All Versions
56
Latest Version
Avg Release Cycle
38 days
Latest Release
542 days ago

Changelog History
Page 2

  • v1.2.5 Changes

    July 13, 2022

    ๐Ÿ”’ Security

    • โšก๏ธ Updated to Go 1.17.12 to address CVE-2022-1705, CVE-2022-32148, CVE-2022-30631, CVE-2022-30633, CVE-2022-28131, CVE-2022-30635, CVE-2022-30632, CVE-2022-30630, and CVE-2022-1962.
  • v1.2.4 Changes

    May 12, 2022

    โž• Added

    • โช Ability to revert SPIFFE cert validation to standard X.509 validation in Envoy (#3009,#3014,#3020,#3034)
  • v1.2.3 Changes

    April 12, 2022

    ๐Ÿ”’ Security

    • โšก๏ธ Updated to Go 1.17.9 to address CVE-2022-24675, CVE-2022-28327, CVE-2022-27536
  • v1.2.2 Changes

    April 07, 2022

    โž• Added

    • ๐Ÿšฆ SPIRE Server and Agent log files can be rotated by sending the SIGUSR2 signal to the process (#2703)
    • ๐Ÿ‘ K8s Workload Registrar CRD mode now supports registering "downstream" workloads (#2885)
    • ๐ŸŽ SPIRE can now be compiled on macOS machines with an Apple Silicon CPU (#2876)
    • ๐Ÿ“š Small documentation improvements (#2851)

    ๐Ÿ”„ Changed

    • SPIRE Server no longer sets the DigitalSignature KeyUsage bit in its CA certificate (#2896)

    ๐Ÿ›  Fixed

    • ๐Ÿ”Œ The k8sbundle Notifier plugin in SPIRE Server no longer consumes excessive CPU cycles (#2857)
  • v1.2.1 Changes

    March 16, 2022

    โž• Added

    • ๐Ÿ‘ The SPIRE Agent fetch jwt CLI command now supports JSON output (#2650)

    ๐Ÿ”„ Changed

    • OIDC Discovery Provider now includes the alg parameter in JWKs to increase compatibility (#2771)
    • ๐Ÿ”Œ SPIRE Server now gracefully stops plugin servers, allowing outstanding RPCs a chance to complete (#2722)
    • ๐Ÿ”Š SPIRE Server logs additional authorization information with RPC requests (#2776)
    • ๐Ÿ“š Small documentation improvements (#2746, #2792)

    ๐Ÿ›  Fixed

    • SPIRE Server now properly rotates signing keys when prepared or activated keys are lost from the database (#2770)
    • โœ… The AWS IID node attestor now works with instance profiles which have paths (#2825)
    • ๐Ÿ›  Fixed a crash in SPIRE Agent caused by a race on the agent cache (#2699)
  • v1.2.0 Changes

    January 28, 2022

    โž• Added

    • ๐Ÿ”ง SPIRE Server can now be configured to mint agent SVIDs with a specific TTL (#2667)
    • ๐Ÿ”ง A set of fixed admin SPIFFE IDs can now be configured in SPIRE Server (#2677)

    ๐Ÿ”„ Changed

    • Upstream signed CA chain is now validated to prevent misconfigurations (#2644)
    • ๐Ÿ‘Œ Improved SVID signing logs to include more context (#2678)
    • ๐Ÿšš The deprecated agent key file (svid.key) is no longer proactively removed by the agent (#2671)
    • ๐Ÿ‘Œ Improved errors when agent path template execution fails due to missing key (#2683)
    • ๐Ÿ”Œ SPIRE now consumes the SVIDStore V1 interface published in the SPIRE Plugin SDK (#2688)

    ๐Ÿ—„ Deprecated

    • ๐Ÿ—„ API support for paths without leading slashes in spire.api.types.SPIFFEID messages has been deprecated (#2686, #2692)
    • ๐Ÿ—„ The SVIDStore V1 interface published in SPIRE repository has been renamed to svidstore.V1Unofficial and is now deprecated in favor of the interface published in the SPIRE Plugin SDK (#2688)

    โœ‚ Removed

    • ๐Ÿ”ง The deprecated domain configurable has been removed from the SPIRE OIDC Discovery Provider (#2672)
    • The deprecated allow_unsafe_ids configurable has been removed from SPIRE Server (#2685)
  • v1.1.5 Changes

    May 12, 2022

    โž• Added

    • โช Ability to revert SPIFFE cert validation to standard X.509 validation in Envoy (#3009,#3014,#3020,#3034)
  • v1.1.4 Changes

    April 13, 2022

    ๐Ÿ”’ Security

    • โšก๏ธ Updated to Go 1.17.9 to address CVE-2022-24675, CVE-2022-28327, CVE-2022-27536
  • v1.1.3 Changes

    January 07, 2022

    ๐Ÿ”’ Security

    • ๐Ÿ›  Fixed CVE-2021-44716
  • v1.1.2 Changes

    December 15, 2021

    โž• Added

    • ๐Ÿ‘ SPIRE Agent now supports the Delegated Identity API for delegating SVID management to trusted platform components (#2481)
    • ๐Ÿ”ง The K8s Workload Registrar now supports configuring DNS name templates (#2643)
    • ๐Ÿ”Š SPIRE Server now logs a message when expired registration entries are pruned (#2637)
    • ๐Ÿ‘ OIDC Discovery Provider now supports setting the use property on the JWKs it serves (#2634)

    ๐Ÿ›  Fixed

    • โœ… SPIRE Agent now provides reason for failure during certain kinds of attestation errors (#2628)