Releases: sigstore/fulcio
Releases · sigstore/fulcio
v1.1.0
v1.1.0
This tag was signed with the committer’s verified signature.
haydentherapper
Hayden B
v1.1.0
Fulcio 1.1.0 adds support for Buildkite, supports running the HTTP and gRPC servers on the same port,
and fixes a few bugs in the GCP CA Service integration. Fulcio 1.1.0 updates Go to 1.20.
Enhancements
- Add Buildkite OIDC to Fulcio (#890)
- Update Fulcio to 1.20 (#989)
- Add in --duplex flag to run HTTP and GRPC servers on the same port (#931)
- Expose client options for google ca (#892)
Bug Fixes
- googleca: close certificate authority client when done (#930)
- Fix bugs in googleca and update flag description (#897)
- Fix pkcs11ca with no cgo compilation bug (#898)
Miscellaneous
- Add custom error logs when communicating with the CA backend (#966)
- Add new format for AKS OIDC issuer (#971)
- expose rpc options to add auth creds (#934)
- Refactor kmsca constructor to accept x509.Certificates (#917)
Contributors
- Bob Callaway
- Carlos Tadeu Panato Junior
- Harry Marr
- Hayden B
- Hector Fernandez
- Luke Hinds
- priyawadhwa
- Samuel Cochran
- William Woodruff
- Yoriyasu Yano
Full Changelog: v1.0.0...v1.1.0
v1.0.0
v1.0.0
This tag was signed with the committer’s verified signature.
haydentherapper
Hayden B
v1.0.0-rc.0
v1.0.0-rc.0
This tag was signed with the committer’s verified signature.
haydentherapper
Hayden B
What's Changed
- update previous releases and add notes for v0.6.0 by @cpanato in #806
- use same way to output version and expose build info to prometheus by @cpanato in #815
- Update swagger doc version for Fulcio 1.0 by @haydentherapper in #816
- Update CHANGELOG for v1.0.0-rc.0 by @haydentherapper in #818
Full Changelog: v0.6.0...v1.0.0-rc.0
Contributors
cpanato and haydentherapper
Assets 31
v0.6.0
What's Changed
- Update how-certificate-issuing-works.md by @haydentherapper in #755
- Export Fulcio extension OIDs by @wlynch in #761
- upgrade to go1.19 by @cpanato in #767
- Fix documentation link by @haydentherapper in #798
- Change username format, enforce identity format by @haydentherapper in #802
New Contributors
Full Changelog: v0.5.4...v0.6.0
Contributors
wlynch, cpanato, and haydentherapper
Assets 31
v0.5.4
Contributors
cpanato
Assets 31
v0.5.3
What's Changed
- Bump google.golang.org/api from 0.88.0 to 0.89.0 by @dependabot in #705
- Bump imjasonh/setup-ko from 0.4 to 0.5 by @dependabot in #704
- Bump golang from
9349ed8tof3d3d69by @dependabot in #707 - ✨ Enable Scorecard badge by @azeemshaikh38 in #706
- Bump google.golang.org/protobuf from 1.28.0 to 1.28.1 in /hack/tools by @dependabot in #712
- Bump golang from
f3d3d69to6e10f44by @dependabot in #708 - Bump google.golang.org/api from 0.89.0 to 0.90.0 by @dependabot in #711
- Bump github/codeql-action from 2.1.16 to 2.1.17 by @dependabot in #709
- Bump google.golang.org/protobuf from 1.28.0 to 1.28.1 by @dependabot in #710
- Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.11.0 to 2.11.1 by @dependabot in #714
- Bump golang from
6e10f44to8a62670by @dependabot in #713 - Bump golang from 1.18.4 to 1.18.5 by @dependabot in #717
- Update certificate issuance documentation by @haydentherapper in #702
- Bump google.golang.org/api from 0.90.0 to 0.91.0 by @dependabot in #720
- Add documentation for SCT formats by @haydentherapper in #718
- Bump github/codeql-action from 2.1.17 to 2.1.18 by @dependabot in #721
