Releases: sigstore/fulcio
v1.3.0
v1.3.0
Fulcio 1.3.0 adds support for GitLab CI.
Enhancements
- Add GitLab.com OIDC to Fulcio (#983)
- Change ParseDerString to Public Function (#1119)
- Support enterprise-unique GitHub Actions OIDC issuer URLs (#1088)
Documentation
- Map GitLab OIDC token claims to Fulcio OIDs (#1097)
- Mark GitLab JWT claim fields that are still WIP. (#1139)
- oidc.md: Add section for how to select SANs. (#1127)
- oid-info: Drop Build Signer Digest requirement from MUST -> SHOULD (#1126)
- update docs to use CDN-backed TUF endpoint (#1108)
Contributors
- Alishan Ladhani
- Billy Lynch
- Bob Callaway
- Carlos Tadeu Panato Junior
- Hayden B
- James Ma
- Paul Welch
- Reed Loden
- Sandipan Panda
Full Changelog: v1.2.0...v1.3.0
v1.2.0
v1.2.0
Fulcio 1.2.0 adds support for additional extensions in certificates issued for
CI platforms, starting with GitHub Actions.
Deprecation warning: OIDs 1.3.6.1.4.1.57264.1.1
through 1.3.6.1.4.1.57264.1.6
have been deprecated,
but are still present in the issued certificates. The new extensions 1.3.6.1.4.1.57264.1.8
through 1.3.6.1.4.1.57264.1.21
are correctly formatted as DER-encoded strings.
Enhancements
- Implement standardized CI extensions for GitHub (#1073)
- Allow specifying ChallengeClaim for an Issuer in the Fulcio config (#1007)
- Support custom OIDC issuers
- Begin implementing Issuer interface for email and github identities (#1005)
- Implement Issuer interface for spiffe and kubernetes types (#1033)
- Implement Issuer interface for username and uri Issuer types (#1035)
- implement Issuer interface for buildkite (#1037)
- Create BaseIssuer type to implement Match for all Issuers (#1039)
- Use Issuer interface to allow for custom issuers (#1008)
Bug Fixes
- Don't add nil issuers to issuer pool (#1053)
Documentation
- Standardizing Fulcio Certificate Extensions (#945)
- Add documentation for adding a new OIDC issuer (#1042)
- Update TUF instructions in README (#1079)
Contributors
- Carlos Tadeu Panato Junior
- Hayden B
- Philip Harrison
- priyawadhwa
Full Changelog: v1.1.0...v1.2.0
v1.1.0
v1.1.0
Fulcio 1.1.0 adds support for Buildkite, supports running the HTTP and gRPC servers on the same port,
and fixes a few bugs in the GCP CA Service integration. Fulcio 1.1.0 updates Go to 1.20.
Enhancements
- Add Buildkite OIDC to Fulcio (#890)
- Update Fulcio to 1.20 (#989)
- Add in --duplex flag to run HTTP and GRPC servers on the same port (#931)
- Expose client options for google ca (#892)
Bug Fixes
- googleca: close certificate authority client when done (#930)
- Fix bugs in googleca and update flag description (#897)
- Fix pkcs11ca with no cgo compilation bug (#898)
Miscellaneous
- Add custom error logs when communicating with the CA backend (#966)
- Add new format for AKS OIDC issuer (#971)
- expose rpc options to add auth creds (#934)
- Refactor kmsca constructor to accept x509.Certificates (#917)
Contributors
- Bob Callaway
- Carlos Tadeu Panato Junior
- Harry Marr
- Hayden B
- Hector Fernandez
- Luke Hinds
- priyawadhwa
- Samuel Cochran
- William Woodruff
- Yoriyasu Yano
Full Changelog: v1.0.0...v1.1.0
v1.0.0
v1.0.0-rc.0
What's Changed
- update previous releases and add notes for v0.6.0 by @cpanato in #806
- use same way to output version and expose build info to prometheus by @cpanato in #815
- Update swagger doc version for Fulcio 1.0 by @haydentherapper in #816
- Update CHANGELOG for v1.0.0-rc.0 by @haydentherapper in #818
Full Changelog: v0.6.0...v1.0.0-rc.0
v0.6.0
What's Changed
- Update how-certificate-issuing-works.md by @haydentherapper in #755
