Cosign v1.5.2 Release Notes
-
๐ Security Fixes
- CVE-2022-23649 - Make sure signature in Rekor bundle matches signature being verified
Others
- ๐ refactor release cloudbuild job (https://github.com/sigstore/cosign/pull/1476)
- ๐ increase timeout for goreleaser snapshot (https://github.com/sigstore/cosign/pull/1473)
- ๐ Double goreleaser timeout (https://github.com/sigstore/cosign/pull/1472)
- โฌ๏ธ Bump webhook timeout. (https://github.com/sigstore/cosign/pull/1465)
- ๐ convert release cosigned to also generate yaml artifact. (https://github.com/sigstore/cosign/pull/1453)
- ๐ feat: add -buildid= to ldflags (https://github.com/sigstore/cosign/pull/1451)
- โก๏ธ update cross-build to use go 1.17.7 (https://github.com/sigstore/cosign/pull/1446)
Contributors
- Batuhan Apaydฤฑn (@developer-guy)
- Carlos Tadeu Panato Junior (@cpanato)
- Dan Lorenc (@dlorenc)
- Kenny Leung (@k4leung4)
- Matt Moore (@mattmoor)
- Nathan Smith (@nsmith5)
- Priya Wadhwa (@priyawadhwa)
- Zack Newman (@znewman01)