- Create certificate specification by @haydentherapper in #703
- Bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 by @dependabot in #725
- Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.11.1 to 2.11.2 by @dependabot in #724
- install protobuff 3.20.1 by @cpanato in #728
- Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.11.0 to 2.11.2 in /hack/tools by @dependabot in #726
- Bump go.uber.org/zap from 1.21.0 to 1.22.0 by @dependabot in #730
- Bump github.com/googleapis/api-linter from 1.33.2 to 1.33.3 in /hack/tools by @dependabot in #722
- Bump github.com/googleapis/api-linter from 1.33.3 to 1.34.0 in /hack/tools by @dependabot in #731
- fix example to explicitly set port for gRPC call by @bobcallaway in #732
- Bump google.golang.org/api from 0.91.0 to 0.92.0 by @dependabot in #733
- Bump go.step.sm/crypto from 0.17.0 to 0.17.1 by @dependabot in #737
- update github.com/google/tink/go to 1.7.0 and fix deprecation by @cpanato in #736
- address Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server by @cpanato in #735
- Bump go.step.sm/crypto from 0.17.1 to 0.17.2 by @dependabot in #742
- Bump google.golang.org/api from 0.92.0 to 0.93.0 by @dependabot in #741
- update builder and cosign images by @cpanato in #743
- Update scorecard-action to v2:alpha by @azeemshaikh38 in #746
- Bump actions/dependency-review-action from 2.0.4 to 2.1.0 by @dependabot in #744
- update changelog to add release v0.5.3 by @cpanato in #747
- Clean up unix socket by @pauldthomson in #739
- bump sigstore/sigstore from 1.3.1 to 1.4.0 by @k4leung4 in #745
New Contributors
- @azeemshaikh38 made their first contribution in #706
- @pauldthomson made their first contribution in #739
Full Changelog: v0.5.2...v0.5.3
Contributors
bobcallaway, cpanato, and 5 other contributors
Assets 31
v0.5.2
What's Changed
- Bump actions/setup-go from 3.2.0 to 3.2.1 by @dependabot in #677
- Bump github.com/prometheus/common from 0.35.0 to 0.36.0 by @dependabot in #678
- Bump cloud.google.com/go/security from 1.4.0 to 1.4.1 by @dependabot in #681
- Bump google.golang.org/api from 0.86.0 to 0.87.0 by @dependabot in #680
- Bump google.golang.org/grpc from 1.47.0 to 1.48.0 by @dependabot in #682
- Bump github.com/googleapis/api-linter from 1.33.1 to 1.33.2 in /hack/tools by @dependabot in #685
- Bump github/codeql-action from 2.1.15 to 2.1.16 by @dependabot in #684
- Bump golang from 1.18.3 to 1.18.4 by @dependabot in #683
- Bump github.com/prometheus/common from 0.36.0 to 0.37.0 by @dependabot in #687
- Bump actions/dependency-review-action from 2.0.2 to 2.0.4 by @dependabot in #686
- Bump go.step.sm/crypto from 0.16.2 to 0.17.0 by @dependabot in #688
- bump cosign to v1.9.0 by @bobcallaway in #692
- Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.10.3 to 2.11.0 by @dependabot in #695
- Bump google.golang.org/api from 0.87.0 to 0.88.0 by @dependabot in #694
- Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.10.3 to 2.11.0 in /hack/tools by @dependabot in #696
- [NFC] docs/oidc: mark code blocks as JSON, minor syntax fixes by @woodruffw in #697
- ensure GetTrustBundle returns array of strings instead of a single string with newlines by @bobcallaway in #690
- update go builder and cosign image by @cpanato in #700
- Add CHANGELOG for 0.5.2 by @haydentherapper in #701
New Contributors
- @woodruffw made their first contribution in #697
Full Changelog: v0.5.1...v0.5.2
Thanks to all contributors!
