Skip to content

Releases: sigstore/timestamp-authority

v1.2.3

25 Sep 14:04
b3b3209
Compare
Choose a tag to compare

What's Changed

  • Bump go.step.sm/crypto from 0.43.0 to 0.43.1 by @dependabot in #639
  • Bump actions/dependency-review-action from 4.1.0 to 4.1.1 by @dependabot in #640
  • Bump actions/dependency-review-action from 4.1.1 to 4.1.2 by @dependabot in #641
  • Bump go.uber.org/zap from 1.26.0 to 1.27.0 by @dependabot in #643
  • Bump actions/dependency-review-action from 4.1.2 to 4.1.3 by @dependabot in #642
  • Don't mark hash argument as required. by @kommendorkapten in #644
  • Bump codecov/codecov-action from 4.0.1 to 4.1.0 by @dependabot in #646
  • Bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 by @dependabot in #652
  • Bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.1 to 1.8.2 by @dependabot in #648
  • Bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.1 to 1.8.2 by @dependabot in #649
  • Bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.1 to 1.8.2 by @dependabot in #650
  • Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.1 to 1.8.2 by @dependabot in #651
  • Bump github.com/sigstore/sigstore from 1.8.1 to 1.8.2 by @dependabot in #653
  • Bump github.com/go-openapi/strfmt from 0.22.0 to 0.22.1 by @dependabot in #654
  • Bump github.com/go-openapi/spec from 0.20.14 to 0.20.15 by @dependabot in #656
  • Bump github.com/go-openapi/loads from 0.21.5 to 0.21.6 by @dependabot in #657
  • Bump github.com/go-playground/validator/v10 from 10.18.0 to 10.19.0 by @dependabot in #660
  • Bump actions/cache from 4.0.0 to 4.0.1 by @dependabot in #655
  • Bump golang.org/x/net from 0.21.0 to 0.22.0 by @dependabot in #662
  • Bump github.com/go-openapi/runtime from 0.27.1 to 0.27.2 by @dependabot in #661
  • Bump github.com/golang/protobuf from 1.5.3 to 1.5.4 by @dependabot in #663
  • Bump google.golang.org/protobuf from 1.32.0 to 1.33.0 by @dependabot in #664
  • Bump anchore/sbom-action from 0.15.8 to 0.15.9 by @dependabot in #666
  • Bump github.com/go-jose/go-jose/v3 from 3.0.2 to 3.0.3 by @dependabot in #668
  • Bump gopkg.in/go-jose/go-jose.v2 from 2.6.1 to 2.6.3 by @dependabot in #667
  • Bump github.com/go-openapi/runtime from 0.27.2 to 0.28.0 by @dependabot in #673
  • Bump actions/checkout from 4.1.1 to 4.1.2 by @dependabot in #674
  • Bump cloud.google.com/go/security from 1.15.5 to 1.15.6 by @dependabot in #675
  • Bump go.step.sm/crypto from 0.43.1 to 0.44.0 by @dependabot in #677
  • Bump go.step.sm/crypto from 0.44.0 to 0.44.1 by @dependabot in #681
  • Bump actions/dependency-review-action from 4.1.3 to 4.2.3 by @dependabot in #678
  • Bump dependabot/fetch-metadata from 1.6.0 to 2.0.0 by @dependabot in #680
  • Bump slsa-framework/slsa-github-generator from 1.9.0 to 1.10.0 by @dependabot in #679
  • Bump actions/cache from 4.0.1 to 4.0.2 by @dependabot in #676
  • Bump actions/dependency-review-action from 4.2.3 to 4.2.4 by @dependabot in #682
  • Bump actions/dependency-review-action from 4.2.4 to 4.2.5 by @dependabot in #683
  • Bump anchore/sbom-action from 0.15.9 to 0.15.10 by @dependabot in #684
  • Bump codecov/codecov-action from 4.1.0 to 4.1.1 by @dependabot in #685
  • Bump go.step.sm/crypto from 0.44.1 to 0.44.2 by @dependabot in #686
  • Bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.8.2 to 1.8.3 by @dependabot in #691
  • Bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.8.2 to 1.8.3 by @dependabot in #687
  • Bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.8.2 to 1.8.3 by @dependabot in #688
  • Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.8.2 to 1.8.3 by @dependabot in #689
  • Bump github.com/sigstore/sigstore from 1.8.2 to 1.8.3 by @dependabot in #690
  • Bump sigs.k8s.io/release-utils from 0.7.7 to 0.8.0 by @dependabot in #692
  • Bump codecov/codecov-action from 4.1.1 to 4.2.0 by @dependabot in #695
  • Bump golang.org/x/net from 0.22.0 to 0.23.0 by @dependabot in #693
  • Bump golang.org/x/net from 0.23.0 to 0.24.0 by @dependabot in #696
  • Bump sigs.k8s.io/release-utils from 0.8.0 to 0.8.1 by @dependabot in #697
  • Bump codecov/codecov-action from 4.2.0 to 4.3.0 by @dependabot in #698
  • Bump go.step.sm/crypto from 0.44.2 to 0.44.3 by @dependabot in #699
  • Bump sigstore/cosign-installer from 3.4.0 to 3.5.0 by @dependabot in #700
  • Bump go.step.sm/crypto from 0.44.3 to 0.44.5 by @dependabot in #702
  • Bump cloud.google.com/go/security from 1.15.6 to 1.16.0 by @dependabot in #701
  • Bump go.step.sm/crypto from 0.44.5 to 0.44.6 by @dependabot in #703
  • Bump actions/upload-artifact from 4.3.1 to 4.3.2 by @dependabot in #704
  • Bump actions/checkout from 4.1.2 to 4.1.3 by @dependabot in #705
  • Bump actions/upload-artifact from 4.3.2 to 4.3.3 by @dependabot in #706
  • Bump go.step.sm/crypto from 0.44.6 to 0.44.7 by @dependabot in #708
  • Bump github.com/rs/cors from 1.10.1 to 1.11.0 by @dependabot in #709
  • Bump actions/checkout from 4.1.3 to 4.1.4 by @dependabot in #712
  • Bump dependabot/fetch-metadata from 2.0.0 to 2.1.0 by @dependabot in #711
  • Bump golangci/golangci-lint-action from 4.0.0 to 5.0.0 by @dependabot in #710
  • Bump go.step.sm/crypto from 0.44.7 to 0.44.8 by @dependabot in #714
  • Bump anchore/sbom-action from 0.15.10 to 0.15.11 by @dependabot in #713
  • Bump golangci/golangci-lint-action from 5.0.0 to 5.1.0 by @dependabot in #715
  • Bump actions/dependency-review-action from 4.2.5 to 4.3.1 by @dependabot in #716
  • Bump github.com/go-playground/validator/v10 from 10.19.0 to 10.20.0 by @dependabot in #717
  • Bump google.golang.org/protobuf from 1.33.0 to 1.34.0 by @dependabot in #718
  • Bump actions/dependency-review-action from 4.3.1 to 4.3.2 by @dependabot in #719
  • Bump codecov/codecov-action from 4.3.0 to 4.3.1 by @dependabot in #720
  • Bump cloud.google.com/go/security from 1.16.0 to 1.16.1 by @dependabot in #721
  • Bump github.com/beevik/ntp from 1.3.1 to 1.4.1 by @dependabot in #724
  • Bump actions/setup-go from 5.0.0 to 5.0.1 by @dependabot in #723
  • Bump slsa-framework/slsa-github-generator from 1.10.0 to 2.0.0 by @dependabot in #707
  • Bump golangci/golangci-lint-action from 5.1.0 to 5.3.0 by @dependabot in http...
Read more

