Skip to content

Releases: spiffe/spire

v1.5.5

15 Feb 00:10
Compare
Choose a tag to compare

Security

v1.4.7

15 Feb 00:16
Compare
Choose a tag to compare

Security

v1.5.4

13 Jan 01:15
Compare
Choose a tag to compare

Added

  • Support to run SPIRE as a Windows service (#3625)
  • Configure admin SPIFFE IDs from federated trust domains (#3642)
  • New selectors in the aws_iid NodeAttestor plugin (#3640)
  • Support for additional upstream root certificates to the awssecret UpstreamAuthority plugin (#3578)
  • Serial number and revision number to SVID minting logging (#3699)
  • spire-server federation CLI commands now support the -output flag (#3660)

Fixed

  • Service configurations provided by the gRPC resolver are now ignored by SPIRE Agent (#3712)
  • CLI commands that supported the -output flag now properly shows the default value for the flag (#3713)

v1.5.3

14 Dec 21:52
Compare
Choose a tag to compare

Added

  • A new gcp_kms KeyManager plugin is now available (#3410, #3638, #3653, #3655)
  • spire-server agent, spire-server bundle, and spire-server entry CLI commands now support -output flag (#3523, #3624, #3628)

Changed

Fixed

  • oidc-discovery-provider healthcheck HTTP server now binds to all network interfaces for visibility outside containers using virtual IP (#3580)
  • k8s-workload-registrar CRD and reconcile modes now have correct example leader election RBAC YAML (#3617)

v1.5.2

07 Dec 03:11
Compare
Choose a tag to compare

Security

v1.4.6

07 Dec 03:09
Compare
Choose a tag to compare

Security

v1.5.1

08 Nov 22:49
cb79b8e
Compare
Choose a tag to compare

Fixed:

  • The deprecated default_svid_ttl configurable is now correctly observed after fixing a regression

v1.5.0

02 Nov 22:39
Compare
Choose a tag to compare

Added

  • X.509-SVID and JWT-SVID TTLs can now be configured separately at both the entry-level and Server default level (#3445)
  • Entry protobuf type in /v1/entry API includes new jwt_svid_ttl field (#3445)
  • k8s-workload-registrar and oidc-discovery-provider CLIs now print their version when the -version flag is set (#3475)
  • Support for customizing SPIFFE ID paths of SPIRE Agents attested with the azure_msi NodeAttestor plugin (#3488)

Changed

  • Entry ttl protobuf field in /v1/entry API is renamed to x509_ttl (#3445)
  • External plugins can no longer be named join_token to avoid conflicts with the builtin plugin (#3469)
  • spire-server run command now supports DNS names for the configured bind address (#3421)
  • Documentation improvements (#3468, #3472, #3473, #3474, #3515)

Deprecated

  • k8s-workload-registrar is deprecated in favor of SPIRE Controller Manager (#3526)
  • Server default_svid_ttl configuration field is deprecated in favor of default_x509_svid_ttl and default_jwt_svid_ttl fields (#3445)
  • -ttl flag in spire-server entry create and spire-server entry update commands is deprecated in favor of -x509SVIDTTL and -jwtSVIDTTL flags (#3445)
  • -format flag in spire-agent fetch jwt CLI command is deprecated in favor of -output flag (#3528)
  • InMem telemetry collector is deprecated and no longer enabled by default (#3492)

Removed

  • NodeResolver plugin type and azure_msi builtin NodeResolver plugin (#3470)

v1.4.5

02 Nov 01:20
Compare
Choose a tag to compare

Security

  • Updated to Go 1.19.3 to address CVE-2022-41716. This vulnerability only affects users configuring external Server or Agent plugins on Windows.

v1.3.6

02 Nov 00:39
Compare
Choose a tag to compare

Security

  • Updated to Go 1.18.8 to address CVE-2022-41716. This vulnerability only affects users configuring external Server or Agent plugins on Windows.