v1.3.6

New Features

• Add support for IEEE P1363 encoded ECDSA signatures
• Add index performance script (#2042)
• Add support for ed25519ph user keys in hashedrekord (#1945)
• Add metrics for index insertion (#2015)
• Add TLS support for Redis Client implementation (#1998)

Bug Fixes

• fix typo in remoteIp and set full name for trace field

Full Changelog: https://github.com/sigstore/rekor/compare/v1.3.5...v1.3.6

Changelog

• 488eb97 v1.3.5 changelog (#1987)
• 19cd558 output trace in slog and override correlation header name (#1986)
• a0453d5 give log timestamps nanosecond precision (#1985)
• 907f2b5 bump trillian images to v1.6.0 (#1984)
• 134ef83 remove trillian images from release process (#1983)
• 9865ca9 Added support for sha384/sha512 hash algorithms in hashedrekords (#1959)
• fc28ac1 Change Redis value for locking mechanism (#1957)
• fa9ab50 Bump sigstore/sigstore version, fix deprecated func (#1936)
• 6020532 Fix panic for DSSE canonicalization (#1923)
• fe04993 Drop conditional when verifying entry checkpoint (#1917)
• a6c25cc Remove timestamp from checkpoint (#1888)
• 64ab435 Additional unique index correction (#1885)

Thanks for all contributors!

What's Changed

• Additional unique index correction by @sabre1041 in https://github.com/sigstore/rekor/pull/1885
• Remove timestamp from checkpoint by @haydentherapper in https://github.com/sigstore/rekor/pull/1888
• Drop conditional when verifying entry checkpoint by @haydentherapper in https://github.com/sigstore/rekor/pull/1917
• Fix panic for DSSE canonicalization by @haydentherapper in https://github.com/sigstore/rekor/pull/1923
• update builder to use go1.21 by @cpanato in https://github.com/sigstore/rekor/pull/1956
• Change Redis value for locking mechanism by @haydentherapper in https://github.com/sigstore/rekor/pull/1957
• remove trillian images from release process by @bobcallaway in https://github.com/sigstore/rekor/pull/1983
• bump trillian images to v1.6.0 by @bobcallaway in https://github.com/sigstore/rekor/pull/1984
• give log timestamps nanosecond precision by @bobcallaway in https://github.com/sigstore/rekor/pull/1985
• output trace in slog and override correlation header name by @bobcallaway in https://github.com/sigstore/rekor/pull/1986
• v1.3.5 changelog by @bobcallaway in https://github.com/sigstore/rekor/pull/1987

New Contributors

• @ret2libc made their first contribution in https://github.com/sigstore/rekor/pull/1959

Full Changelog: https://github.com/sigstore/rekor/compare/v1.3.4...v1.3.5

Changelog

• 5072901 changelog for v1.3.4 (#1868)
• 9e37c19 fix: Do not check for pubsub.topics.get on initialization (#1853)
• fb05e16 Update ranges.go (#1852)
• a7501a6 update indexstorage interface to reduce roundtrips (#1838)
• 212ebff add functional options for mysql implementation
• a9de214 s/uuids/uuid
• 014cfb1 add mysql indexstorage backend
• 0394bf7 add s3 storage for attestations
• 29220fb update builder image to use go1.21.4 and bump golangci-lint to v1.55.x (#1851)
• ff9c3b9 fix optional field in cose schema
• c3ffda6 use a single validator library in rekor-cli (#1818)
• b681a14 Remove go-playground/validator dependency from pkg/pki (#1817)

Thanks for all contributors!

New Contributors

• @steiza made their first contribution in https://github.com/sigstore/rekor/pull/1817

Full Changelog: https://github.com/sigstore/rekor/compare/v1.3.3...v1.3.4

Changelog

• 12d546c Update signer flag description (#1804)
• 16e2323 update trillian to 1.5.3 (#1803)
• 9f49d7b adds redis_auth (#1627)
• b719942 Add method to get artifact hash for an entry (#1777)
• 05cca49 make e2e tests more usable with docker-compose (#1770)
• 6f96ee3 install go at correct version for codeql (#1762)

Thanks for all contributors!

