v1.4.4

v1.4.4

Features

• Add production OIDC provider for Eclipse (#1472)
• Change parseExtension function to be public (#1584)
• Allow exposed metrics port to be overridden (#1518)
• add configurable idle timeout

Bug Fixes

• Fix docker-compose service order (#1537)
• Fix debug docker-compose setup (#1529)
• Fix docker-compose file (#1560)

Documentation

• Create new-idp-requirements.md (#1447)
• docs: Add back descriptive content on cert issuing (#1494)
• Added GitLab OIDC documentation to the /docs/oidc.md file that was missing. (#1574)

Misc

• update builder to use go1.21.6
• Move kubernetes CA processing in config.prepare (#1454)
• Lots of dependabot updates

Contributors

• Bob Callaway
• Carlos Tadeu Panato Junior
• Colleen Murphy
• Cyril Cordoui
• Hayden B
• John Kjell
• Paul Welch
• Tanner Jones

Full Changelog: v1.4.3...v1.4.4

v1.4.3

v1.4.3

Bug Fixes

• Bump golang.org/x/net from 0.15.0 to 0.17.0 in /hack/tools (#1409)
• Bump golang.org/x/net from 0.15.0 to 0.17.0 (#1410)

Contributors

• dependabot

Thanks for all contributors!

v1.4.2

Changelog

• c5f47ca changelog for v1.4.2 release (#1408)
• b5a341b update builder image to use go1.21.3 (#1407)
• d6a7c4d Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#1405)
• 036a40b Bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#1404)
• 120c90e Bump golang from 1.21.2 to 1.21.3 (#1406)
• 3faed9b Bump go.step.sm/crypto from 0.35.1 to 0.36.0 (#1403)
• 0f0ffc7 Bump google.golang.org/api from 0.145.0 to 0.146.0 (#1402)
• 7234f1b Bump sigs.k8s.io/release-utils from 0.7.4 to 0.7.5 (#1401)

Thanks for all contributors!

v1.4.1

v1.4.1

v1.4.1 disables CGO for released binaries and containers. If you need support
for an HSM-backed CA, compile Fulcio with CGO_ENABLED=1.

The Distroless base image of the released containers has been updated to Debian 12,
gcr.io/distroless/static-debian12:nonroot.

Features

• Do not block startup if OIDC provider cannot be created (#1389)
• Gracefully shutdown HTTP, gRPC, and Prom servers (#1342)
• Create interface for GRPC server which encompasses the GRPC HealthServer (#1334)

Release

• update builder image to use go1.21.2 (#1397)
• Disable CGO on release builds (#1368)

Contributors

• Appu
• Hayden B
• Jon Johnson
• Jussi Kukkonen
• Priya Wadhwa
• William Woodruff

Full Changelog: v1.4.0...v1.4.1

v1.4.0

v1.4.0

Features

• Add "Source Repository Visibility At Signing" ext (#1279)
• Expose SkipExpiryCheck OIDC Config Option in Verifier (#1271)

Documentation

• Update loadtest instructions (#1284)

Contributors

• Hayden B
• Philip Harrison
• Priya Wadhwa

Full Changelog: v1.3.4...v1.4.0

v1.3.4

Changelog

• b55b6ba changelog for v1.3.4 (#1270)
• a4b3e12 Update GitLab claim mappings for build configs (#1206)
• 07f0ac4 add container builds for each push to main (#1269)
• dcfd044 always use non-TLS credentials to connect over unix domain socket (#1268)

Thanks for all contributors!

v1.3.3

Changelog

• 3815318 changelog for v1.3.3 release (#1266)
• 1923fa1 add HTTP and GRPC health check endpoints (#1258)
• 489d73a add fsnotify-backed cache for reading TLS PKI material (#1256)
• 12aa925 Bump protocolbuffers/protobuf from 23.3 to 23.4 (#1264)
• 3ce99aa Bump google.golang.org/grpc from 1.56.1 to 1.56.2 (#1265)
• 2b8e2dc Bump google.golang.org/api from 0.129.0 to 0.130.0 (#1260)
• 6debe57 Bump github.com/googleapis/api-linter in /hack/tools (#1261)
• e626775 Bump golang from 7925d69 to fd9306e (#1262)
• a3fea01 Bump golang from 344193a to 7925d69 (#1259)
• a5b774d Bump github.com/googleapis/api-linter in /hack/tools (#1255)

Thanks for all contributors!

v1.3.2

v1.3.2

Features

• configure server-side TLS on grpc listener (#1252)

Bug fixes

• gitlab: remove build config URI. (#1183)

Documentation

• Update OID info (#1188)
• Fix spellings, update protoc (#1184)
• docs/oid-info: clarify source of issuer extensions (#1158)

Contributors

• Billy Lynch
• Bob Callaway
• Carlos Tadeu Panato Junior
• Hayden B
• Kristian Klausen
• William Woodruff

Full Changelog: v1.3.1...v1.3.2

v1.3.1

v1.3.1

Bug Fixes

• fix cert.URIs for GitLab CI (#1144)

Contributors

• Carlos Tadeu Panato Junior

v1.3.0

v1.3.0

Fulcio 1.3.0 adds support for GitLab CI.

Enhancements

• Add GitLab.com OIDC to Fulcio (#983)
• Change ParseDerString to Public Function (#1119)
• Support enterprise-unique GitHub Actions OIDC issuer URLs (#1088)

Documentation

• Map GitLab OIDC token claims to Fulcio OIDs (#1097)
• Mark GitLab JWT claim fields that are still WIP. (#1139)
• oidc.md: Add section for how to select SANs. (#1127)
• oid-info: Drop Build Signer Digest requirement from MUST -> SHOULD (#1126)
• update docs to use CDN-backed TUF endpoint (#1108)

Contributors

• Alishan Ladhani
• Billy Lynch
• Bob Callaway
• Carlos Tadeu Panato Junior
• Hayden B
• James Ma
• Paul Welch
• Reed Loden
• Sandipan Panda

Full Changelog: v1.2.0...v1.3.0