All Versions
56
Latest Version
Avg Release Cycle
38 days
Latest Release
121 days ago

Changelog History
Page 6

  • v0.7.2 Changes

    January 23, 2019
    • ๐Ÿ›  Fix non-random UUID bug by moving to gofrs-maintained uuid pkg (#659)
    • ๐Ÿ‘ Server now supports multiple node resolvers (#652)
    • Server no longer allows agent to specify X.509 Subject value (#663)
    • Registration API is now authenticated, can be reached remotely (#656)
    • ๐Ÿ›  Fixed debug log message in the Node API handler (#666)
    • โšก๏ธ Agent's KeyManager interface updated for better durability (#669)
    • โœ… Use FQDN in the GCP Node Attestor to prevent reliance on shortname resolution (#672)
    • โฌ†๏ธ Upgrade to Go 1.11.5 in response to CVE-2019-6486 (#690)

  • v0.7.1 Changes

    December 20, 2018
    • ๐Ÿ“š Documentation updates for Azure plugins, agent, server (#629, #631, #642, #651, #654)
    • Intermediate certificates now included in bundle for compatibility with 0.6 (#633)
    • โœ… Attestation now fails if NodeResolver encounters an error (#634)
    • ๐Ÿ›  Fix bootstrap bug when upstream_bundle is not set (#639)
    • โž• Additional telemetry points added, introduced telemetry in server (#640)
    • 0๏ธโƒฃ CLI utilities now print TTL value of default instead of 0 when not set (#645)
    • ๐Ÿ›  Fix bug in CLI utilities causing them to write PEM files with the wrong header (#647)
    • โฌ†๏ธ Go runtime upgraded in response to CVE-2018-16875 (#653)
    • ๐Ÿ”ง Server now detects and prevents trust domain configuration change (#644)
    • ๐Ÿ›  Fix vulnerability in which X.509 path validation is not performed on node API (#655)

  • v0.7.0 Changes

    November 08, 2018
    • ๐Ÿ‘ JWT Support (#616)
    • Workload API now returns intermediate chains (#611)
    • โœ… UNIX attestor now returns binary path and sha256 (#590)
    • โœ… UNIX attestor now returns effective user and group name (#589)
    • Node API now ratelimits expensive calls (#577)
    • ๐Ÿ”Œ Soft delete disabled in SQL datastore plugin (#560)
    • ๐Ÿ‘ Basic federation support (#559, #563, #581, #582)
    • โœ… Kubernetes node attestor (#557)
    • AWS node resolver builtin (#554)
    • โœ… Azure node attestor (#551)
    • Azure node resolver (#553)
    • ๐Ÿ”Œ KeyManager plugin interface for server (#539)
    • ๐Ÿ”Œ Disk-based KeyManager server plugin (#532)
    • ๐Ÿ‘ x509pop now supports intermediate chains (#524)
    • ๐Ÿ›  Fix bug that resulted in some SVIDs outliving CA (#520)
    • Let agent fail over to different server on failure (#561)
    • โœ… Node attestors can now return selectors (#516)
    • ๐Ÿ‘Œ Improved SPIFFE ID validation (#513, #515)

  • v0.6.2 Changes

    September 12, 2018
    • ๐Ÿ‘Œ Support for Azure node attestation (#551)
    • ๐Ÿ‘Œ Support for Azure node resolution (#553)
    • โšก๏ธ Updated DNS resolution to support DNS-based HA failover (#561)
    • โšก๏ธ Updated x509pop challenge to strengthen against signature replay attacks (#562)
    • โœ‚ Removed sql plugin soft delete for better space management (#560)
    • ๐Ÿ›  Performance improvements and bugfixes in sql plugin (#564)
    • ๐Ÿ‘Œ Support for HTTP/HTTPS CONNECT proxies (#568, #585)
    • โšก๏ธ Updated Node API to perform ratelimiting (#577)

  • v0.6.1 Changes

    July 27, 2018
    • ๐Ÿ›  Fixed SVID renewal bug (#520)
    • ๐Ÿ‘Œ Support separate file for intermediates in x509pop node attestor (#524)
    • ๐Ÿ‘ Allow node attestors to provide supplemental selectors (#516)
    • ServerCA "memory" can now optionally persist keys to disk (#532)
    • โšก๏ธ Config file updates so spire commands can be run from any CWD (#541)
    • ๐Ÿ›  Minor doc/example fixes (#535)

  • v0.6.0 Changes

    June 26, 2018
    • โž• Added GCP Instance Identity Token (IIT) node attestation.
    • โž• Added X509 Proof-of-Possession node attestation.
    • โž• Added challenge/response support to node attestation API.
    • ๐Ÿ”Œ SQL datastore plugin renamed. Now includes support for PostgresSQL.
    • ๐Ÿ‘Œ Improved k8s workload attestation resilience.
    • ๐Ÿ›  Lots of bug fixes.