1.0 to 3.5.3 by @dependabot in #1103
- Bump github/codeql-action from 2.1.27 to 2.20.3 by @dependabot in #1104
- Bump ossf/scorecard-action from 2.0.6 to 2.2.0 by @dependabot in #1105
- Bump actions/upload-artifact from 3.1.0 to 3.1.2 by @dependabot in #1106
- Bump github/codeql-action from 2.20.3 to 2.20.4 by @dependabot in #1115
- Bump github/codeql-action from 2.20.4 to 2.21.0 by @dependabot in #1117
- Bump golang.org/x/net from 0.12.0 to 0.14.0 by @dependabot in #1124
- Bump github/codeql-action from 2.21.0 to 2.21.2 by @dependabot in #1121
- Bump github/codeql-action from 2.21.2 to 2.21.4 by @dependabot in #1125
- Bump golang from
fd9306e
toeb3f9ac
in /integration by @dependabot in #1127 - Bump alpine from 3.8 to 3.18 in /trillian/examples/deployment/docker/envsubst by @dependabot in #1129
- Bump golang from
fd9306e
toeb3f9ac
in /trillian/examples/deployment/docker/ctfe by @dependabot in #1128 - Bump alpine from
82d1e9d
to7144f7b
in /internal/witness/cmd/feeder by @dependabot in #1130 - Bump golang from
fd9306e
toeb3f9ac
in /internal/witness/cmd/witness by @dependabot in #1131 - Bump golang from 1.19-alpine to 1.21-alpine in /internal/witness/cmd/feeder by @dependabot in #1132
- Bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in #1134
- Bump github/codeql-action from 2.21.4 to 2.21.5 by @dependabot in #1135
- Bump distroless/base from
73deaaf
to46c5b9b
in /trillian/examples/deployment/docker/ctfe by @dependabot in #1136 - Bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot in #1137
- Bump golang.org/x/net from 0.14.0 to 0.15.0 by @dependabot in #1139
- Bump github.com/rs/cors from 1.9.0 to 1.10.0 by @dependabot in #1140
- Bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in #1141
- Bump golang from
445f340
to96634e5
in /internal/witness/cmd/feeder by @dependabot in #1142 - Bump github/codeql-action from 2.21.5 to 2.21.6 by @dependabot in #1149
- Bump Docker golang base images to 1.21.1 by @roger2hk in #1147
- Bump github/codeql-action from 2.21.6 to 2.21.7 by @dependabot in #1150
- Bump github/codeql-action from 2.21.7 to 2.21.8 by @dependabot in #1152
- Bump golang from
d3114db
toa0b3bc4
in /internal/witness/cmd/feeder by @dependabot in #1155 - Bump golang from
d3114db
toa0b3bc4
in /internal/witness/cmd/witness by @dependabot in #1157 - Bump golang from
d3114db
toa0b3bc4
in /integration by @dependabot in #1156 - Bump golang from
d3114db
toa0b3bc4
in /trillian/examples/deployment/docker/ctfe by @dependabot in #1158 - Bump golang from
e06b3a4
to114b9cc
in /integration by @dependabot in #1159 - Bump golang from
a0b3bc4
to114b9cc
in /internal/witness/cmd/feeder by @dependabot in #1160 - Bump golang from
a0b3bc4
to114b9cc
in /internal/witness/cmd/witness by @dependabot in #1161 - Bump actions/checkout from 4.0.0 to 4.1.0 by @dependabot in #1162
- Bump golang from
114b9cc
to9c7ea4a
in /internal/witness/cmd/feeder by @dependabot in #1163 - Bump golang from
114b9cc
to9c7ea4a
in /integration by @dependabot in #1166 - Bump golang from
114b9cc
to9c7ea4a
in /trillian/examples/deployment/docker/ctfe by @dependabot in #1165 - Bump golang from
114b9cc
to9c7ea4a
in /internal/witness/cmd/witness by @dependabot in #1164 - Bump github/codeql-action from 2.21.8 to 2.21.9 by @dependabot in #1169
- Bump golang from
9c7ea4a
to61f84bc
in /integration by @dependabot in #1168 - Bump github.com/prometheus/client_golang from 1.16.0 to 1.17.0 by @dependabot in #1...
