Skip to content

Releases: in-toto/in-toto-golang

v0.3.1

28 Sep 12:52
@adityasaky adityasaky
v0.3.1
This tag was signed with the committer’s verified signature.
adityasaky Aditya Sirish
GPG key ID: B83110D012545604
Verified
Learn about vigilant mode.
b91d98c
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.3.1 Pre-release
Pre-release

Fixes #130 - adds omitempty to the cert field in signatures to maintain compatibility with non ITE-7 implementations.

Assets 2
Loading

v0.3.0

21 Sep 21:07
@adityasaky adityasaky
v0.3.0
This tag was signed with the committer’s verified signature.
adityasaky Aditya Sirish
GPG key ID: B83110D012545604
Verified
Learn about vigilant mode.
f2c57d1
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.3.0 Pre-release
Pre-release

This release includes a fix for CVE-2021-41087. You can find the security advisory here: GHSA-vrxp-mg9f-hwf3

Other changes include:

  • A CLI courtesy of the BoxBoat team
  • Certificate support in in-toto metadata
  • Updated PAE function to match DSSE v1
  • Updated type to indicate provenance matches SLSA spec
  • Fix to make Metadata field in Provenance optional to match the specification

This release supports Go 1.16 and 1.17.

Shout out to our contributors (in no particular order): Parth Patel (@pxp928), Dan Lorenc (@dlorenc), Brandon Mitchell (@sudo-bmitch), Mikhail Swift (@mikhailswift), Furkan Türkal (@Dentrax), Batuhan Apaydın (@developer-guy), Christian Rebischke (@shibumi), Santiago Torres-Arias (@SantiagoTorres).

Contributors

dlorenc, sudo-bmitch, and 6 other contributors
Assets 2
Loading

v0.2.0

21 Jun 20:51
@shibumi shibumi
v0.2.0
This tag was signed with the committer’s verified signature.
shibumi Christian Rebischke
GPG key ID: D21461E3DFE2060D
Verified
Learn about vigilant mode.
c80faab
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.2.0 Pre-release
Pre-release

Supported Go Versions for this release:

  • Go 1.16
  • Go 1.15

Changes:

  • support for ITE-6 data structures
  • support for ITE-5 signature generation
  • support for specifying a local directory when running inspections
  • switch from golang.org/x/crypto/ed25519 to crypto/ed25519

Thanks to our contributors: Aditya Sirish, Christian Rebischke, Cindy Kim, Dan Lorenc, Fredrik Skogman, Lukas Puehringer, Omer Levi Hevroni, Radu M, Santiago Torres, Scott Buckel, seb-bah, Vaibhav Lodha

Assets 2
Loading

v0.1.0

15 Jan 14:43
@lukpueh lukpueh
v0.1.0
This tag was signed with the committer’s verified signature. The key has expired.
lukpueh Lukas Pühringer
GPG key ID: 89A2AD3C07D962E8
Expired
Verified
Learn about vigilant mode.
307596a
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v0.1.0 Pre-release
Pre-release

Initial release

Assets 2
Loading