Skip to content

v2.3.0

Latest
Latest
Compare
Choose a tag to compare
@sigstore-bot sigstore-bot released this 22 Jul 17:34
· 11 commits to main since this release
v2.3.0
This tag was signed with the committer’s verified signature.
haydentherapper Hayden B
SSH Key Fingerprint: 6/0oHTP4fxv/vPNr+1uBw4QqCd+1xm9QTOEUXtpKGvs Learn about vigilant mode.
deed363
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

v2.3.0

Features

  • Add PayloadProvider interface to decouple AttestationToPayloadJSON from oci.Signature interface (#3693)
  • add registry options to cosign save (#3645)
  • Add debug providers command. (#3728)
  • Make config layers in ociremote mountable (#3741)
  • upgrade to go1.22 (#3739)
  • adds tsa cert chain check for env var or tuf targets. (#3600)
  • add --ca-roots and --ca-intermediates flags to 'cosign verify' (#3464)
  • add handling of keyless verification for all verify commands (#3761)

Bug Fixes

  • fix: close attestationFile (#3679)
  • Set bundleVerified to true after Rekor verification (Resolves #3740) (#3745)

Documentation

  • Document ImportKeyPair and LoadPrivateKey functions in pkg/cosign (#3776)

Testing

  • Refactor KMS E2E tests (#3684)
  • Remove sign_blob_test.sh test (#3707)
  • Remove KMS E2E test script (#3702)
  • Refactor insecure registry E2E tests (#3701)

Contributors

  • Billy Lynch
  • bminahan73
  • Bob Callaway
  • Carlos Tadeu Panato Junior
  • Cody Soyland
  • Colleen Murphy
  • Dmitry Savintsev
  • guangwu
  • Hayden B
  • Hector Fernandez
  • ian hundere
  • Jason Power
  • Jon Johnson
  • Max Lambrecht
  • Meeki1l

Full Changelog: v2.2.4...v2.3.0

Assets 115
Loading