Contributors
bobcallaway, woodruffw, and 3 other contributors
Assets 31
v0.5.1
What's Changed
- Bump google.golang.org/api from 0.82.0 to 0.83.0 by @dependabot in #642
- Bump google.golang.org/api from 0.83.0 to 0.84.0 by @dependabot in #647
- Add interface for certs/signer fetching to remove mutex by @haydentherapper in #643
- change grpc response logger to debug level instead of error by @bobcallaway in #648
- Bump actions/dependency-review-action from 1.0.2 to 2.0.1 by @dependabot in #650
- Bump github.com/googleapis/api-linter from 1.32.1 to 1.32.2 in /hack/tools by @dependabot in #651
- Bump golang from
b203dc5to1c3d22fby @dependabot in #649 - Bump actions/dependency-review-action from 2.0.1 to 2.0.2 by @dependabot in #652
- Bump github.com/googleapis/api-linter from 1.32.2 to 1.32.3 in /hack/tools by @dependabot in #653
- Refactor in-memory signing CAs to use a single implementation by @haydentherapper in #644
- Bump github.com/prometheus/common from 0.34.0 to 0.35.0 by @dependabot in #655
- Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 by @dependabot in #658
- Bump google.golang.org/api from 0.84.0 to 0.85.0 by @dependabot in #657
- Bump github/codeql-action from 2.1.12 to 2.1.13 by @dependabot in #656
- Bump github/codeql-action from 2.1.13 to 2.1.14 by @dependabot in #659
- Bump golang from
1c3d22fto957001eby @dependabot in #660 - Bump golang from
957001etoa452d62by @dependabot in #661 - Bump ossf/scorecard-action from 1.1.1 to 1.1.2 by @dependabot in #662
- Add Tink signing backend by @haydentherapper in #645
- Bump google.golang.org/api from 0.85.0 to 0.86.0 by @dependabot in #664
- Bump github/codeql-action from 2.1.14 to 2.1.15 by @dependabot in #663
- generate OpenAPI documents from protobuf by @bobcallaway in #666
- add dependabot hack to monitor for new protoc releases by @bobcallaway in #667
- Bump github.com/googleapis/api-linter from 1.32.3 to 1.33.0 in /hack/tools by @dependabot in #669
- Bump github.com/spiffe/go-spiffe/v2 from 2.1.0 to 2.1.1 by @dependabot in #668
- Update sigstore to pull in fixes by @haydentherapper in #671
- Add CORS support to HTTP endpoint by @bobcallaway in #670
- pipe all log messages to stdout for dev logger by @bobcallaway in #673
- Bump github.com/googleapis/api-linter from 1.33.0 to 1.33.1 in /hack/tools by @dependabot in #674
- add changelog for v0.5.1 by @cpanato in #675
Full Changelog: v0.5.0...v0.5.1
Thanks for all contributors!
Contributors
bobcallaway, cpanato, and 2 other contributors
Assets 31
v0.5.0
v0.5.0
This tag was signed with the committer’s verified signature.
The key has expired.
cpanato
Carlos Tadeu Panato Junior
What's Changed
- Bump google.golang.org/api from 0.77.0 to 0.78.0 by @dependabot in #556
- Bump github.com/googleapis/api-linter from 1.31.1 to 1.31.2 in /hack/tools by @dependabot in #557
- Add new
IssuerandPrincipalabstractions by @nsmith5 in #558 - Add timeout to OIDC discovery by @nsmith5 in #560
- Refactor x509 extension embedding logic by @nsmith5 in #561
- Add client options testing by @nsmith5 in #562
- Bump google.golang.org/api from 0.78.0 to 0.79.0 by @dependabot in #566
- Bump github/codeql-action from 2.1.9 to 2.1.10 by @dependabot in #565
- update go to 1.17.10 by @cpanato in #567
- Remove unused
Subjectfield fromCodeSigningCertificateby @nsmith5 in #568 - Use GenerateSerialNumber from cryptoutils by @nsmith5 in #571
- Bump github.com/googleapis/api-linter from 1.31.2 to 1.32.0 in /hack/tools by @dependabot in #575
- Bump github.com/coreos/go-oidc/v3 from 3.1.0 to 3.2.0 by @dependabot in #574
- Update to use go1.18 by @cpanato in #576
- Small
carefactor by @nsmith5 in #569 - Bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 by @dependabot in #573
- Bump github/codeql-action from 75b4f1c4669133dc294b06c2794e969efa2e5316 to 2.1.10 by @dependabot in #572
- googleca: Don't log all identities by @nsmith5 in #577
- Consume
identity.Principalin CA abstraction by @nsmith5 in #570 - challenges: remove ParseCSR by @nsmith5 in #578
- identity: improve the documentation for Principal.Name() by @nsmith5 in #579
- Bump actions/dependency-review-action from 3f943b86c9a289f4e632c632695e2e0898d9d67d to 1 by @dependabot in #581
- Add some tests for challenges by @nsmith5 in #583
- Bump actions/setup-go from 3.0.0 to 3.1.0 by @dependabot in #582
- Bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 by @dependabot in #584
- Bump google.golang.org/grpc from 1.46.0 to 1.46.2 by @dependabot in #585
- Bump github.com/google/certificate-transparency-go from 1.1.2 to 1.1.3 by @dependabot in #586
- Skip tests that require network access with HERMETIC=true by @haydentherapper in #587