- Export Fulcio extension OIDs by @wlynch in #761
- upgrade to go1.19 by @cpanato in #767
- Fix documentation link by @haydentherapper in #798
- Change username format, enforce identity format by @haydentherapper in #802
New Contributors
Full Changelog: v0.5.4...v0.6.0
v0.5.4
v0.5.3
What's Changed
- Bump google.golang.org/api from 0.88.0 to 0.89.0 by @dependabot in #705
- Bump imjasonh/setup-ko from 0.4 to 0.5 by @dependabot in #704
- Bump golang from
9349ed8
tof3d3d69
by @dependabot in #707 - ✨ Enable Scorecard badge by @azeemshaikh38 in #706
- Bump google.golang.org/protobuf from 1.28.0 to 1.28.1 in /hack/tools by @dependabot in #712
- Bump golang from
f3d3d69
to6e10f44
by @dependabot in #708 - Bump google.golang.org/api from 0.89.0 to 0.90.0 by @dependabot in #711
- Bump github/codeql-action from 2.1.16 to 2.1.17 by @dependabot in #709
- Bump google.golang.org/protobuf from 1.28.0 to 1.28.1 by @dependabot in #710
- Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.11.0 to 2.11.1 by @dependabot in #714
- Bump golang from
6e10f44
to8a62670
by @dependabot in #713 - Bump golang from 1.18.4 to 1.18.5 by @dependabot in #717
- Update certificate issuance documentation by @haydentherapper in #702
- Bump google.golang.org/api from 0.90.0 to 0.91.0 by @dependabot in #720
- Add documentation for SCT formats by @haydentherapper in #718
- Bump github/codeql-action from 2.1.17 to 2.1.18 by @dependabot in #721
- Create certificate specification by @haydentherapper in #703
- Bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 by @dependabot in #725
- Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.11.1 to 2.11.2 by @dependabot in #724
- install protobuff 3.20.1 by @cpanato in #728
- Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.11.0 to 2.11.2 in /hack/tools by @dependabot in #726
- Bump go.uber.org/zap from 1.21.0 to 1.22.0 by @dependabot in #730
- Bump github.com/googleapis/api-linter from 1.33.2 to 1.33.3 in /hack/tools by @dependabot in #722
- Bump github.com/googleapis/api-linter from 1.33.3 to 1.34.0 in /hack/tools by @dependabot in #731
- fix example to explicitly set port for gRPC call by @bobcallaway in #732
- Bump google.golang.org/api from 0.91.0 to 0.92.0 by @dependabot in #733
- Bump go.step.sm/crypto from 0.17.0 to 0.17.1 by @dependabot in #737
- update github.com/google/tink/go to 1.7.0 and fix deprecation by @cpanato in #736
- address Potential Slowloris Attack because ReadHeaderTimeout is not configured in the http.Server by @cpanato in #735
- Bump go.step.sm/crypto from 0.17.1 to 0.17.2 by @dependabot in #742
- Bump google.golang.org/api from 0.92.0 to 0.93.0 by @dependabot in #741
- update builder and cosign images by @cpanato in #743
- Update scorecard-action to v2:alpha by @azeemshaikh38 in #746
- Bump actions/dependency-review-action from 2.0.4 to 2.1.0 by @dependabot in #744
- update changelog to add release v0.5.3 by @cpanato in #747
- Clean up unix socket by @pauldthomson in #739
- bump sigstore/sigstore from 1.3.1 to 1.4.0 by @k4leung4 in #745
New Contributors
- @azeemshaikh38 made their first contribution in #706
- @pauldthomson made their first contribution in #739
Full Changelog: v0.5.2...v0.5.3
v0.5.2
What's Changed
- Bump actions/setup-go from 3.2.0 to 3.2.1 by @dependabot in #677
- Bump github.com/prometheus/common from 0.35.0 to 0.36.0 by @dependabot in #678
- Bump cloud.google.com/go/security from 1.4.0 to 1.4.1 by @dependabot in #681
- Bump google.golang.org/api from 0.86.0 to 0.87.0 by @dependabot in #680
- Bump google.golang.org/grpc from 1.47.0 to 1.48.0 by @dependabot in #682
