Skip to content

Releases: sigstore/fulcio

v1.6.1

14 Aug 17:43
@sigstore-bot sigstore-bot
v1.6.1
This tag was signed with the committer’s verified signature.
haydentherapper Hayden
SSH Key Fingerprint: 6/0oHTP4fxv/vPNr+1uBw4QqCd+1xm9QTOEUXtpKGvs
Verified
Learn about vigilant mode.
9fd5c09
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.6.1

v1.6.1

Bug Fixes

  • fix: removing surplus slash, making logs richer (#1762)

Contributors

  • Javan Lacerda

Full Changelog: v1.6.0...v1.6.1

Loading

v1.6.0

06 Aug 19:18
@sigstore-bot sigstore-bot
v1.6.0
This tag was signed with the committer’s verified signature.
haydentherapper Hayden
SSH Key Fingerprint: 6/0oHTP4fxv/vPNr+1uBw4QqCd+1xm9QTOEUXtpKGvs
Verified
Learn about vigilant mode.
50dbac4
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.6.0

v1.6.0

v1.6.0 adds support for onboarding CI identity providers via configuration
rather than code changes, which should greatly simplify the onboarding process.

Features

  • CiProvider as a new OIDCIssuer type (#1729)
  • Add TLS support for CTLog (#1718)
  • Added support for email_verified being a string or bool (#1744)

Documentation

  • Update IDP requirements (#1742)

Public Good Instance Configuration

  • Move codefresh and buildkite to ci-provider identity (#1743)
  • Move gitlab to ci-provider (#1740)
  • Migrate github to ci provider flow (#1738)
  • add Hellō provider (#1739)
  • Move configuration to yaml format (#1720)
  • Removes identity providers federation (#1736)

Contributors

  • Andrew Block
  • cpanato
  • Dick Hardt
  • Firas Ghanmi
  • Hayden B
  • Javan Lacerda
  • Matt Moore

Full Changelog: v1.5.1...v1.6.0

Loading

v1.5.1

11 Jul 01:15
@sigstore-bot sigstore-bot
v1.5.1
This tag was signed with the committer’s verified signature.
haydentherapper Hayden
SSH Key Fingerprint: 6/0oHTP4fxv/vPNr+1uBw4QqCd+1xm9QTOEUXtpKGvs
Verified
Learn about vigilant mode.
f11344b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.5.1

Bug Fixes

Full Changelog: v1.5.0...v1.5.1

Contributors

mattmoor
Loading

v1.5.0

09 Jul 22:30
@sigstore-bot sigstore-bot
v1.5.0
This tag was signed with the committer’s verified signature.
haydentherapper Hayden
SSH Key Fingerprint: 6/0oHTP4fxv/vPNr+1uBw4QqCd+1xm9QTOEUXtpKGvs
Verified
Learn about vigilant mode.
781fb65
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.5.0

v1.5.0

Features

  • Add Chainguard OIDC provider. (#1703)
  • Adding support for configuration from yaml file (#1687)
  • Upgrade go to 1.22 (#1625)

Documentation

  • oid-info: fix table render (#1662)
  • docs: Fix extensions for digest values requiring a type prefix (#1661)

Contributors

  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Facundo Tuesca
  • Javan Lacerda
  • Matt Moore
  • Tomas Turek
  • William Woodruff
Loading

v1.4.5

05 Apr 20:03
@sigstore-bot sigstore-bot
v1.4.5
This tag was signed with the committer’s verified signature.
haydentherapper Hayden
SSH Key Fingerprint: 6/0oHTP4fxv/vPNr+1uBw4QqCd+1xm9QTOEUXtpKGvs
Verified
Learn about vigilant mode.
0ac692c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.4.5

Changelog

Thanks for all contributors!

Loading

v1.4.4

28 Feb 22:17
@sigstore-bot sigstore-bot
v1.4.4
This tag was signed with the committer’s verified signature.
haydentherapper Hayden
SSH Key Fingerprint: 6/0oHTP4fxv/vPNr+1uBw4QqCd+1xm9QTOEUXtpKGvs
Verified
Learn about vigilant mode.
5c9ae3c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.4.4

v1.4.4

Features

  • Add production OIDC provider for Eclipse (#1472)
  • Change parseExtension function to be public (#1584)
  • Allow exposed metrics port to be overridden (#1518)
  • add configurable idle timeout

Bug Fixes

  • Fix docker-compose service order (#1537)
  • Fix debug docker-compose setup (#1529)
  • Fix docker-compose file (#1560)

Documentation

  • Create new-idp-requirements.md (#1447)
  • docs: Add back descriptive content on cert issuing (#1494)
  • Added GitLab OIDC documentation to the /docs/oidc.md file that was missing. (#1574)

Misc

  • update builder to use go1.21.6
  • Move kubernetes CA processing in config.prepare (#1454)
  • Lots of dependabot updates

Contributors

  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Colleen Murphy
  • Cyril Cordoui
  • Hayden B
  • John Kjell
  • Paul Welch
  • Tanner Jones

Full Changelog: v1.4.3...v1.4.4

Loading

v1.4.3

11 Oct 23:49
@sigstore-bot sigstore-bot
v1.4.3
99cb25d
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.4.3

v1.4.3

Bug Fixes

  • Bump golang.org/x/net from 0.15.0 to 0.17.0 in /hack/tools (#1409)
  • Bump golang.org/x/net from 0.15.0 to 0.17.0 (#1410)

Contributors

  • dependabot

Thanks for all contributors!

Loading

v1.4.2

11 Oct 14:10
@sigstore-bot sigstore-bot
v1.4.2
c5f47ca
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.4.2

Changelog

Thanks for all contributors!

Loading

v1.4.1

09 Oct 23:28
@sigstore-bot sigstore-bot
v1.4.1
This tag was signed with the committer’s verified signature.
haydentherapper Hayden
SSH Key Fingerprint: 6/0oHTP4fxv/vPNr+1uBw4QqCd+1xm9QTOEUXtpKGvs
Verified
Learn about vigilant mode.
5873bc8
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.4.1

v1.4.1

v1.4.1 disables CGO for released binaries and containers. If you need support
for an HSM-backed CA, compile Fulcio with CGO_ENABLED=1.

The Distroless base image of the released containers has been updated to Debian 12,
gcr.io/distroless/static-debian12:nonroot.

Features

  • Do not block startup if OIDC provider cannot be created (#1389)
  • Gracefully shutdown HTTP, gRPC, and Prom servers (#1342)
  • Create interface for GRPC server which encompasses the GRPC HealthServer (#1334)

Release

  • update builder image to use go1.21.2 (#1397)
  • Disable CGO on release builds (#1368)

Contributors

  • Appu
  • Hayden B
  • Jon Johnson
  • Jussi Kukkonen
  • Priya Wadhwa
  • William Woodruff

Full Changelog: v1.4.0...v1.4.1

Loading

v1.4.0

19 Jul 21:28
@sigstore-bot sigstore-bot
v1.4.0
This tag was signed with the committer’s verified signature.
haydentherapper Hayden
SSH Key Fingerprint: 6/0oHTP4fxv/vPNr+1uBw4QqCd+1xm9QTOEUXtpKGvs
Verified
Learn about vigilant mode.
9bd68ba
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
v1.4.0

v1.4.0

Features

  • Add "Source Repository Visibility At Signing" ext (#1279)
  • Expose SkipExpiryCheck OIDC Config Option in Verifier (#1271)

Documentation

  • Update loadtest instructions (#1284)

Contributors

  • Hayden B
  • Philip Harrison
  • Priya Wadhwa

Full Changelog: v1.3.4...v1.4.0

Loading