Releases: sigstore/fulcio
Releases · sigstore/fulcio
v1.4.3
v1.4.2
Changelog
- c5f47ca changelog for v1.4.2 release (#1408)
- b5a341b update builder image to use go1.21.3 (#1407)
- d6a7c4d Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#1405)
- 036a40b Bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#1404)
- 120c90e Bump golang from 1.21.2 to 1.21.3 (#1406)
- 3faed9b Bump go.step.sm/crypto from 0.35.1 to 0.36.0 (#1403)
- 0f0ffc7 Bump google.golang.org/api from 0.145.0 to 0.146.0 (#1402)
- 7234f1b Bump sigs.k8s.io/release-utils from 0.7.4 to 0.7.5 (#1401)
Thanks for all contributors!
v1.4.1
v1.4.1
This tag was signed with the committer’s verified signature.
haydentherapper
Hayden B
v1.4.1
v1.4.1 disables CGO for released binaries and containers. If you need support
for an HSM-backed CA, compile Fulcio with CGO_ENABLED=1.
The Distroless base image of the released containers has been updated to Debian 12,
gcr.io/distroless/static-debian12:nonroot.
Features
- Do not block startup if OIDC provider cannot be created (#1389)
- Gracefully shutdown HTTP, gRPC, and Prom servers (#1342)
- Create interface for GRPC server which encompasses the GRPC HealthServer (#1334)
Release
Contributors
- Appu
- Hayden B
- Jon Johnson
- Jussi Kukkonen
- Priya Wadhwa
- William Woodruff
Full Changelog: v1.4.0...v1.4.1
v1.4.0
v1.4.0
This tag was signed with the committer’s verified signature.
haydentherapper
Hayden B
v1.4.0
Features
- Add "Source Repository Visibility At Signing" ext (#1279)
- Expose SkipExpiryCheck OIDC Config Option in Verifier (#1271)
Documentation
- Update loadtest instructions (#1284)
Contributors
- Hayden B
- Philip Harrison
- Priya Wadhwa
Full Changelog: v1.3.4...v1.4.0
v1.3.4
v1.3.3
Changelog
- 3815318 changelog for v1.3.3 release (#1266)
- 1923fa1 add HTTP and GRPC health check endpoints (#1258)
- 489d73a add fsnotify-backed cache for reading TLS PKI material (#1256)
- 12aa925 Bump protocolbuffers/protobuf from 23.3 to 23.4 (#1264)
- 3ce99aa Bump google.golang.org/grpc from 1.56.1 to 1.56.2 (#1265)
- 2b8e2dc Bump google.golang.org/api from 0.129.0 to 0.130.0 (#1260)
- 6debe57 Bump github.com/googleapis/api-linter in /hack/tools (#1261)
- e626775 Bump golang from
7925d69tofd9306e(#1262) - a3fea01 Bump golang from
344193ato7925d69(#1259) - a5b774d Bump github.com/googleapis/api-linter in /hack/tools (#1255)
Thanks for all contributors!
v1.3.2
v1.3.2
This tag was signed with the committer’s verified signature.
haydentherapper
Hayden B
v1.3.2
Features
- configure server-side TLS on grpc listener (#1252)
Bug fixes
- gitlab: remove build config URI. (#1183)
Documentation
- Update OID info (#1188)
- Fix spellings, update protoc (#1184)
- docs/oid-info: clarify source of issuer extensions (#1158)
Contributors
- Billy Lynch
- Bob Callaway
- Carlos Tadeu Panato Junior
- Hayden B
- Kristian Klausen
- William Woodruff
Full Changelog: v1.3.1...v1.3.2
v1.3.1
v1.3.1
This tag was signed with the committer’s verified signature.
haydentherapper
Hayden B
v1.3.0
v1.3.0
This tag was signed with the committer’s verified signature.
haydentherapper
Hayden B
v1.3.0
Fulcio 1.3.0 adds support for GitLab CI.
Enhancements
- Add GitLab.com OIDC to Fulcio (#983)
- Change ParseDerString to Public Function (#1119)
- Support enterprise-unique GitHub Actions OIDC issuer URLs (#1088)
Documentation
- Map GitLab OIDC token claims to Fulcio OIDs (#1097)
- Mark GitLab JWT claim fields that are still WIP. (#1139)
- oidc.md: Add section for how to select SANs. (#1127)
- oid-info: Drop Build Signer Digest requirement from MUST -> SHOULD (#1126)
- update docs to use CDN-backed TUF endpoint (#1108)
Contributors
- Alishan Ladhani
- Billy Lynch
- Bob Callaway
- Carlos Tadeu Panato Junior
- Hayden B
- James Ma
- Paul Welch
- Reed Loden
- Sandipan Panda
Full Changelog: v1.2.0...v1.3.0
v1.2.0
v1.2.0
This tag was signed with the committer’s verified signature.
haydentherapper
Hayden B
v1.2.0
Fulcio 1.2.0 adds support for additional extensions in certificates issued for
CI platforms, starting with GitHub Actions.
Deprecation warning: OIDs 1.3.6.1.4.1.57264.1.1 through 1.3.6.1.4.1.57264.1.6 have been deprecated,
but are still present in the issued certificates. The new extensions 1.3.6.1.4.1.57264.1.8
through 1.3.6.1.4.1.57264.1.21 are correctly formatted as DER-encoded strings.
Enhancements
- Implement standardized CI extensions for GitHub (#1073)
- Allow specifying ChallengeClaim for an Issuer in the Fulcio config (#1007)
- Support custom OIDC issuers
- Begin implementing Issuer interface for email and github identities (#1005)
- Implement Issuer interface for spiffe and kubernetes types (#1033)
- Implement Issuer interface for username and uri Issuer types (#1035)
- implement Issuer interface for buildkite (#1037)
- Create BaseIssuer type to implement Match for all Issuers (#1039)
- Use Issuer interface to allow for custom issuers (#1008)
Bug Fixes
- Don't add nil issuers to issuer pool (#1053)
Documentation
- Standardizing Fulcio Certificate Extensions (#945)
- Add documentation for adding a new OIDC issuer (#1042)
- Update TUF instructions in README (#1079)
Contributors
- Carlos Tadeu Panato Junior
- Hayden B
- Philip Harrison
- priyawadhwa
Full Changelog: v1.1.0...v1.2.0