- Bump github.com/googleapis/api-linter from 1.33.1 to 1.33.2 in /hack/tools by @dependabot in #685
- Bump github/codeql-action from 2.1.15 to 2.1.16 by @dependabot in #684
- Bump golang from 1.18.3 to 1.18.4 by @dependabot in #683
- Bump github.com/prometheus/common from 0.36.0 to 0.37.0 by @dependabot in #687
- Bump actions/dependency-review-action from 2.0.2 to 2.0.4 by @dependabot in #686
- Bump go.step.sm/crypto from 0.16.2 to 0.17.0 by @dependabot in #688
- bump cosign to v1.9.0 by @bobcallaway in #692
- Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.10.3 to 2.11.0 by @dependabot in #695
- Bump google.golang.org/api from 0.87.0 to 0.88.0 by @dependabot in #694
- Bump github.com/grpc-ecosystem/grpc-gateway/v2 from 2.10.3 to 2.11.0 in /hack/tools by @dependabot in #696
- [NFC] docs/oidc: mark code blocks as JSON, minor syntax fixes by @woodruffw in #697
- ensure GetTrustBundle returns array of strings instead of a single string with newlines by @bobcallaway in #690
- update go builder and cosign image by @cpanato in #700
- Add CHANGELOG for 0.5.2 by @haydentherapper in #701
New Contributors
- @woodruffw made their first contribution in #697
Full Changelog: v0.5.1...v0.5.2
Thanks to all contributors!
v0.5.1
What's Changed
- Bump google.golang.org/api from 0.82.0 to 0.83.0 by @dependabot in #642
- Bump google.golang.org/api from 0.83.0 to 0.84.0 by @dependabot in #647
- Add interface for certs/signer fetching to remove mutex by @haydentherapper in #643
- change grpc response logger to debug level instead of error by @bobcallaway in #648
- Bump actions/dependency-review-action from 1.0.2 to 2.0.1 by @dependabot in #650
- Bump github.com/googleapis/api-linter from 1.32.1 to 1.32.2 in /hack/tools by @dependabot in #651
- Bump golang from
b203dc5
to1c3d22f
by @dependabot in #649 - Bump actions/dependency-review-action from 2.0.1 to 2.0.2 by @dependabot in #652
- Bump github.com/googleapis/api-linter from 1.32.2 to 1.32.3 in /hack/tools by @dependabot in #653
- Refactor in-memory signing CAs to use a single implementation by @haydentherapper in #644
- Bump github.com/prometheus/common from 0.34.0 to 0.35.0 by @dependabot in #655
- Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 by @dependabot in #658
- Bump google.golang.org/api from 0.84.0 to 0.85.0 by @dependabot in #657
- Bump github/codeql-action from 2.1.12 to 2.1.13 by @dependabot in #656
- Bump github/codeql-action from 2.1.13 to 2.1.14 by @dependabot in #659
- Bump golang from
1c3d22f
to957001e
by @dependabot in #660 - Bump golang from
957001e
toa452d62
by @dependabot in #661 - Bump ossf/scorecard-action from 1.1.1 to 1.1.2 by @dependabot in #662
- Add Tink signing backend by @haydentherapper in #645
- Bump google.golang.org/api from 0.85.0 to 0.86.0 by @dependabot in #664
- Bump github/codeql-action from 2.1.14 to 2.1.15 by @dependabot in #663
- generate OpenAPI documents from protobuf by @bobcallaway in #666
- add dependabot hack to monitor for new protoc releases by @bobcallaway in #667
- Bump github.com/googleapis/api-linter from 1.32.3 to 1.33.0 in /hack/tools by @dependabot in #669
- Bump github.com/spiffe/go-spiffe/v2 from 2.1.0 to 2.1.1 by @dependabot in #668
- Update sigstore to pull in fixes by @haydentherapper in #671
- Add CORS support to HTTP endpoint by @bobcallaway in #670
- pipe all log messages to stdout for dev logger by @bobcallaway in #673
- Bump github.com/googleapis/api-linter from 1.33.0 to 1.33.1 in /hack/tools by @dependabot in #674
- add changelog for v0.5.1 by @cpanato in #675
Full Changelog: v0.5.0...v0.5.1