Skip to content

Releases: spiffe/spire

v1.6.0

28 Feb 21:24
@github-actions github-actions
v1.6.0
45da87c
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.6.0

Added

  • Support for customization of SVID and CA attributes through CredentialComposer plugins (#3819, #3832, #3862, #3869)
  • Experimental support to validate container images signatures through sigstore selectors (#3159)
  • Published scratch images now support ARM64 architecture (#3607)
  • Published scratch images are now signed using Sigstore (#3707)
  • spire-server mint and spire-server token generate CLI commands now support the -output flag (#3800)
  • spire-agent api CLI command now supports the -output flag (#3818)
  • Release images now include a non-root user and default folders (#3811)
  • Agent accepts bootstrap bundles in SPIFFE format (#3753)
  • Database index for registration entry hint column (#3828)

Changed

  • Plugins are configured and executed in the order they are defined (#3797)
  • Documentation improvements (#3826, #3842, #3870)

Fixed

  • Server crash when authorization layer was unable to talk to the datastore (#3829)
  • Timestamps in logs are now consistently in local time (#3734)
  • Removed
  • Non-scratch images are no longer published (#3785)
  • k8s-workload-registar is no longer released and maintained (#3853)
  • Unused database column x509_svid_ttl from registered_entries table (#3808)
  • The deprecated enabled flag from InMem telemetry config (#3796)
  • The deprecated default_svid_ttl configurable (#3795)
  • The deprecated omit_x509svid_uid configurable (#3794)
Loading

v1.5.5

15 Feb 00:10
@github-actions github-actions
v1.5.5
9eeefd0
Compare
Choose a tag to compare
v1.5.5

Security

Loading

v1.4.7

15 Feb 00:16
@github-actions github-actions
v1.4.7
bca36b1
Compare
Choose a tag to compare
v1.4.7

Security

Loading

v1.5.4

13 Jan 01:15
@github-actions github-actions
v1.5.4
2aaaded
Compare
Choose a tag to compare
v1.5.4

Added

  • Support to run SPIRE as a Windows service (#3625)
  • Configure admin SPIFFE IDs from federated trust domains (#3642)
  • New selectors in the aws_iid NodeAttestor plugin (#3640)
  • Support for additional upstream root certificates to the awssecret UpstreamAuthority plugin (#3578)
  • Serial number and revision number to SVID minting logging (#3699)
  • spire-server federation CLI commands now support the -output flag (#3660)

Fixed

  • Service configurations provided by the gRPC resolver are now ignored by SPIRE Agent (#3712)
  • CLI commands that supported the -output flag now properly shows the default value for the flag (#3713)
Loading

v1.5.3

14 Dec 21:52
@github-actions github-actions
v1.5.3
9fb8994
Compare
Choose a tag to compare
v1.5.3

Added

  • A new gcp_kms KeyManager plugin is now available (#3410, #3638, #3653, #3655)
  • spire-server agent, spire-server bundle, and spire-server entry CLI commands now support -output flag (#3523, #3624, #3628)

Changed

Fixed

  • oidc-discovery-provider healthcheck HTTP server now binds to all network interfaces for visibility outside containers using virtual IP (#3580)
  • k8s-workload-registrar CRD and reconcile modes now have correct example leader election RBAC YAML (#3617)
Loading

v1.5.2

07 Dec 03:11
@github-actions github-actions
v1.5.2
1fd8666
Compare
Choose a tag to compare
v1.5.2

Security

Loading

v1.4.6

07 Dec 03:09
@github-actions github-actions
v1.4.6
2909b24
Compare
Choose a tag to compare
v1.4.6

Security

Loading

v1.5.1

08 Nov 22:49
@github-actions github-actions
v1.5.1
cb79b8e
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Verified
Learn about vigilant mode.
Compare
Choose a tag to compare
v1.5.1

Fixed:

  • The deprecated default_svid_ttl configurable is now correctly observed after fixing a regression
Loading

v1.5.0

02 Nov 22:39
@github-actions github-actions
v1.5.0
a676d95
Compare
Choose a tag to compare
v1.5.0

Added

  • X.509-SVID and JWT-SVID TTLs can now be configured separately at both the entry-level and Server default level (#3445)
  • Entry protobuf type in /v1/entry API includes new jwt_svid_ttl field (#3445)
  • k8s-workload-registrar and oidc-discovery-provider CLIs now print their version when the -version flag is set (#3475)
  • Support for customizing SPIFFE ID paths of SPIRE Agents attested with the azure_msi NodeAttestor plugin (#3488)

Changed

  • Entry ttl protobuf field in /v1/entry API is renamed to x509_ttl (#3445)
  • External plugins can no longer be named join_token to avoid conflicts with the builtin plugin (#3469)
  • spire-server run command now supports DNS names for the configured bind address (#3421)
  • Documentation improvements (#3468, #3472, #3473, #3474, #3515)

Deprecated

  • k8s-workload-registrar is deprecated in favor of SPIRE Controller Manager (#3526)
  • Server default_svid_ttl configuration field is deprecated in favor of default_x509_svid_ttl and default_jwt_svid_ttl fields (#3445)
  • -ttl flag in spire-server entry create and spire-server entry update commands is deprecated in favor of -x509SVIDTTL and -jwtSVIDTTL flags (#3445)
  • -format flag in spire-agent fetch jwt CLI command is deprecated in favor of -output flag (#3528)
  • InMem telemetry collector is deprecated and no longer enabled by default (#3492)

Removed

  • NodeResolver plugin type and azure_msi builtin NodeResolver plugin (#3470)
Loading

v1.4.5

02 Nov 01:20
@github-actions github-actions
v1.4.5
140e3c2
Compare
Choose a tag to compare
v1.4.5

Security

  • Updated to Go 1.19.3 to address CVE-2022-41716. This vulnerability only affects users configuring external Server or Agent plugins on Windows.
Loading