Releases: sigstore/fulcio
v1.7.1
v1.7.1 contains a bug fix for extensions for CI providers where the OIDC claims
include HTML escape characters. If a client attempted to verify an extension value,
verification would fail unless an HTML-escaped string was used in the comparison.
Extension values will no longer be escaped.
Bug Fixes:
- Do not HTML-escape extension values (#2023)
v1.7.0
v1.7.0
v1.7.0 includes a change to how proof of possession signatures are verified.
Fulcio has updated the expected hashing algorithm for ECDSA P-384 and P-521
signatures to be SHA-384 and SHA-512, in line with CSR signature verification.
Cosign is actively being updated to support this for when signing with a
managed key and requesting a certificate.
Features
- Allow configurable client signing algorithms (#1938)
- Use different hash in proof of possession based on key (#1959)
- Tls verification on OIDC issuers (#1932)
- feat: adds cert-utility. (#1870)
- feat: makes leaf optional and other changes. (#1931)
Bug Fixes
v1.6.6
v1.6.6
Features
- Configure additional certificate extensions for Buildkite (#1903)
- Relax gomod (#1909)
- update builder to use go1.23.4 (#1883)
- config: Add IBM OIDC provider (#1892)
- Add Kaggle identity provider (#1850)
Contributors
- Bob Callaway
- Carlos Tadeu Panato Junior
- Hayden B
- James Healy
- Stefan Berger
- Trishank Karthik Kuppusamy
v1.6.5
v1.6.5
Features
- use go1.23.2 (#1834)
- fallback to json default cfg path if yaml does not exist (#1810)
- Include IDP type and subject domain in configuration API response (#1824)
Documentation
- Update OIDC claim mapping table to reflect the current state (#1801)
Contributors
- Aditya Sirish
- Bob Callaway
- Carlos Tadeu Panato Junior
- Hayden B
- Nina
- Richard Fan
v1.6.4
Features
- use go1.22.6 to build fulcio (#1793)
Bugs
- Revert "If custom server url exists, use that instead of the default one." (#1791)
Contributors
- Carlos Tadeu Panato Junior
- Fredrik Skogman
Full Changelog: v1.6.3...v1.6.4
v1.6.3
v1.6.2
v1.6.1
v1.6.1
Bug Fixes
- fix: removing surplus slash, making logs richer (#1762)
Contributors
- Javan Lacerda
Full Changelog: v1.6.0...v1.6.1
v1.6.0
v1.6.0
v1.6.0 adds support for onboarding CI identity providers via configuration
rather than code changes, which should greatly simplify the onboarding process.
Features
- CiProvider as a new OIDCIssuer type (#1729)
- Add TLS support for CTLog (#1718)
- Added support for email_verified being a string or bool (#1744)
Documentation
- Update IDP requirements (#1742)
Public Good Instance Configuration
- Move codefresh and buildkite to ci-provider identity (#1743)
- Move gitlab to ci-provider (#1740)
- Migrate github to ci provider flow (#1738)
- add Hellō provider (#1739)
- Move configuration to yaml format (#1720)
- Removes identity providers federation (#1736)
Contributors
- Andrew Block
- cpanato
- Dick Hardt
- Firas Ghanmi
- Hayden B
- Javan Lacerda
- Matt Moore
Full Changelog: v1.5.1...v1.6.0
v1.5.1
Bug Fixes
Full Changelog: v1.5.0...v1.5.1