What's Changed

• build(deps): Bump golang.org/x/net from 0.10.0 to 0.17.0 in /hack/tools by @dependabot in https://github.com/sigstore/rekor/pull/1759
• build(deps): Bump google/cloud-sdk from 5499d59 to 5ae0c79 by @dependabot in https://github.com/sigstore/rekor/pull/1760
• build(deps): Bump github.com/go-redis/redismock/v9 from 9.0.3 to 9.2.0 by @dependabot in https://github.com/sigstore/rekor/pull/1761
• build(deps): Bump github.com/redis/go-redis/v9 from 9.1.0 to 9.2.1 by @dependabot in https://github.com/sigstore/rekor/pull/1717
• install go at correct version for codeql by @bobcallaway in https://github.com/sigstore/rekor/pull/1762
• build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.7.3 to 1.7.4 by @dependabot in https://github.com/sigstore/rekor/pull/1764
• build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.7.3 to 1.7.4 by @dependabot in https://github.com/sigstore/rekor/pull/1765
• build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.7.3 to 1.7.4 by @dependabot in https://github.com/sigstore/rekor/pull/1763
• build(deps): Bump github.com/sigstore/sigstore from 1.7.3 to 1.7.4 by @dependabot in https://github.com/sigstore/rekor/pull/1767
• build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.7.3 to 1.7.4 by @dependabot in https://github.com/sigstore/rekor/pull/1769
• build(deps): Bump google/cloud-sdk from 5ae0c79 to 0bd5508 by @dependabot in https://github.com/sigstore/rekor/pull/1768
• make e2e tests more usable with docker-compose by @bobcallaway in https://github.com/sigstore/rekor/pull/1770
• build(deps): Bump google/cloud-sdk from 0bd5508 to 66e2681 by @dependabot in https://github.com/sigstore/rekor/pull/1772
• build(deps): Bump google/cloud-sdk from 66e2681 to d2a303f by @dependabot in https://github.com/sigstore/rekor/pull/1773
• build(deps): Bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in https://github.com/sigstore/rekor/pull/1774
• build(deps): Bump google/cloud-sdk from 450.0.0 to 451.0.0 by @dependabot in https://github.com/sigstore/rekor/pull/1775
• build(deps): Bump google.golang.org/grpc from 1.58.3 to 1.59.0 by @dependabot in https://github.com/sigstore/rekor/pull/1776
• Add method to get artifact hash for an entry by @haydentherapper in https://github.com/sigstore/rekor/pull/1777
• build(deps): Bump go.step.sm/crypto from 0.36.0 to 0.36.1 by @dependabot in https://github.com/sigstore/rekor/pull/1780
• build(deps): Bump google/cloud-sdk from 4bcc272 to 1969fea by @dependabot in https://github.com/sigstore/rekor/pull/1778
• build(deps): Bump cloud.google.com/go/profiler from 0.3.1 to 0.4.0 by @dependabot in https://github.com/sigstore/rekor/pull/1779
• build(deps): Bump google/cloud-sdk from 451.0.0 to 451.0.1 by @dependabot in https://github.com/sigstore/rekor/pull/1782
• build(deps): Bump google.golang.org/api from 0.147.0 to 0.148.0 by @dependabot in https://github.com/sigstore/rekor/pull/1781
• build(deps): Bump google/cloud-sdk from d7dac1e to d01ba39 by @dependabot in https://github.com/sigstore/rekor/pull/1783
• build(deps): Bump google/cloud-sdk from d01ba39 to 7edf46b by @dependabot in https://github.com/sigstore/rekor/pull/1784
• build(deps): Bump google/cloud-sdk from 451.0.1 to 452.0.0 by @dependabot in https://github.com/sigstore/rekor/pull/1785
• build(deps): Bump go.uber.org/goleak from 1.2.1 to 1.3.0 by @dependabot in https://github.com/sigstore/rekor/pull/1787
• build(deps): Bump sigs.k8s.io/yaml from 1.3.0 to 1.4.0 by @dependabot in https://github.com/sigstore/rekor/pull/1786
• build(deps): Bump google.golang.org/grpc from 1.55.0 to 1.56.3 in /hack/tools by @dependabot in https://github.com/sigstore/rekor/pull/1788
• build(deps): Bump google/cloud-sdk from 452.0.0 to 452.0.1 by @dependabot in https://github.com/sigstore/rekor/pull/1789
• build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/azure from 1.7.4 to 1.7.5 by @dependabot in https://github.com/sigstore/rekor/pull/1790
• build(deps): Bump google/cloud-sdk from 8b55497 to a7d9835 by @dependabot in https://github.com/sigstore/rekor/pull/1795
• build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/gcp from 1.7.4 to 1.7.5 by @dependabot in https://github.com/sigstore/rekor/pull/1792
• build(deps): Bump sigs.k8s.io/release-utils from 0.7.5 to 0.7.6 by @dependabot in https://github.com/sigstore/rekor/pull/1793
• build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault from 1.7.4 to 1.7.5 by @dependabot in https://github.com/sigstore/rekor/pull/1791
• build(deps): Bump github.com/sigstore/sigstore from 1.7.4 to 1.7.5 by @dependabot in https://github.com/sigstore/rekor/pull/1794
• build(deps): Bump google/cloud-sdk from a7d9835 to 96d437f by @dependabot in https://github.com/sigstore/rekor/pull/1796
• build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/aws from 1.7.4 to 1.7.5 by @dependabot in https://github.com/sigstore/rekor/pull/1797
• feat: adds redis auth. by @ianhundere in https://github.com/sigstore/rekor/pull/1627
• build(deps): Bump google/cloud-sdk from 96d437f to b996d57 by @dependabot in https://github.com/sigstore/rekor/pull/1798
• build(deps): Bump google/cloud-sdk from 452.0.1 to 453.0.0 by @dependabot in https://github.com/sigstore/rekor/pull/1800
• build(deps): Bump github.com/redis/go-redis/v9 from 9.2.1 to 9.3.0 by @dependabot in https://github.com/sigstore/rekor/pull/1801
• build(deps): Bump google.golang.org/api from 0.148.0 to 0.149.0 by @dependabot in https://github.com/sigstore/rekor/pull/1802
• update trillian to 1.5.3 by @k4leung4 in https://github.com/sigstore/rekor/pull/1803
• Update signer flag description by @haydentherapper in https://github.com/sigstore/rekor/pull/1804
• changelog for v1.3.3 by @bobcallaway in https://github.com/sigstore/rekor/pull/1806

