Cosign v1.13.0 Release Notes
-
Highlights
๐ > * For users who have deployed a private instance of Fulcio release v0.6.x and issue certificates with the Username identity, you will need to upgrade to use this version."
โจ Enhancements
- โ Add support for Fulcio username identity in SAN (https://github.com/sigstore/cosign/pull/2291)
- Data race in FetchSignaturesForReference (https://github.com/sigstore/cosign/pull/2283)
- Check error on chain verification failure (https://github.com/sigstore/cosign/pull/2284)
- feat: improve the verification message (https://github.com/sigstore/cosign/pull/2268)
- feat: use stdin as an input for predicate (https://github.com/sigstore/cosign/pull/2269)
๐ Bug Fixes
- ๐ fix: make tlog entry lookups for online verification shard-aware (https://github.com/sigstore/cosign/pull/2297)
- ๐ Fix: Create a static copy of signatures as part of verification. (https://github.com/sigstore/cosign/pull/2287)
- ๐ Fix: Remove an extra registry request from verification path. (https://github.com/sigstore/cosign/pull/2285)
- ๐ fix pivtool generate key touch policy (https://github.com/sigstore/cosign/pull/2282)
Others
- โ use scaffolding 0.4.8 for tests. (https://github.com/sigstore/cosign/pull/2280)
Contributors
- Asra Ali (@asraa)
- Batuhan Apaydฤฑn (@developer-guy)
- Carlos Tadeu Panato Junior (@cpanato)
- Hayden Blauzvern (@haydentherapper)
- Matt Moore (@mattmoor)
- Ross Tannenbaum (@RTann)
- Ville Aikas (@vaikas)