Skip to content

Releases: sigstore/rekor

v1.3.7

21 Nov 22:42
4caadbc
Compare
Choose a tag to compare

Changelog

Please see https://github.com/sigstore/rekor/blob/main/CHANGELOG.md for changes included in this release.

Thanks for all contributors!

v1.3.6

02 Apr 04:42
v1.3.6
a678856
Compare
Choose a tag to compare

v1.3.6

New Features

  • Add support for IEEE P1363 encoded ECDSA signatures
  • Add index performance script (#2042)
  • Add support for ed25519ph user keys in hashedrekord (#1945)
  • Add metrics for index insertion (#2015)
  • Add TLS support for Redis Client implementation (#1998)

Bug Fixes

  • fix typo in remoteIp and set full name for trace field

Full Changelog: v1.3.5...v1.3.6

v1.3.5

03 Feb 00:18
488eb97
Compare
Choose a tag to compare

Changelog

Thanks for all contributors!

What's Changed

New Contributors

Full Changelog: v1.3.4...v1.3.5

v1.3.4

03 Dec 20:11
5072901
Compare
Choose a tag to compare

Changelog

  • 5072901 changelog for v1.3.4 (#1868)
  • 9e37c19 fix: Do not check for pubsub.topics.get on initialization (#1853)
  • fb05e16 Update ranges.go (#1852)
  • a7501a6 update indexstorage interface to reduce roundtrips (#1838)
  • 212ebff add functional options for mysql implementation
  • a9de214 s/uuids/uuid
  • 014cfb1 add mysql indexstorage backend
  • 0394bf7 add s3 storage for attestations
  • 29220fb update builder image to use go1.21.4 and bump golangci-lint to v1.55.x (#1851)
  • ff9c3b9 fix optional field in cose schema
  • c3ffda6 use a single validator library in rekor-cli (#1818)
  • b681a14 Remove go-playground/validator dependency from pkg/pki (#1817)

Thanks for all contributors!

New Contributors

Full Changelog: v1.3.3...v1.3.4

v1.3.3

01 Nov 22:32
2ea1ef0
Compare
Choose a tag to compare

Changelog

Thanks for all contributors!