New Contributors

• @ianhundere made their first contribution in https://github.com/sigstore/rekor/pull/1627

Full Changelog: https://github.com/sigstore/rekor/compare/v1.3.2...v1.3.3

Changelog

• 1c2ae1c changelog for v1.3.2 (#1758)
• 4d6ff8a build(deps): Bump golang.org/x/net from 0.16.0 to 0.17.0 (#1753)
• c7647b7 build(deps): Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 (#1755)
• 5310881 build(deps): Bump google/cloud-sdk from 449.0.0 to 450.0.0 (#1757)
• 0a110e5 build(deps): Bump google.golang.org/grpc from 1.58.2 to 1.58.3 (#1754)
• 9310915 update Dockerfile for go 1.21.3 (#1752)
• 8052daa update builder image to use go1.21.3 (#1751)
• 49a291a build(deps): Bump google/cloud-sdk from 0c79a8f to 538c693 (#1750)
• f5c00ea add CHANGELOG for v1.3.1 (#1749)

Thanks for all contributors!

v1.3.1

New Features

• enable GCP cloud profiling on rekor-server (#1746)
• move index storage into interface (#1741)
• add info to readme to denote additional documentation sources (#1722)
• Add type of ed25519 key for TUF (#1677)
• Allow parsing base64-encoded TUF metadata and root content (#1671)

Quality Enhancements

• disable quota in trillian in test harness (#1680)

Bug Fixes

• Update contact for code of conduct (#1720)
• fix: typo (#1711)
• Fix panic when parsing SSH SK pubkeys (#1712)
• Correct index creation (#1708)
• Update .ko.yaml (#1682)
• docs: fixzes a small typo on the readme (#1686)
• chore: fix backfill-redis Makefile target (#1685)

Contributors

• Andres Galante
• Andrew Block
• Appu
• Bob Callaway
• Carlos Tadeu Panato Junior
• guangwu
• Hayden B
• jonvnadelberg
• Lance Ball

New Contributors

• @lance made their first contribution in https://github.com/sigstore/rekor/pull/1685
• @andresgalante made their first contribution in https://github.com/sigstore/rekor/pull/1686
• @testwill made their first contribution in https://github.com/sigstore/rekor/pull/1711
• @jonvnadelberg made their first contribution in https://github.com/sigstore/rekor/pull/1722

