Releases: spiffe/spire
Releases · spiffe/spire
v1.5.5
Security
- Updated to Go 1.19.6 and golang.org/x/net v0.7.0 to address CVE-2022-41723, CVE-2022-41724, CVE-2022-41725.
v1.4.7
Security
- Updated to Go 1.19.6 and golang.org/x/net v0.7.0 to address CVE-2022-41723, CVE-2022-41724, CVE-2022-41725.
v1.5.4
Added
- Support to run SPIRE as a Windows service (#3625)
- Configure admin SPIFFE IDs from federated trust domains (#3642)
- New selectors in the
aws_iid
NodeAttestor plugin (#3640) - Support for additional upstream root certificates to the
awssecret
UpstreamAuthority plugin (#3578) - Serial number and revision number to SVID minting logging (#3699)
spire-server federation
CLI commands now support the-output
flag (#3660)
Fixed
v1.5.3
Added
- A new
gcp_kms
KeyManager plugin is now available (#3410, #3638, #3653, #3655) spire-server agent
,spire-server bundle
, andspire-server entry
CLI commands now support-output
flag (#3523, #3624, #3628)
Changed
- SPIRE-managed files on Windows no longer inherit permissions from parent directory (#3577, #3604)
- Documentation improvements (#3534, #3546, #3461, #3565, #3630, #3632, #3639,)
Fixed
v1.5.2
Security
- Updated to Go 1.19.4 to address CVE-2022-41717.
v1.4.6
Security
- Updated to Go 1.19.4 to address CVE-2022-41717.
v1.5.1
Fixed:
- The deprecated
default_svid_ttl
configurable is now correctly observed after fixing a regression
v1.5.0
Added
- X.509-SVID and JWT-SVID TTLs can now be configured separately at both the entry-level and Server default level (#3445)
- Entry protobuf type in
/v1/entry
API includes newjwt_svid_ttl
field (#3445) k8s-workload-registrar
andoidc-discovery-provider
CLIs now print their version when the-version
flag is set (#3475)- Support for customizing SPIFFE ID paths of SPIRE Agents attested with the
azure_msi
NodeAttestor plugin (#3488)
Changed
- Entry
ttl
protobuf field in/v1/entry
API is renamed tox509_ttl
(#3445) - External plugins can no longer be named
join_token
to avoid conflicts with the builtin plugin (#3469) spire-server run
command now supports DNS names for the configured bind address (#3421)- Documentation improvements (#3468, #3472, #3473, #3474, #3515)
Deprecated
k8s-workload-registrar
is deprecated in favor of SPIRE Controller Manager (#3526)- Server
default_svid_ttl
configuration field is deprecated in favor ofdefault_x509_svid_ttl
anddefault_jwt_svid_ttl
fields (#3445) -ttl
flag inspire-server entry create
andspire-server entry update
commands is deprecated in favor of-x509SVIDTTL
and-jwtSVIDTTL
flags (#3445)-format
flag inspire-agent fetch jwt
CLI command is deprecated in favor of-output
flag (#3528)InMem
telemetry collector is deprecated and no longer enabled by default (#3492)
Removed
- NodeResolver plugin type and
azure_msi
builtin NodeResolver plugin (#3470)
v1.4.5
Security
- Updated to Go 1.19.3 to address CVE-2022-41716. This vulnerability only affects users configuring external Server or Agent plugins on Windows.
v1.3.6
Security
- Updated to Go 1.18.8 to address CVE-2022-41716. This vulnerability only affects users configuring external Server or Agent plugins on Windows.