ยซ Changelog History


Cosign v0.4.0 Release Notes

  • Action Required

    • Signatures created with cosign before v0.4.0 are not compatible with those created after
      • The signature image's manifest now uses OCI mediaTypes (#300)
      • The signature image's tag is now terminated with .sig (instead of .cosign, #287)

    โœจ Enhancements

    • ๐Ÿ‘ ๐ŸŽ‰ Added support for "offline" verification of Rekor signatures ๐ŸŽ‰ (ใ‚ใ‚ŠใŒใจใ†, priyawadhwa! #285)
    • ๐Ÿ‘Œ Support for Hashicorp vault as a KMS provider has been added (Danke, RichiCoder1! sigstore/sigstore #44, sigstore/sigstore #49)

    ๐Ÿ› Bug Fixes

    • GCP KMS URIs now include the key version (#45)

    Contributors

    • Christian Pearce (@pearcec)
    • Dan Lorenc (@dlorenc)
    • Jake Sanders (@dekkagaijin)
    • Priya Wadhwa (@priyawadhwa)
    • Richard Simpson (@RichiCoder1)
    • Ross Timson (@rosstimson)