Full Changelog: https://github.com/sigstore/rekor/compare/v1.3.0...v1.3.1

Changelog

• ed3d0b1 changelog for v1.3.0 (#1657)
• f0fe617 Update openapi.yaml (#1655)
• be96b95 build(deps): Bump google/cloud-sdk from 4769605 to 648eb94 (#1656)
• a0a4820 build(deps): Bump google/cloud-sdk from f656d61 to 4769605 (#1654)
• 4c6df3e pass transient errors through retrieveLogEntry (#1653)
• f3d6483 return full entryID on HTTP 409 responses (#1650)
• 2934605 set min go version to 1.21 (#1651)
• a9f538d build(deps): Bump github.com/go-playground/validator/v10 (#1648)
• 3a89ae4 build(deps): Bump google/cloud-sdk from 443.0.0 to 444.0.0 (#1647)
• 6208b39 build(deps): Bump google.golang.org/api from 0.135.0 to 0.138.0 (#1646)
• a49cd04 feat: Support publishing new log entries to Pub/Sub topics (#1580)
• 45bbaf0 build(deps): Bump gocloud.dev from 0.33.0 to 0.34.0 (#1645)
• 7cc7f47 build(deps): Bump actions/checkout from 3.5.3 to 3.6.0 (#1644)
• 280efef build(deps): Bump github.com/sassoftware/relic/v7 from 7.6.0 to 7.6.1 (#1642)
• ab09135 build(deps): Bump github.com/go-playground/validator/v10 (#1641)
• ee5c702 build(deps): Bump go.step.sm/crypto from 0.34.0 to 0.35.0 (#1640)
• a561d26 build(deps): Bump github.com/redis/go-redis/v9 from 9.0.5 to 9.1.0 (#1639)
• 13bbd9a build(deps): Bump github.com/sassoftware/relic/v7 from 7.5.9 to 7.6.0 (#1638)
• 29e331b Upgrade to go1.21 (#1636)
• 4e05235 build(deps): Bump github.com/sigstore/protobuf-specs from 0.2.0 to 0.2.1 (#1637)
• 3e1715a Change values of Identity.Raw, add fingerprints (#1628)
• c1e6614 build(deps): Bump golangci/golangci-lint-action from 3.6.0 to 3.7.0 (#1634)
• 08ea39a Extract all subjects from SANs for x509 verifier (#1632)
• ea666c7 build(deps): Bump github.com/theupdateframework/go-tuf (#1631)
• d78fdf4 build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/azure (#1629)
• 1da6c56 build(deps): Bump github.com/sassoftware/relic/v7 from 7.5.6 to 7.5.9 (#1630)
• 6357794 build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/aws (#1621)
• 19b4bee build(deps): Bump github.com/sigstore/sigstore from 1.7.1 to 1.7.2 (#1623)
• e65310e build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/hashivault (#1622)
• 52d5b4c build(deps): Bump actions/setup-go from 4.0.1 to 4.1.0 (#1620)
• 8d2424a build(deps): Bump github.com/sigstore/sigstore/pkg/signature/kms/gcp (#1624)
• 4ba20c4 Fix type comment for Identity struct (#1619)