v1.1.6
What's Changed
Deployments
- Update manual deploy docs by @AlCutter in #1061
- Docker compose config for demo CTFE by @mhutchinson in #1062
- Add command for starting ctfe to ManualDeploy doc by @AlCutter in #1069
Repo config
- Update and rename scorecards.yml to scorecard.yml by @AlCutter in #1068
- Enable all linters for ct-go by @mhutchinson in #1064
Dependency update
- Bump k8s.io/klog/v2 from 2.90.1 to 2.100.1 by @dependabot in #1066
- Bump golang.org/x/net from 0.9.0 to 0.10.0 by @dependabot in #1070
- Bump github.com/transparency-dev/merkle from 0.0.1 to 0.0.2 by @dependabot in #1071
- Bump github.com/google/trillian to v1.5.2 by @phbnf in #1072
Misc
Full Changelog: v1.1.5...v1.1.6
v1.1.5
Key management
- If a public key has been configured for a log, check that it is consistent with the private key by @robstradling in #1044
- Don't allow the same private key to be used by more than one configured log by @robstradling in #1046
Log list
- Remove v2 log list package files by @roger2hk in #1004
- Delete v1 and v2 log list testdata by @roger2hk in #1003
- Fix broken tests due to deleted v1 log list in testdata by @roger2hk in #1007
Vulnerability management
- Replace Travis build status with CodeQL workflow in README.md by @roger2hk in #1057
- Create codeql.yml by @AlCutter in #996
- Fix CodeQL warnings by @AlCutter in #997
- Configure OSSF scorecard security scanner by @AlCutter in #995
- Pin GitHub actions to git hashes by @AlCutter in #1005
Fixes
- client/ctclient: Fix doubled https in --log_name by @acohn in #990
- Fix typo in comment by @AlCutter in #1013
- Fix the missing exit code when go test is failed in presubmit script by @roger2hk in #1008
- [Scanner] Retry on errors fetching updated STHs by @AlCutter in #1022
- Fix go gen race condition in Cloud Build for master branch by @roger2hk in #1024
- Remove flaky ratelimiter by @roger2hk in #1015
Cleanups
- Update CHANGELOG.md for v1.1.3 and v1.1.4 releases by @roger2hk in #991
- Clean up Travis related content by @roger2hk in #1058
- Add missing package docs by @AlCutter in #1012
- Regenerate proto go files with protoc by @roger2hk in #1010
- Downgrade fetcher logging to verbose 1 by @mhutchinson in #1031
- Send CloudBuild logs to logging bucket by @AlCutter in #998
- Revert exclude package-comments in golangci-lint by @roger2hk in #1011
- Add Go 1.20 Compatibility by @roger2hk in #1035
Dependency updates
- Bump github.com/spf13/cobra from 1.6.0 to 1.6.1 by @dependabot in #992
- Bump github.com/mattn/go-sqlite3 from 1.14.15 to 1.14.16 by @dependabot in #993
- Bump go.etcd.io/etcd/v3 from 3.5.5 to 3.5.6 by @dependabot in #1001
- Upgrade golangci-lint from 1.48.0 to 1.50.1 by @roger2hk in #1006
- Update the version of golangci-lint and protoc in README.md by @roger2hk in #1009
- Update to Trillian v1.5.1 by @AlCutter in #1014
- Bump golang.org/x/net from 0.3.0 to 0.4.0 by @dependabot in #1016
- Bump github.com/rs/cors from 1.8.2 to 1.8.3 by @dependabot in #1018
- Bump Go version from 1.17 to 1.19 by @roger2hk in #1017
- Bump golang.org/x/crypto from 0.4.0 to 0.5.0 by @dependabot in #1020
- Bump golang.org/x/net from 0.5.0 to 0.7.0 by @dependabot in #1036
- Bump k8s.io/klog/v2 from 2.80.1 to 2.90.0 by @dependabot in #1025
- Bump github.com/sergi/go-diff from 1.2.0 to 1.3.1 by @dependabot in #1023
- Bump go.etcd.io/etcd/v3 from 3.5.6 to 3.5.7 by @dependabot in #1026
- Bump golang.org/x/crypto from 0.5.0 to 0.6.0 by @dependabot in #1034
- Bump golang.org/x/time from 0.0.0-20220922220347-f3bd1da661af to 0.3.0 by @dependabot in #1038
- Bump golang.org/x/crypto from 0.6.0 to 0.7.0 by @dependabot in #1040
- Bump k8s.io/klog/v2 from 2.90.0 to 2.90.1 by @dependabot in #1041
- Bump github.com/spf13/cobra from 1.6.1 to 1.7.0 by @dependabot in #1050
- Bump golang.org/x/crypto from 0.7.0 to 0.8.0 by @dependabot in #1048
- Bump github.com/rs/cors from 1.8.3 to 1.9.0 by @dependabot in #1052
- Bumped etcd deps from v3.5.7 to v3.5.8 by @mhutchinson in #1055
New Contributors
- @acohn made their first contribution in #990