- Refactor challenge verification by @nsmith5 in #580
- Correct SPIFFE trust domain checking by @nsmith5 in #588
- Validate SPIFFE IDs and trust domains via library by @haydentherapper in #592
- Move domain validation checks for URI/Username to service startup by @haydentherapper in #590
- Bump google.golang.org/api from 0.79.0 to 0.80.0 by @dependabot in #595
- Bump go.step.sm/crypto from 0.16.1 to 0.16.2 by @dependabot in #594
- Bump github/codeql-action from 2.1.10 to 2.1.11 by @dependabot in #593
- Bump github.com/googleapis/api-linter from 1.32.0 to 1.32.1 in /hack/tools by @dependabot in #597
- cmd/app: remove dependency on deprecated github.com/pkg/errors by @zchee in #598
- Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.10.0 to 2.10.1 by @dependabot in #600
- Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.10.0 to 2.10.1 in /hack/tools by @dependabot in #601
- Added additional tests for CA implementations and OIDC by @haydentherapper in #602
- Bump actions/upload-artifact from 3.0.0 to 3.1.0 by @dependabot in #603
- Restict issuer claim mapping to email issuers by @nsmith5 in #606
- Add e2e test that tests IssuerClaim by @haydentherapper in #605
- Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.10.1 to 2.10.2 in /hack/tools by @dependabot in #611
- Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.10.1 to 2.10.2 by @dependabot in #610
- Bump actions/dependency-review-action from 1.0.1 to 1.0.2 by @dependabot in #609
- Bump google.golang.org/api from 0.80.0 to 0.81.0 by @dependabot in #614
- Bump cloud.google.com/go/security from 1.3.0 to 1.4.0 by @dependabot in #613
- Move github principal to its own package by @nsmith5 in #599
- Split pkg/server from pkg/api by @mtrmac in #616
- Bump ossf/scorecard-action from 1.0.4 to 1.1.0 by @dependabot in #618
- Update sigstore to pull in go-tuf security fixes by @haydentherapper in #617
- Move SPIFFE principal to its own package by @nsmith5 in #604
- Bump github.com/spf13/viper from 1.11.0 to 1.12.0 by @dependabot in #622
- Bump actions/setup-go from 3.1.0 to 3.2.0 by @dependabot in #621
- Move kubernetes principal to package by @nsmith5 in #619
- Bump gopkg.in/yaml.v3 from 3.0.0 to 3.0.1 by @dependabot in #623
- Make prometheus port configurable by @nsmith5 in #625
- Move email principal to package by @nsmith5 in #620
- Bump google.golang.org/grpc from 1.46.2 to 1.47.0 by @dependabot in #627
- Final challenge result removal 🎉 by @nsmith5 in #626
- Add API for fetching Fulcio configuration by @haydentherapper in #608
- Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.10.2 to 2.10.3 in /hack/tools by @dependabot in #633
- Bump golang from 1.18.2 to 1.18.3 by @dependabot in #628
- Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.10.2 to 2.10.3 by @dependabot in #632
- Bump google.golang.org/api from 0.81.0 to 0.82.0 by @dependabot in #631
- typo: Github -> GitHub by @imjasonh in #636
- update cross-builder image to use go1.18.3 by @cpanato in #635
- Bump ossf/scorecard-action from 1.1.0 to 1.1.1 by @dependabot in #630
- Bump github/codeql-action from 2.1.11 to 2.1.12 by @dependabot in #629
- Doc cleanup by @haydentherapper in #640
- add changelog for release v0.5.0 by @cpanato in #637
New Contributors
Full Changelog: v0.4.1...v0.5.0
Thanks for all contributors!
Contributors
imjasonh, cpanato, and 5 other contributors
Assets 31
v0.4.1
v0.4.1
This tag was signed with the committer’s verified signature.
The key has expired.
cpanato
Carlos Tadeu Panato Junior
What's Changed
- Bump google.golang.org/grpc from 1.45.0 to 1.46.0 by @dependabot in #541
- Bump github.com/googleapis/api-linter from 1.31.0 to 1.31.1 in /hack/tools by @dependabot in #546
- Bump github/codeql-action from 2.1.8 to 2.1.9 by @dependabot in #545
- Bump google.golang.org/api from 0.75.0 to 0.76.0 by @dependabot in #542
- Bump github.com/fsnotify/fsnotify from 1.5.3 to 1.5.4 by @dependabot in #543
- Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 by @dependabot in #544
- Add @haydentherapper to CODEOWNERS by @bobcallaway in #548
- Fix key usage for issued certificates by @haydentherapper in #549
- chore(deps): Included dependency review by @naveensrinivasan in #540
- Add note about the status of the legacy HTTP API. by @znewman01 in #531
- Bump google.golang.org/api from 0.76.0 to 0.77.0 by @dependabot in #552
- add changelog for 0.4.1 release by @cpanato in #553
- update go builder image and cosign image by @cpanato in #554
- fix the digest image by @cpanato in #555
Full Changelog: v0.4.0...v0.4.1
Thanks for all contributors!
Contributors
naveensrinivasan, znewman01, and 4 other contributors