• 0d88d22 build(deps): bump gocloud.dev from 0.32.0 to 0.33.0 (#1609)
• e7b377a Refactor Identities API (#1611)
• d954fef build(deps): bump github.com/go-playground/validator/v10 (#1617)
• bd0db76 build(deps): bump github.com/sassoftware/relic/v7 from 7.5.5 to 7.5.6 (#1615)
• e76446a build(deps): bump golang.org/x/net from 0.13.0 to 0.14.0 (#1614)
• 753e020 build(deps): bump golang.org/x/crypto from 0.11.0 to 0.12.0 (#1616)
• 50952a6 build(deps): bump go.step.sm/crypto from 0.33.0 to 0.34.0 (#1612)
• 924fb3a build(deps): bump golang.org/x/net from 0.12.0 to 0.13.0 (#1608)
• 8a25878 build(deps): bump golang from 1.20.6 to 1.20.7 (#1610)
• 1ba7865 build(deps): bump go.uber.org/zap from 1.24.0 to 1.25.0 (#1607)
• a4b3120 build(deps): bump golang from cfc9d1b to 010a0ff (#1604)
• fa379b0 build(deps): bump go.step.sm/crypto from 0.32.5 to 0.33.0 (#1602)
• cbc9c44 Refactor Verifiers to return multiple keys (#1601)
• 8a30776 build(deps): bump google.golang.org/grpc from 1.56.2 to 1.57.0 (#1600)
• 96dad3c build(deps): bump golang from 8e5a006 to cfc9d1b (#1588)
• d51dea6 Update checkpoint link (#1597)
• 87dd2cd Use correct log index in inclusion proof (#1599)
• 2bd83da build(deps): bump go.step.sm/crypto from 0.32.4 to 0.32.5 (#1596)
• 1b149d2 remove instrumentation library (#1595)
• c44b8b5 pki: clean up fuzzer (#1594)
• 05bdadc build(deps): bump gocloud.dev from 0.30.0 to 0.32.0 (#1592)
• 3bdf746 build(deps): bump go.step.sm/crypto from 0.32.3 to 0.32.4 (#1590)
• b383663 update builder image to use go1.20.6 and cosign image to 2.1.1 (#1589)
• d702f84 build(deps): bump github.com/sigstore/protobuf-specs from 0.1.0 to 0.2.0 (#1584)
• 1b06bcf build(deps): bump github.com/secure-systems-lab/go-securesystemslib (#1585)
• d75c7b0 build(deps): bump go.step.sm/crypto from 0.32.2 to 0.32.3 (#1586)
• 2b1d9d8 build(deps): bump golang from 1.20.5 to 1.20.6 (#1587)
• 6fd7c23 build(deps): bump github.com/google/rpmpack (#1582)
• 3ded91e build(deps): bump google.golang.org/grpc from 1.56.1 to 1.56.2 (#1579)
• 0817ec6 build(deps): bump golang from 20ee7c8 to fd9306e (#1578)
• 381778c build(deps): bump golang.org/x/net from 0.11.0 to 0.12.0 (#1576)
• 30254fb build(deps): bump golang from 344193a to 20ee7c8 (#1575)
• ad43970 build(deps): bump golang.org/x/mod from 0.11.0 to 0.12.0 (#1574)
• 4fb1b7a build(deps): bump github.com/veraison/go-cose from 1.1.0 to 1.2.0 (#1572)
• 7616da1 alpine: add max metadata size to fuzzer (#1571)

Thanks for all contributors!

