Releases: in-toto/in-toto
Releases · in-toto/in-toto
v3.0.0
v3.0.0
This tag was signed with the committer’s verified signature.
The key has expired.
lukpueh
Lukas Pühringer
See CHANGELOG.md for details.
v2.3.0
v2.3.0
This tag was signed with the committer’s verified signature.
The key has expired.
lukpueh
Lukas Pühringer
See CHANGELOG.md for details.
v2.2.0
v2.2.0
This tag was signed with the committer’s verified signature.
The key has expired.
lukpueh
Lukas Pühringer
See CHANGELOG.md for details.
v2.1.1
v2.1.1
This tag was signed with the committer’s verified signature.
adityasaky
Aditya Sirish
v2.1.0
v2.1.0
This tag was signed with the committer’s verified signature.
adityasaky
Aditya Sirish
Added
- CLI argument to control command execution timeout (#605)
- ITE-4 resolver for directories ("dirHash", #590)
Changed
- Lint configuration (#602)
- Output stream cleanup to address flaky tests on Windows (#597)
- Layout expiry condition (#616)
- Dependency updates (#604, #607, #608, #609, #617, #618, #619, #620, #622,
#623)
Removed
- AppVeyor test configuration (#598)
v2.0.0
v2.0.0
This tag was signed with the committer’s verified signature.
adityasaky
Aditya Sirish
This release includes breaking changes such as the removal of the user_settings module and changes to exceptions raised during artifact recording. Additionally, it incorporates changes for issues captured in security advisories GHSA-p86f-xmg6-9q4x, GHSA-jjgp-whrp-gq8m, and GHSA-wc64-c5rv-32pf, the last of which has been assigned CVE-2023-32076.
Added
- Generic interface for ITE-4 resolvers (#584)
- ITE-4 resolver for OSTree repositories (#585)
- Warning when
--bitsis used with non RSA keys inin-toto-keygen(#588) - Support for GitHub's security reporting feature (#567)
- Tool to check local artifacts against in-toto link metadata
(#589, GHSA-p86f-xmg6-9q4x) - Testing in CI for Python 3.11 (#594)
Changed
- Recording of file hashes to use ITE-4 file resolver (#584)
- Exceptions returned to Python defaults when recording file artifacts (#592)
- Documentation about in-toto governance to reflect project changes (#591)
- Code style to use black + isort, includes update to codebase to conform (#593)
- Verification documentation to reflect how PGP trust model is used
(GHSA-jjgp-whrp-gq8m)
Removed
- Support for user_settings module that enabled configuring in-toto via RC files
and environment variables (GHSA-wc64-c5rv-32pf)
v1.4.0
v1.4.0
This tag was signed with the committer’s verified signature.
adityasaky
Aditya Sirish
v1.3.2
v1.3.2
This tag was signed with the committer’s verified signature.
The key has expired.
lukpueh
Lukas Pühringer
v1.3.1
v1.3.0
v1.3.0
This tag was signed with the committer’s verified signature.
The key has expired.
lukpueh
Lukas Pühringer
Added
- ECDSA key type in CLI (#520)
- Windows builds in GitHub Actions CI (#513)
- Dependabot version monitoring for GitHub Actions (#498)
Changed
- Build is now reproducible, thanks to hatchling (#490)
- Misc test updates (#487, #500, #529)
- Misc docs updates (#499, #512, #516, #515, #530)
Removed
- Obsolete test dependency (#521)