Tags: zmt/spire
Tags
0.12.2 === Added === - Added `aws_kms` server KeyManager plugin that uses the AWS Key Management Service (KMS) (spiffe#2066) - Added `gcp_cas` UpstreamAuthority plugin that uses the Certificate Authority Service from Google Cloud Platform (spiffe#2172) - Improved error returned during attestation of agents (spiffe#2159) - The `aws_iid` NodeAttestor plugin now supports running in a location with no public internet access available for the server (spiffe#2119) - The `k8s` notifier can now rotate Admission Controller Webhook CA Bundles (spiffe#2022) - Rate limiting on X.509 signing and JWT signing can now be disabled (spiffe#2142) - Added uptime metrics in server and agent (spiffe#2032) - Calls to KeyManager plugins now time out at 30 seconds (spiffe#2044) - Added logging when lookup of user by uid or group by gid fails in the `unix` WorkloadAttestor plugin (spiffe#2048) === Changed === - The `k8s` WorkloadAttestor plugin now emits selectors for both image and image ID (spiffe#2116) - HTTP readiness endpoint on agent now checks the health of the Workload API (spiffe#2015, spiffe#2087) - SDS API in agent now returns an error if an SDS client requests resource names that don't exist (spiffe#2020) - Bundle and k8s-workload-registrar endpoints now only accept clients using TLS v1.2+ (spiffe#2025) === Fixed === - Registration entry update handling in CRD mode of the k8s-workload-registrar to prevent unnecessary issuance of new SVIDs (spiffe#2155) - Failure to update CA bundle due to improper MySQL isolation level for read-modify-write operations (spiffe#2150) - Regression preventing agent selectors from showing in `spire-server agent show` command (spiffe#2133) - Issue in the token authentication method of the Vault Upstream Authority plugin (spiffe#2110) - Reporting of errors in server entry cache telemetry (spiffe#2091) - Agent logs an error and automatically shuts down when its SVID has expired and it requires re-attestation (spiffe#2065)
0.12.2 === Added === - Added `aws_kms` server KeyManager plugin that uses the AWS Key Management Service (KMS) (spiffe#2066) - Added `gcp_cas` UpstreamAuthority plugin that uses the Certificate Authority Service from Google Cloud Platform (spiffe#2172) - Improved error returned during attestation of agents (spiffe#2159) - The `aws_iid` NodeAttestor plugin now supports running in a location with no public internet access available for the server (spiffe#2119) - The `k8s` notifier can now rotate Admission Controller Webhook CA Bundles (spiffe#2022) - Rate limiting on X.509 signing and JWT signing can now be disabled (spiffe#2142) - Added uptime metrics in server and agent (spiffe#2032) - Calls to KeyManager plugins now time out at 30 seconds (spiffe#2044) - Added logging when lookup of user by uid or group by gid fails in the `unix` WorkloadAttestor plugin (spiffe#2048) === Changed === - The `k8s` WorkloadAttestor plugin now emits selectors for both image and image ID (spiffe#2116) - HTTP readiness endpoint on agent now checks the health of the Workload API (spiffe#2015, spiffe#2087) - SDS API in agent now returns an error if an SDS client requests resource names that don't exist (spiffe#2020) - Bundle and k8s-workload-registrar endpoints now only accept clients using TLS v1.2+ (spiffe#2025) === Fixed === - Registration entry update handling in CRD mode of the k8s-workload-registrar to prevent unnecessary issuance of new SVIDs (spiffe#2155) - Failure to update CA bundle due to improper MySQL isolation level for read-modify-write operations (spiffe#2150) - Regression preventing agent selectors from showing in `spire-server agent show` command (spiffe#2133) - Issue in the token authentication method of the Vault Upstream Authority plugin (spiffe#2110) - Reporting of errors in server entry cache telemetry (spiffe#2091) - Agent logs an error and automatically shuts down when its SVID has expired and it requires re-attestation (spiffe#2065)
0.8.5 - Fixed CVE-2021-27098 - Fixed file descriptor leak in peertracker
0.12.1 - Fixed CVE-2021-27098 - Fixed CVE-2021-27099 - Fixed file descriptor leak in peertracker
0.11.3 - Fixed CVE-2021-27098 - Fixed CVE-2021-27099 - Fixed file descriptor leak in peertracker
0.10.2 - Fixed CVE-2021-27098 - Fixed file descriptor leak in peertracker
0.9.4 - Fixed CVE-2021-27098 - Fixed file descriptor leak in peertracker
0.12.1 - Fixed CVE-2021-27098 - Fixed CVE-2021-27099 - Fixed file descriptor leak in peertracker
0.11.3 - Fixed CVE-2021-27098 - Fixed CVE-2021-27099 - Fixed file descriptor leak in peertracker
0.10.2 - Fixed CVE-2021-27098 - Fixed file descriptor leak in peertracker
PreviousNext