v1.2.2

14 Feb 22:39
v1.2.2
afe1113
Compare
Choose a tag to compare

v1.2.2

Changes

Bug fixes

  • Go checksum database error on installation due to deleting a tag

Misc

  • Dependabot updates

v1.2.1

05 Jan 21:29
v1.2.1
81cbb69
Compare
Choose a tag to compare

v1.2.1

v1.2.1 includes a minor bug fix to set the SignedData version value
in a timestamp response as per the RFC.

Changes

Bug Fixes

  • Bump digitorus/timestamp version to pick up RFC correctness fix (#584)

v1.2.0

11 Oct 23:24
v1.2.0
c21da35
Compare
Choose a tag to compare

v1.2.0

v1.2.0 is based on Go 1.21.3.

Changes

Enhancements

  • Support other hash algs for pre-signed timestamp besides SHA256 (#488)
  • new http-ping-only flag for 'timestamp-server serve' (#474)

Bug Fixes

  • Fix bug where TSA signing fails if cert hash != content hash. (#465)

Misc

  • expand README on Cloud KMS deployment (#476)
  • upgrade to Go1.21 (#471)

Contributors

  • Billy Lynch
  • Carlos Tadeu Panato Junior
  • Dmitry Savintsev
  • Hayden B

v1.1.2

22 Aug 23:22
0fe7ba8
Compare
Choose a tag to compare

Changelog

1.1.2 fixes a signing related hash function bug and a typo.

Changes

Bug Fixes

  • Fix hash function hardcoding bug by updating dependency (#452)

Misc

  • Fix typo in OpenAPI spec (#419)
  • Update GoReleaser flag (#356)

Contributors

  • Carlos Tadeu Panato Junior
  • Dmitry Savintsev
  • Meredith Lancaster

Full Changelog: v1.1.1...v1.1.2

v1.1.1

08 May 22:51
b0478be
Compare
Choose a tag to compare

Changelog

1.1.1 fixes a bug in the JSON format timestamp request code.

Changes

Bug Fixes

  • Update how the JSON body is parsed (#343)

Contributors

  • Meredith Lancaster

Full Changelog: v1.1.0...v1.1.1

v1.1.0

01 May 21:32
565dd4d
Compare
Choose a tag to compare

Changelog

1.1.0 now supports making timestamp requests in JSON format in addition to DER encoded format.

Changes

Enhancements

  • Support timestamp requests in JSON format (#247)

Misc

  • Fix typo in README (#294)

Contributors

  • Andrea Cosentino
  • Meredith Lancaster

Full Changelog: v1.0.0...v1.1.0

v1.0.0

21 Mar 20:33
v1.0.0
cc3551a
Compare
Choose a tag to compare

Changelog

1.0 release of the timestamp authority. Thank you to all of the contributors!

v1.0.0-rc.1

06 Mar 23:53
v1.0.0-rc.1
57d8ad5
Compare
Choose a tag to compare

1.0.0-rc.1

Note: This is a prerelease for 1.0. Please try it out and file issues!

Changes

  • Upgrade to go 1.20.1 (#245)

Documentation

Contributors

  • Carlos Tadeu Panato Junior
  • Hayden B
  • Meredith Lancaster

v1.0.0-rc.0

24 Jan 21:03
v1.0.0-rc.0
6f396cb
Compare
Choose a tag to compare

Changelog

SLSA provenance is now uploaded with each release. Use slsa-verifier to verify the release.

Misc

  • Mock NTP client (#217)

Contributors

  • Carlos Tadeu Panato Junior
  • Hayden B
  • Meredith Lancaster

Full Changelog: v0.2.1...v1.0.0-rc.0