Skip to content

Tags: zmt/spire

Tags

v0.12.2

Toggle v0.12.2's commit message 
0.12.2

=== Added ===
- Added `aws_kms` server KeyManager plugin that uses the AWS Key Management Service (KMS) (spiffe#2066)
- Added `gcp_cas` UpstreamAuthority plugin that uses the Certificate Authority Service from Google Cloud Platform (spiffe#2172)
- Improved error returned during attestation of agents (spiffe#2159)
- The `aws_iid` NodeAttestor plugin now supports running in a location with no public internet access available for the server (spiffe#2119)
- The `k8s` notifier can now rotate Admission Controller Webhook CA Bundles (spiffe#2022)
- Rate limiting on X.509 signing and JWT signing can now be disabled (spiffe#2142)
- Added uptime metrics in server and agent (spiffe#2032)
- Calls to KeyManager plugins now time out at 30 seconds (spiffe#2044)
- Added logging when lookup of user by uid or group by gid fails in the `unix` WorkloadAttestor plugin (spiffe#2048)

=== Changed ===
- The `k8s` WorkloadAttestor plugin now emits selectors for both image and image ID (spiffe#2116)
- HTTP readiness endpoint on agent now checks the health of the Workload API (spiffe#2015, spiffe#2087)
- SDS API in agent now returns an error if an SDS client requests resource names that don't exist (spiffe#2020)
- Bundle and k8s-workload-registrar endpoints now only accept clients using TLS v1.2+ (spiffe#2025)

=== Fixed ===
- Registration entry update handling in CRD mode of the k8s-workload-registrar to prevent unnecessary issuance of new SVIDs (spiffe#2155)
- Failure to update CA bundle due to improper MySQL isolation level for read-modify-write operations (spiffe#2150)
- Regression preventing agent selectors from showing in `spire-server agent show` command (spiffe#2133)
- Issue in the token authentication method of the Vault Upstream Authority plugin (spiffe#2110)
- Reporting of errors in server entry cache telemetry (spiffe#2091)
- Agent logs an error and automatically shuts down when its SVID has expired and it requires re-attestation (spiffe#2065)

proto/spire/v0.12.2

Toggle proto/spire/v0.12.2's commit message 
0.12.2

=== Added ===
- Added `aws_kms` server KeyManager plugin that uses the AWS Key Management Service (KMS) (spiffe#2066)
- Added `gcp_cas` UpstreamAuthority plugin that uses the Certificate Authority Service from Google Cloud Platform (spiffe#2172)
- Improved error returned during attestation of agents (spiffe#2159)
- The `aws_iid` NodeAttestor plugin now supports running in a location with no public internet access available for the server (spiffe#2119)
- The `k8s` notifier can now rotate Admission Controller Webhook CA Bundles (spiffe#2022)
- Rate limiting on X.509 signing and JWT signing can now be disabled (spiffe#2142)
- Added uptime metrics in server and agent (spiffe#2032)
- Calls to KeyManager plugins now time out at 30 seconds (spiffe#2044)
- Added logging when lookup of user by uid or group by gid fails in the `unix` WorkloadAttestor plugin (spiffe#2048)

=== Changed ===
- The `k8s` WorkloadAttestor plugin now emits selectors for both image and image ID (spiffe#2116)
- HTTP readiness endpoint on agent now checks the health of the Workload API (spiffe#2015, spiffe#2087)
- SDS API in agent now returns an error if an SDS client requests resource names that don't exist (spiffe#2020)
- Bundle and k8s-workload-registrar endpoints now only accept clients using TLS v1.2+ (spiffe#2025)

=== Fixed ===
- Registration entry update handling in CRD mode of the k8s-workload-registrar to prevent unnecessary issuance of new SVIDs (spiffe#2155)
- Failure to update CA bundle due to improper MySQL isolation level for read-modify-write operations (spiffe#2150)
- Regression preventing agent selectors from showing in `spire-server agent show` command (spiffe#2133)
- Issue in the token authentication method of the Vault Upstream Authority plugin (spiffe#2110)
- Reporting of errors in server entry cache telemetry (spiffe#2091)
- Agent logs an error and automatically shuts down when its SVID has expired and it requires re-attestation (spiffe#2065)

0.8.5

Toggle 0.8.5's commit message 
0.8.5

- Fixed CVE-2021-27098
- Fixed file descriptor leak in peertracker

v0.12.1

Toggle v0.12.1's commit message 
0.12.1

- Fixed CVE-2021-27098
- Fixed CVE-2021-27099
- Fixed file descriptor leak in peertracker

v0.11.3

Toggle v0.11.3's commit message 
0.11.3

- Fixed CVE-2021-27098
- Fixed CVE-2021-27099
- Fixed file descriptor leak in peertracker

v0.10.2

Toggle v0.10.2's commit message 
0.10.2

- Fixed CVE-2021-27098
- Fixed file descriptor leak in peertracker

v0.9.4

Toggle v0.9.4's commit message 
0.9.4

- Fixed CVE-2021-27098
- Fixed file descriptor leak in peertracker

proto/spire/v0.12.1

Toggle proto/spire/v0.12.1's commit message 
0.12.1

- Fixed CVE-2021-27098
- Fixed CVE-2021-27099
- Fixed file descriptor leak in peertracker

proto/spire/v0.11.3

Toggle proto/spire/v0.11.3's commit message 
0.11.3

- Fixed CVE-2021-27098
- Fixed CVE-2021-27099
- Fixed file descriptor leak in peertracker

proto/spire/v0.10.2

Toggle proto/spire/v0.10.2's commit message 
0.10.2

- Fixed CVE-2021-27098
- Fixed file descriptor leak in peertracker