What's Changed

  • build(deps): Bump golang.org/x/net from 0.10.0 to 0.17.0 in /hack/tools by @dependabot in #1759
  • build(deps): Bump google/cloud-sdk from 5499d59 to 5ae0c79 by @dependabot in #1760
  • build(deps): Bump github.com/go-redis/redismock/v9 from 9.0.3 to 9.2.0 by @dependabot in #1761
  • build(deps): Bump github.com/redis/go-redis/v9 from 9.1.0 to 9.2.1 by @dependabot in #1717
  • install go at correct version for codeql by @bobcallaway in #1762
  • build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.7.3 to 1.7.4 by @dependabot in #1764
  • build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.7.3 to 1.7.4 by @dependabot in #1765
  • build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.7.3 to 1.7.4 by @dependabot in #1763
  • build(deps): Bump github.com/sigstore/sigstore from 1.7.3 to 1.7.4 by @dependabot in #1767
  • build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.7.3 to 1.7.4 by @dependabot in #1769
  • build(deps): Bump google/cloud-sdk from 5ae0c79 to 0bd5508 by @dependabot in #1768
  • make e2e tests more usable with docker-compose by @bobcallaway in #1770
  • build(deps): Bump google/cloud-sdk from 0bd5508 to 66e2681 by @dependabot in #1772
  • build(deps): Bump google/cloud-sdk from 66e2681 to d2a303f by @dependabot in #1773
  • build(deps): Bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in #1774
  • build(deps): Bump google/cloud-sdk from 450.0.0 to 451.0.0 by @dependabot in #1775
  • build(deps): Bump google.golang.org/grpc from 1.58.3 to 1.59.0 by @dependabot in #1776
  • Add method to get artifact hash for an entry by @haydentherapper in #1777
  • build(deps): Bump go.step.sm/crypto from 0.36.0 to 0.36.1 by @dependabot in #1780
  • build(deps): Bump google/cloud-sdk from 4bcc272 to 1969fea by @dependabot in #1778
  • build(deps): Bump cloud.google.com/go/profiler from 0.3.1 to 0.4.0 by @dependabot in #1779
  • build(deps): Bump google/cloud-sdk from 451.0.0 to 451.0.1 by @dependabot in #1782
  • build(deps): Bump google.golang.org/api from 0.147.0 to 0.148.0 by @dependabot in #1781
  • build(deps): Bump google/cloud-sdk from d7dac1e to d01ba39 by @dependabot in #1783
  • build(deps): Bump google/cloud-sdk from d01ba39 to 7edf46b by @dependabot in #1784
  • build(deps): Bump google/cloud-sdk from 451.0.1 to 452.0.0 by @dependabot in #1785
  • build(deps): Bump go.uber.org/goleak from 1.2.1 to 1.3.0 by @dependabot in #1787
  • build(deps): Bump sigs.k8s.io/yaml from 1.3.0 to 1.4.0 by @dependabot in #1786
  • build(deps): Bump google.golang.org/grpc from 1.55.0 to 1.56.3 in /hack/tools by @dependabot in #1788
  • build(deps): Bump google/cloud-sdk from 452.0.0 to 452.0.1 by @dependabot in #1789
  • build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.7.4 to 1.7.5 by @dependabot in #1790
  • build(deps): Bump google/cloud-sdk from 8b55497 to a7d9835 by @dependabot in #1795
  • build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.7.4 to 1.7.5 by @dependabot in #1792
  • build(deps): Bump sigs.k8s.io/release-utils from 0.7.5 to 0.7.6 by @dependabot in #1793
  • build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.7.4 to 1.7.5 by @dependabot in #1791
  • build(deps): Bump github.com/sigstore/sigstore from 1.7.4 to 1.7.5 by @dependabot in #1794
  • build(deps): Bump google/cloud-sdk from a7d9835 to 96d437f by @dependabot in #1796
  • build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.7.4 to 1.7.5 by @dependabot in #1797
  • feat: adds redis auth. by @ianhundere in #1627
  • build(deps): Bump google/cloud-sdk from 96d437f to b996d57 by @dependabot in #1798
  • build(deps): Bump google/cloud-sdk from 452.0.1 to 453.0.0 by @dependabot in #1800
  • build(deps): Bump github.com/redis/go-redis/v9 from 9.2.1 to 9.3.0 by @dependabot in #1801
  • build(deps): Bump google.golang.org/api from 0.148.0 to 0.149.0 by @dependabot in #1802
  • update trillian to 1.5.3 by @k4leung4 in #1803
  • Update signer flag description by @haydentherapper in #1804
  • changelog for v1.3.3 by @bobcallaway in #1806

New Contributors

Full Changelog: v1.3.2...v1.3.3

v1.3.2

11 Oct 14:09
1c2ae1c
Compare
Choose a tag to compare

Changelog

  • 1c2ae1c changelog for v1.3.2 (#1758)
  • 4d6ff8a build(deps): Bump golang.org/x/net from 0.16.0 to 0.17.0 (#1753)
  • c7647b7 build(deps): Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#1755)
  • 5310881 build(deps): Bump google/cloud-sdk from 449.0.0 to 450.0.0 (#1757)
  • 0a110e5 build(deps): Bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#1754)
  • 9310915 update Dockerfile for go 1.21.3 (#1752)
  • 8052daa update builder image to use go1.21.3 (#1751)
  • 49a291a build(deps): Bump google/cloud-sdk from 0c79a8f to 538c693 (#1750)
  • f5c00ea add CHANGELOG for v1.3.1 (#1749)

Thanks for all contributors!

v1.3.1

10 Oct 00:03
543d7a1
Compare
Choose a tag to compare

v1.3.1

New Features

  • enable GCP cloud profiling on rekor-server (#1746)
  • move index storage into interface (#1741)
  • add info to readme to denote additional documentation sources (#1722)
  • Add type of ed25519 key for TUF (#1677)
  • Allow parsing base64-encoded TUF metadata and root content (#1671)

Quality Enhancements

  • disable quota in trillian in test harness (#1680)

Bug Fixes

  • Update contact for code of conduct (#1720)
  • fix: typo (#1711)
  • Fix panic when parsing SSH SK pubkeys (#1712)
  • Correct index creation (#1708)
  • Update .ko.yaml (#1682)
  • docs: fixzes a small typo on the readme (#1686)
  • chore: fix backfill-redis Makefile target (#1685)