What's Changed

• Move github.com/sigstore/protobuf-specs users into a separate subpackage by @mtrmac in https://github.com/sigstore/rekor/pull/1511
• pass treeSize and rootHash to avoid trillian import by @bobcallaway in https://github.com/sigstore/rekor/pull/1513
• update builder image to use go1.20.5 by @cpanato in https://github.com/sigstore/rekor/pull/1524
• deps: bump go-swagger to v0.30.5 by @bobcallaway in https://github.com/sigstore/rekor/pull/1532
• chore: bump golangci-lint version to v1.53.x by @cpanato in https://github.com/sigstore/rekor/pull/1533
• update sigstore/sigstore/pkg/signature/kms/aws to v1.7.0 by @cpanato in https://github.com/sigstore/rekor/pull/1544
• pass down error with message instead of nil by @bobcallaway in https://github.com/sigstore/rekor/pull/1560
• chore: replace github.com/ghodss/yaml with sigs.k8s.io/yaml by @Juneezee in https://github.com/sigstore/rekor/pull/1558
• swap killswitch for 'docker-compose restart' by @bobcallaway in https://github.com/sigstore/rekor/pull/1562
• fuzz: Add utility to create structured jar bytes by @AdamKorcz in https://github.com/sigstore/rekor/pull/1548
• changelog for v1.2.2 by @bobcallaway in https://github.com/sigstore/rekor/pull/1570

New Contributors

• @Juneezee made their first contribution in https://github.com/sigstore/rekor/pull/1558

Full Changelog: https://github.com/sigstore/rekor/compare/v1.2.1...v1.2.2

Changelog

v1.2.1

• 576458c run go mod tidy in hack/toolz (#1510)

(note the release of v1.2.0 failed during our release process, so we fixed the issue and cut v1.2.1); including the Changelog for v1.2.0 here too:

v1.2.0

Functional Enhancements

• add client method to generate TLE struct (#1498)
• add dsse type (#1487)
• support other KMS providers (AWS, Azure, Hashicorp) in addition to GCP (#1488)
• Add concurrency to backfill-redis (#1504)
• omit informational message if machine-parseable output has been requested (#1486)
• Publish stable checkpoint periodically to Redis (#1461)
• Add intoto v0.0.2 to backfill script (#1500)
• add new method to test insertability of proposed entries into log (#1410)

Quality Enhancements

• use t.Skip() in fuzzers (#1506)
• improve fuzzing coverage (#1499)
• Remove watcher script (#1484)

Bug Fixes

• Merge pull request from GHSA-frqx-jfcm-6jjr
• Remove requirement of PayloadHash for intoto 0.0.1 (#1490)
• fix lint errors, bump linter up to 1.52 (#1485)
• Remove dependencies from pkg/util (#1469)

Contributors

• Bob Callaway
• Carlos Tadeu Panato Junior
• Ceridwen Coghlan
• Cody Soyland
• Hayden B
• Miloslav Trmač

Thanks for all contributors!

v1.1.1

Functional Enhancements

• Refactor Trillian client with exported methods (#1454)
• Switch to official redis-go client (#1459)
• Remove replace in go.mod (#1444)
• Add Rekor OID info. (#1390)

Quality Enhancements

• remove legacy encrypted cosign key (#1446)
• swap cjson dependency (#1441)
• Update release readme (#1456)

Bug Fixes

• Merge pull request from GHSA-2h5h-59f5-c5x9

Contributors

• Billy Lynch
• Bob Callaway
• Carlos Tadeu Panato Junior
• Ceridwen Coghlan
• Hayden B

Full Changelog: https://github.com/sigstore/rekor/compare/v1.1.0...v1.1.1