Releases: sigstore/fulcio
Releases · sigstore/fulcio
v1.3.4
v1.3.3
Changelog
- 3815318 changelog for v1.3.3 release (#1266)
- 1923fa1 add HTTP and GRPC health check endpoints (#1258)
- 489d73a add fsnotify-backed cache for reading TLS PKI material (#1256)
- 12aa925 Bump protocolbuffers/protobuf from 23.3 to 23.4 (#1264)
- 3ce99aa Bump google.golang.org/grpc from 1.56.1 to 1.56.2 (#1265)
- 2b8e2dc Bump google.golang.org/api from 0.129.0 to 0.130.0 (#1260)
- 6debe57 Bump github.com/googleapis/api-linter in /hack/tools (#1261)
- e626775 Bump golang from
7925d69tofd9306e(#1262) - a3fea01 Bump golang from
344193ato7925d69(#1259) - a5b774d Bump github.com/googleapis/api-linter in /hack/tools (#1255)
Thanks for all contributors!
v1.3.2
v1.3.2
This tag was signed with the committer’s verified signature.
haydentherapper
Hayden
v1.3.2
Features
- configure server-side TLS on grpc listener (#1252)
Bug fixes
- gitlab: remove build config URI. (#1183)
Documentation
- Update OID info (#1188)
- Fix spellings, update protoc (#1184)
- docs/oid-info: clarify source of issuer extensions (#1158)
Contributors
- Billy Lynch
- Bob Callaway
- Carlos Tadeu Panato Junior
- Hayden B
- Kristian Klausen
- William Woodruff
Full Changelog: v1.3.1...v1.3.2
v1.3.1
v1.3.1
This tag was signed with the committer’s verified signature.
haydentherapper
Hayden
v1.3.0
v1.3.0
This tag was signed with the committer’s verified signature.
haydentherapper
Hayden
v1.3.0
Fulcio 1.3.0 adds support for GitLab CI.
Enhancements
- Add GitLab.com OIDC to Fulcio (#983)
- Change ParseDerString to Public Function (#1119)
- Support enterprise-unique GitHub Actions OIDC issuer URLs (#1088)
Documentation
- Map GitLab OIDC token claims to Fulcio OIDs (#1097)
- Mark GitLab JWT claim fields that are still WIP. (#1139)
- oidc.md: Add section for how to select SANs. (#1127)
- oid-info: Drop Build Signer Digest requirement from MUST -> SHOULD (#1126)
- update docs to use CDN-backed TUF endpoint (#1108)
Contributors
- Alishan Ladhani
- Billy Lynch
- Bob Callaway
- Carlos Tadeu Panato Junior
- Hayden B
- James Ma
- Paul Welch
- Reed Loden
- Sandipan Panda
Full Changelog: v1.2.0...v1.3.0
v1.2.0
v1.2.0
This tag was signed with the committer’s verified signature.
haydentherapper
Hayden
v1.2.0
Fulcio 1.2.0 adds support for additional extensions in certificates issued for
CI platforms, starting with GitHub Actions.
Deprecation warning: OIDs 1.3.6.1.4.1.57264.1.1 through 1.3.6.1.4.1.57264.1.6 have been deprecated,
but are still present in the issued certificates. The new extensions 1.3.6.1.4.1.57264.1.8
through 1.3.6.1.4.1.57264.1.21 are correctly formatted as DER-encoded strings.
Enhancements
- Implement standardized CI extensions for GitHub (#1073)
- Allow specifying ChallengeClaim for an Issuer in the Fulcio config (#1007)
- Support custom OIDC issuers
- Begin implementing Issuer interface for email and github identities (#1005)
- Implement Issuer interface for spiffe and kubernetes types (#1033)
- Implement Issuer interface for username and uri Issuer types (#1035)
- implement Issuer interface for buildkite (#1037)
- Create BaseIssuer type to implement Match for all Issuers (#1039)
- Use Issuer interface to allow for custom issuers (#1008)
Bug Fixes
- Don't add nil issuers to issuer pool (#1053)
Documentation
- Standardizing Fulcio Certificate Extensions (#945)
- Add documentation for adding a new OIDC issuer (#1042)
- Update TUF instructions in README (#1079)
Contributors
- Carlos Tadeu Panato Junior
- Hayden B
- Philip Harrison
- priyawadhwa
Full Changelog: v1.1.0...v1.2.0
v1.1.0
v1.1.0
This tag was signed with the committer’s verified signature.
haydentherapper
Hayden
v1.1.0
Fulcio 1.1.0 adds support for Buildkite, supports running the HTTP and gRPC servers on the same port,
and fixes a few bugs in the GCP CA Service integration. Fulcio 1.1.0 updates Go to 1.20.
Enhancements
- Add Buildkite OIDC to Fulcio (#890)
- Update Fulcio to 1.20 (#989)
- Add in --duplex flag to run HTTP and GRPC servers on the same port (#931)
- Expose client options for google ca (#892)
Bug Fixes
- googleca: close certificate authority client when done (#930)
- Fix bugs in googleca and update flag description (#897)
- Fix pkcs11ca with no cgo compilation bug (#898)
Miscellaneous
- Add custom error logs when communicating with the CA backend (#966)
- Add new format for AKS OIDC issuer (#971)
- expose rpc options to add auth creds (#934)
- Refactor kmsca constructor to accept x509.Certificates (#917)
Contributors
- Bob Callaway
- Carlos Tadeu Panato Junior
- Harry Marr
- Hayden B
- Hector Fernandez
- Luke Hinds
- priyawadhwa
- Samuel Cochran
- William Woodruff
- Yoriyasu Yano
Full Changelog: v1.0.0...v1.1.0
v1.0.0
v1.0.0
This tag was signed with the committer’s verified signature.
haydentherapper
Hayden
v1.0.0-rc.0
v1.0.0-rc.0
This tag was signed with the committer’s verified signature.
haydentherapper
Hayden
What's Changed
- update previous releases and add notes for v0.6.0 by @cpanato in #806
- use same way to output version and expose build info to prometheus by @cpanato in #815
- Update swagger doc version for Fulcio 1.0 by @haydentherapper in #816
- Update CHANGELOG for v1.0.0-rc.0 by @haydentherapper in #818
Full Changelog: v0.6.0...v1.0.0-rc.0
Contributors
cpanato and haydentherapper
Assets 31
v0.6.0
What's Changed
- Update how-certificate-issuing-works.md by @haydentherapper in #755
- Export Fulcio extension OIDs by @wlynch in #761
- upgrade to go1.19 by @cpanato in #767
- Fix documentation link by @haydentherapper in #798
- Change username format, enforce identity format by @haydentherapper in #802
New Contributors
Full Changelog: v0.5.4...v0.6.0
Contributors
wlynch, cpanato, and haydentherapper