- @robstradling made their first contribution in #1044
Full Changelog: v1.1.4...v1.1.5
v1.1.4
Log list
- Update to use the loglist v3 schema everywhere by @aarongable in #925
- Cleanup log list v1 dependencies by @roger2hk in #977
Logging
- Switch from glog to klog by @jdolitsky in #962
- Log test output with glog. by @phbnf in #944
- Capture variables in tests and add logging. by @phbnf in #942
Cleanup
- Format code using gofmt with Go version 1.18.1 by @roger2hk in #930
- Format code according to go1.19rc2 by @mhutchinson in #961
- Remove vendor code section in README.md by @roger2hk in #934
- Replace deprecated golint with revive by @roger2hk in #931
- Migrate off of deprecated ioutil by @AlCutter in #969
- Moved tools.go to its own directory to be consistent with other repos by @mhutchinson in #938
- Removed some GOPATH stuff that pre-dates go module usage by @mhutchinson in #949
- Removed references to etcdiscover tool by @mhutchinson in #948
- Skip consistency check when root is size zero by @hickford in #960
Misc
- Add test leaf template with serverAuth EKU by @pavelkalinnikov in #893
- Fix S1039: unnecessary use of fmt.Sprintf in presubmit lint messages by @roger2hk in #932
- Update Go version and remove log list v1, v2 in README.md by @roger2hk in #979
- Add missing license header by @AlCutter in #970
- Downgrade 429 errors to verbosity 2 (#957) by @mhutchinson in #963
- Update to testdata.SampleLogList3 in distributor_test.go by @roger2hk in #966
- Update linter, fix errors, delete travis config by @mhutchinson in #940
- Add CODEOWNERS with default team assignment by @AlCutter in #939
Dependency updates
- Bump gopkg.in/yaml.v3 from 3.0.0 to 3.0.1 by @dependabot in #943
- Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 by @dependabot in #952
- Bump go from 1.16 to 1.17 in go.mod by @roger2hk in #953
- Bump github.com/google/trillian from 1.4.1 to 1.4.2 by @dependabot in #959
- Bump github.com/fullstorydev/grpcurl from 1.8.6 to 1.8.7 by @dependabot in #965
- Update Trillian to 0a389c4 by @AlCutter in #968
- Update golangci-lint to latest (v1.48.0) by @AlCutter in #971
- Bump github.com/mattn/go-sqlite3 from 1.14.10 to 1.14.15 by @dependabot in #973
- Bump k8s.io/klog/v2 from 2.70.1 to 2.80.0 by @dependabot in #976
- Bump github.com/google/go-cmp from 0.5.8 to 0.5.9 by @dependabot in #981
- Bump k8s.io/klog/v2 from 2.80.0 to 2.80.1 by @dependabot in #980
- Bump go.etcd.io/etcd/etcdctl/v3 from 3.5.4 to 3.5.5 by @dependabot in #984
- Bump go.etcd.io/etcd/v3 from 3.5.4 to 3.5.5 by @dependabot in #982
- Bump github.com/spf13/cobra from 1.5.0 to 1.6.0 by @dependabot in #987
- Upgrade gopkg.in/yaml.v2 to gopkg.in/yaml.v3 by @roger2hk in #937
Full Changelog: v1.1.3...v1.1.4
v1.1.3
New features
- #867: Add package for (un)marshalling the loglist3 schema
- #927: Add readonly logs mode to CTFE configuration
- Add experimental (not exported from the Go module) implementation of CT witness. Running witnesses by multiple independent organisations allows detecting and preventing split-view attacks.
Improvements / bug fixes
- #852: migrillian: Return error if context was canceled
- #896: jsonclient: retry POSTs after getting HTTP 429
- #901: ctclient: Use Cobra library for command-line tools
- #920: Set
is_master
metric to 0 for when starting up - #928: Do not print context canceled errors
Slightly breaking changes
- #881: Terminate hammer early if the context is cancelled
- #903, #921: Move PEMCertPool from CTFE package to x509util
Dependency updates
- Switch Merkle tree code to use github.com/transparency-dev/merkle@v0.0.1 [#874, ..., #924]
- Trillian: v1.4.0 -> v1.4.1 [#924]
- Replace juju/ratelimit with x/time/rate [#800]
- protoc: v3.12.4 -> v3.20.1 [#923]
- github.com/fullstorydev/grpcurl: 1.8.2->1.8.6 [#860, #891]
- github.com/google/go-cmp: 0.5.6->0.5.8 [#879, #917]
- github.com/mattn/go-sqlite3: 1.14.8->1.14.10 [#873]
- github.com/rs/cors: 1.8.0->1.8.2 [#872]
- go.etcd.io/etcd/v3: 3.5.0->3.5.4 [#859, #887, #913]
- google.golang.org/grpc: v1.40.0 -> v1.46.0 [#914]
Full Changelog: v1.1.2...v1.1.3