Skip to content

v1.7.0

Choose a tag to compare

View all tags
@sigstore-bot sigstore-bot released this 11 Apr 17:19
· 198 commits to main since this release
v1.7.0
This tag was signed with the committer’s verified signature.
haydentherapper Hayden
SSH Key Fingerprint: 6/0oHTP4fxv/vPNr+1uBw4QqCd+1xm9QTOEUXtpKGvs
Verified
Learn about vigilant mode.
71e0039
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

v1.7.0

v1.7.0 includes a change to how proof of possession signatures are verified.
Fulcio has updated the expected hashing algorithm for ECDSA P-384 and P-521
signatures to be SHA-384 and SHA-512, in line with CSR signature verification.
Cosign is actively being updated to support this for when signing with a
managed key and requesting a certificate.

Features

  • Allow configurable client signing algorithms (#1938)
  • Use different hash in proof of possession based on key (#1959)
  • Tls verification on OIDC issuers (#1932)
  • feat: adds cert-utility. (#1870)
  • feat: makes leaf optional and other changes. (#1931)

Bug Fixes

  • Remove err impossible condition: nil != nil (#1934)
  • mark principal and issuer class under pkg/identity as deprecated (#1980)
Assets 31
Loading