Skip to content

Navigation Menu

Explore
By company size
By use case
By industry
View all solutions
Topics
- AI
- DevOps
- Security
- Software Development
- View all
Explore
- GitHub Sponsors
  Fund open source developers
- The ReadME Project
  GitHub community articles
Repositories
- Enterprise platform
  AI-powered developer platform
Available add-ons
Pricing

Search code, repositories, users, issues, pull requests...

Search

Clear

Search syntax tips

Provide feedback

We read every piece of feedback, and take your input very seriously.

Include my email address so I can be contacted

Saved searches

Use saved searches to filter your results more quickly

Name

Query

To see all available qualifiers, see our documentation.

You signed in with another tab or window. Reload to refresh your session. You signed out in another tab or window. Reload to refresh your session. You switched accounts on another tab or window. Reload to refresh your session.

Dismiss alert

spiffe / spire Public

Notifications You must be signed in to change notification settings
Fork 496
Star 1.9k

Code
Issues 147
Pull requests 16
Actions
Projects 1
Wiki
Security
Insights

Additional navigation options

Code
Issues
Pull requests
Actions
Projects
Wiki
Security
Insights

Releases: spiffe/spire

Releases · spiffe/spire

v1.3.6

02 Nov 00:39

Compare

Choose a tag to compare

Loading

v1.3.6

Security

Updated to Go 1.18.8 to address CVE-2022-41716. This vulnerability only affects users configuring external Server or Agent plugins on Windows.

Assets 10

Loading

All reactions

v1.4.4

05 Oct 19:23

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v1.4.4

Added

Experimental support for limiting the number of SVIDs in the agent's cache (#3181)
Support for attesting Envoy proxy workloads when Istio is configured with holdApplicationUntilProxyStarts (#3460)

Changed

Improved bundle endpoint misconfiguration diagnostics (#3395)
OIDC Discovery Provider endpoint now has a timeout to read request headers (#3435)
Small documentation improvements (#3443)

Assets 10

Loading

All reactions

v1.4.3

04 Oct 22:13

Compare

Choose a tag to compare

Loading

v1.4.3

Security

Updated minimum TLS version to 1.2 for the k8s-workload-registrar CRD mode webhook and the oidc-discovery-provider when using ACME

Assets 10

Loading

All reactions

v1.3.5

04 Oct 22:14

Compare

Choose a tag to compare

Loading

v1.3.5

Security

Updated minimum TLS version to 1.2 for the k8s-workload-registrar CRD mode webhook and the oidc-discovery-provider when using ACME

Assets 10

Loading

All reactions

v1.4.2

07 Sep 19:41

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v1.4.2

Added:

The X509-SVID Subject field now contains a unique ID to satisfy RFC 5280 requirements (#3367)
Agents now shut down when banned (#3308)

Changed:

Small documentation improvements (#3309, #3377)

Assets 10

Loading

ai2017, sebastianGit, and georgi-lozev reacted with thumbs up emoji

All reactions

👍 3 reactions

3 people reacted

v1.4.1

06 Sep 23:05

Compare

Choose a tag to compare

Loading

v1.4.1

Security:

Updated to Go 1.18.6 to address CVE-2022-27664

Assets 10

Loading

All reactions

v1.3.4

06 Sep 23:21

Compare

Choose a tag to compare

Loading

v1.3.4

Security:

Updated to Go 1.18.6 to address CVE-2022-27664

Assets 10

Loading

All reactions

v1.4.0

08 Aug 22:36

This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.

GPG key ID: 4AEE18F83AFDEB23

Expired

Verified

Learn about vigilant mode.

Compare

Choose a tag to compare

Loading

v1.4.0

Added

Support for Windows workload attestation on Kubernetes (#3191)
Support for using RSA keys with Workload X509-SVIDs (#3237)
Support for anonymous authentication to the Kubelet secure port when performing workload attestation on Kubernetes (#3273)

Deprecated

The Node Resolver plugin type (#3272)

Fixed

Persistence of the can_reattest flag during agent SVID renewal (#3292)
A regression in behavior preventing an agent from re-attesting when it has been evicted (#3269)

Changed

The Azure Node Attestor to optionally provide selectors (#3272)
The Docker Workload Attestor now fails when configured with unknown options (#3243)
Improved CRI-O support with Kubernetes workload attestation (#3242)
Agent data stored on disk has been consolidated to a single JSON file (#3201)
Agent and server data directories on Windows no longer inherit permissions from parent directory (#3227)
Endpoints exposed using named pipes explicitly deny access to remote callers (#3236)
Small documentation improvements (#3264)

Removed

The deprecated webhook mode from the k8s-workload-registrar (#3235)
Support for the configmap leader election lock type from the k8s-workload-registrar (#3241)

Assets 10

Loading

All reactions

v1.3.3

13 Jul 19:43

Compare

Choose a tag to compare

Loading

v1.3.3

Security

Updated to Go 1.18.4 to address CVE-2022-1705, CVE-2022-32148, CVE-2022-30631, CVE-2022-30633, CVE-2022-28131, CVE-2022-30635, CVE-2022-30632, CVE-2022-30630, and CVE-2022-1962.

Assets 10

Loading

All reactions

v1.2.5

13 Jul 19:33

Compare

Choose a tag to compare

Loading

v1.2.5

Security

Updated to Go 1.17.12 to address CVE-2022-1705, CVE-2022-32148, CVE-2022-30631, CVE-2022-30633, CVE-2022-28131, CVE-2022-30635, CVE-2022-30632, CVE-2022-30630, and CVE-2022-1962.

Assets 6

Loading

All reactions

Previous 1 2 3 4 5 6 7 8 … 11 12 Next

Footer

© 2025 GitHub, Inc.

Footer navigation

Terms
Privacy
Security
Status
Docs
Contact

You can’t perform that action at this time.