Cosign v1.4.1 Release Notes
-
Highlights
๐ A whole buncha bugfixes!
โจ Enhancements
- Files created with
--output-signature
and--output-certificate
now created with 0600 permissions (https://github.com/sigstore/cosign/pull/1151) - โ Added
cosign verify-attestation --local-image
for verifying signed images with attestations from disk (https://github.com/sigstore/cosign/pull/1174) - โ Added the ability to fetch the TUF root over HTTP with
cosign initialize --mirror
(https://github.com/sigstore/cosign/pull/1185)
๐ Bug Fixes
- ๐ Fixed saving and loading a signed image index to disk (https://github.com/sigstore/cosign/pull/1147)
- ๐ Fixed
sign-blob --output-certificate
writing an empty file (https://github.com/sigstore/cosign/pull/1149) - ๐ Fixed assorted issues related to the initialization and use of Sigstore's TUF root of trust (https://github.com/sigstore/cosign/pull/1157)
Contributors
- Carlos Alexandro Becker (@caarlos0)
- Carlos Panato (@cpanato)
- Hayden Blauzvern (@haydentherapper)
- Jake Sanders (@dekkagaijin)
- Matt Moore (@mattmoor)
- Priya Wadhwa (@priyawadhwa)
- Radoslav Gerganov (@rgerganov)
- Files created with