Contributors

  • Andres Galante
  • Andrew Block
  • Appu
  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • guangwu
  • Hayden B
  • jonvnadelberg
  • Lance Ball

New Contributors

Full Changelog: v1.3.0...v1.3.1

v1.3.0

31 Aug 22:05
ed3d0b1
Compare
Choose a tag to compare

Changelog

  • ed3d0b1 changelog for v1.3.0 (#1657)
  • f0fe617 Update openapi.yaml (#1655)
  • be96b95 build(deps): Bump google/cloud-sdk from 4769605 to 648eb94 (#1656)
  • a0a4820 build(deps): Bump google/cloud-sdk from f656d61 to 4769605 (#1654)
  • 4c6df3e pass transient errors through retrieveLogEntry (#1653)
  • f3d6483 return full entryID on HTTP 409 responses (#1650)
  • 2934605 set min go version to 1.21 (#1651)
  • a9f538d build(deps): Bump github.com/go-playground/validator/v10 (#1648)
  • 3a89ae4 build(deps): Bump google/cloud-sdk from 443.0.0 to 444.0.0 (#1647)
  • 6208b39 build(deps): Bump google.golang.org/api from 0.135.0 to 0.138.0 (#1646)
  • a49cd04 feat: Support publishing new log entries to Pub/Sub topics (#1580)
  • 45bbaf0 build(deps): Bump gocloud.dev from 0.33.0 to 0.34.0 (#1645)
  • 7cc7f47 build(deps): Bump actions/checkout from 3.5.3 to 3.6.0 (#1644)
  • 280efef build(deps): Bump github.com/sassoftware/relic/v7 from 7.6.0 to 7.6.1 (#1642)
  • ab09135 build(deps): Bump github.com/go-playground/validator/v10 (#1641)
  • ee5c702 build(deps): Bump go.step.sm/crypto from 0.34.0 to 0.35.0 (#1640)
  • a561d26 build(deps): Bump github.com/redis/go-redis/v9 from 9.0.5 to 9.1.0 (#1639)
  • 13bbd9a build(deps): Bump github.com/sassoftware/relic/v7 from 7.5.9 to 7.6.0 (#1638)
  • 29e331b Upgrade to go1.21 (#1636)
  • 4e05235 build(deps): Bump github.com/sigstore/protobuf-specs from 0.2.0 to 0.2.1 (#1637)
  • 3e1715a Change values of Identity.Raw, add fingerprints (#1628)
  • c1e6614 build(deps): Bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (#1634)
  • 08ea39a Extract all subjects from SANs for x509 verifier (#1632)
  • ea666c7 build(deps): Bump github.com/theupdateframework/go-tuf (#1631)
  • d78fdf4 build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/azure (#1629)
  • 1da6c56 build(deps): Bump github.com/sassoftware/relic/v7 from 7.5.6 to 7.5.9 (#1630)
  • 6357794 build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/aws (#1621)
  • 19b4bee build(deps): Bump github.com/sigstore/sigstore from 1.7.1 to 1.7.2 (#1623)
  • e65310e build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault (#1622)
  • 52d5b4c build(deps): Bump actions/setup-go from 4.0.1 to 4.1.0 (#1620)
  • 8d2424a build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/gcp (#1624)
  • 4ba20c4 Fix type comment for Identity struct (#1619)
  • 0d88d22 build(deps): bump gocloud.dev from 0.32.0 to 0.33.0 (#1609)
  • e7b377a Refactor Identities API (#1611)
  • d954fef build(deps): bump github.com/go-playground/validator/v10 (#1617)
  • bd0db76 build(deps): bump github.com/sassoftware/relic/v7 from 7.5.5 to 7.5.6 (#1615)
  • e76446a build(deps): bump golang.org/x/net from 0.13.0 to 0.14.0 (#1614)
  • 753e020 build(deps): bump golang.org/x/crypto from 0.11.0 to 0.12.0 (#1616)
  • 50952a6 build(deps): bump go.step.sm/crypto from 0.33.0 to 0.34.0 (#1612)
  • 924fb3a build(deps): bump golang.org/x/net from 0.12.0 to 0.13.0 (#1608)
  • 8a25878 build(deps): bump golang from 1.20.6 to 1.20.7 (#1610)
  • 1ba7865 build(deps): bump go.uber.org/zap from 1.24.0 to 1.25.0 (#1607)
  • a4b3120 build(deps): bump golang from cfc9d1b to 010a0ff (#1604)
  • fa379b0 build(deps): bump go.step.sm/crypto from 0.32.5 to 0.33.0 (#1602)
  • cbc9c44 Refactor Verifiers to return multiple keys (#1601)
  • 8a30776 build(deps): bump google.golang.org/grpc from 1.56.2 to 1.57.0 (#1600)
  • 96dad3c build(deps): bump golang from 8e5a006 to cfc9d1b (#1588)
  • d51dea6 Update checkpoint link (#1597)
  • 87dd2cd Use correct log index in inclusion proof (#1599)
  • 2bd83da build(deps): bump go.step.sm/crypto from 0.32.4 to 0.32.5 (#1596)
  • 1b149d2 remove instrumentation library (#1595)
  • c44b8b5 pki: clean up fuzzer (#1594)
  • 05bdadc build(deps): bump gocloud.dev from 0.30.0 to 0.32.0 (#1592)
  • 3bdf746 build(deps): bump go.step.sm/crypto from 0.32.3 to 0.32.4 (#1590)
  • b383663 update builder image to use go1.20.6 and cosign image to 2.1.1 (#1589)
  • d702f84 build(deps): bump github.com/sigstore/protobuf-specs from 0.1.0 to 0.2.0 (#1584)
  • 1b06bcf build(deps): bump github.com/secure-systems-lab/go-securesystemslib (#1585)
  • d75c7b0 build(deps): bump go.step.sm/crypto from 0.32.2 to 0.32.3 (#1586)
  • 2b1d9d8 build(deps): bump golang from 1.20.5 to 1.20.6 (#1587)
  • 6fd7c23 build(deps): bump github.com/google/rpmpack (#1582)
  • 3ded91e build(deps): bump google.golang.org/grpc from 1.56.1 to 1.56.2 (#1579)
  • 0817ec6 build(deps): bump golang from 20ee7c8 to fd9306e (#1578)
  • 381778c build(deps): bump golang.org/x/net from 0.11.0 to 0.12.0 (#1576)
  • 30254fb build(deps): bump golang from 344193a to 20ee7c8 (#1575)
  • ad43970 build(deps): bump golang.org/x/mod from 0.11.0 to 0.12.0 (#1574)
  • 4fb1b7a build(deps): bump github.com/veraison/go-cose from 1.1.0 to 1.2.0 (#1572)
  • 7616da1 alpine: add max metadata size to fuzzer (#1571)

