Tags: esweiss/spire
Tags
0.7.3 - Agent can now expose Envoy SDS API for TLS certificate installation rotation (spiffe#667) - Agent now automatically creates its configured data dir if it doesn't exist (spiffe#678) - Agent panic fixed in the event that rotation is attempted from non-attested node (spiffe#684) - Docker workload attestor plugin introduced (spiffe#687) - Agent and Server no longer force a configured umask, upgrades it if too permissive (spiffe#686) - Registration entry CLI utility now supports --node entry distinction (spiffe#695) - Server can now evict previously-attested agents (spiffe#693) - Official docker images are now published on build and release (spiffe#700) - Server now validates Agent credentials on every API call instead of only when TLS is established (spiffe#711)
0.7.2 - Fix non-random UUID bug by moving to gofrs-maintained uuid pkg (spiffe#659) - Server now supports multiple node resolvers (spiffe#652) - Server no longer allows agent to specify X.509 Subject value (spiffe#663) - Registration API is now authenticated, can be reached remotely (spiffe#656) - Fixed debug log message in the Node API handler (spiffe#666) - Agent's KeyManager interface updated for better durability (spiffe#669) - Use FQDN in the GCP Node Attestor to prevent reliance on shortname resolution (spiffe#672) - Upgrade to Go 1.11.5 in response to CVE-2019-6486 (spiffe#690)
0.7.1 - Documentation updates for Azure plugins, agent, server (spiffe#629, spiffe#631, spiffe#642, spiffe#651, spiffe#654) - Intermediate certificates now included in bundle for compatibility with 0.6 (spiffe#633) - Attestation now fails if NodeResolver encounters an error (spiffe#634) - Fix bootstrap bug when upstream_bundle is not set (spiffe#639) - Additional telemetry points added, introduced telemetry in server (spiffe#640) - CLI utilities now print TTL value of default instead of 0 when not set (spiffe#645) - Fix bug in CLI utilities causing them to write PEM files with the wrong header (spiffe#647) - Go runtime upgraded in response to CVE-2018-16875 (spiffe#653) - Server now detects and prevents trust domain configuration change (spiffe#644) - Fix vulnerability in which X.509 path validation is not performed on node API (spiffe#655)
0.7.0 - JWT Support (spiffe#616) - Workload API now returns intermediate chains (spiffe#611) - UNIX attestor now returns binary path and sha256 (spiffe#590) - UNIX attestor now returns effective user and group name (spiffe#589) - Node API now ratelimits expensive calls (spiffe#577) - Soft delete disabled in SQL datastore plugin (spiffe#560) - Basic federation support (spiffe#559, spiffe#563, spiffe#581, spiffe#582) - Kubernetes node attestor (spiffe#557) - AWS node resolver builtin (spiffe#554) - Azure node attestor (spiffe#551) - Azure node resolver (spiffe#553) - KeyManager plugin interface for server (spiffe#539) - Disk-based KeyManager server plugin (spiffe#532) - x509pop now supports intermediate chains (spiffe#524) - Fix bug that resulted in some SVIDs outliving CA (spiffe#520) - Let agent fail over to different server on failure (spiffe#561) - Node attestors can now return selectors (spiffe#516) - Improved SPIFFE ID validation (spiffe#513, spiffe#515)
- Support for Azure node attestation (spiffe#551) - Support for Azure node resolution (spiffe#553) - Updated DNS resolution to support DNS-based HA failover (spiffe#561) - Updated x509pop challenge to strengthen against signature replay attacks (spiffe#562) - Removed sql plugin soft delete for better space management (spiffe#560) - Performance improvements and bugfixes in sql plugin (spiffe#564) - Support for HTTP/HTTPS CONNECT proxies (spiffe#568, spiffe#585) - Updated Node API to perform ratelimiting (spiffe#577)
PreviousNext