Thanks for all contributors!

v1.2.2

28 Jun 19:41
9c13e97
Compare
Choose a tag to compare

What's Changed

New Contributors

Full Changelog: v1.2.1...v1.2.2

v1.2.1

26 May 13:50
576458c
Compare
Choose a tag to compare

Changelog

v1.2.1

(note the release of v1.2.0 failed during our release process, so we fixed the issue and cut v1.2.1); including the Changelog for v1.2.0 here too:

v1.2.0

Functional Enhancements

  • add client method to generate TLE struct (#1498)
  • add dsse type (#1487)
  • support other KMS providers (AWS, Azure, Hashicorp) in addition to GCP (#1488)
  • Add concurrency to backfill-redis (#1504)
  • omit informational message if machine-parseable output has been requested (#1486)
  • Publish stable checkpoint periodically to Redis (#1461)
  • Add intoto v0.0.2 to backfill script (#1500)
  • add new method to test insertability of proposed entries into log (#1410)

Quality Enhancements

  • use t.Skip() in fuzzers (#1506)
  • improve fuzzing coverage (#1499)
  • Remove watcher script (#1484)

Bug Fixes

  • Merge pull request from GHSA-frqx-jfcm-6jjr
  • Remove requirement of PayloadHash for intoto 0.0.1 (#1490)
  • fix lint errors, bump linter up to 1.52 (#1485)
  • Remove dependencies from pkg/util (#1469)

Contributors

  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Ceridwen Coghlan
  • Cody Soyland
  • Hayden B
  • Miloslav Trmač

Thanks for all contributors!