Skip to content

v0.2.1

Latest

Choose a tag to compare

@github-actions github-actions released this 16 Jul 16:23
5b908bf

The first signed release. Every artifact of this release carries a verifiable Sigstore signature: the container image is signed by digest, and SHA256SUMS ships with a keyless bundle (SHA256SUMS.sigstore.json). See the new Verifying releases section in the README for the two verification commands.

What's in 0.2.1

  • Signed artifacts (cosign keyless via GitHub OIDC) — see above.
  • Dependency updates: spf13/cobra 1.10.2 and the aws-sdk-go-v2 modules used by the S3 storage driver (config 1.32.30, credentials 1.19.29, s3 1.105.1). No behavior changes; the full mail path including byte-exact attachment download was re-verified live against MinIO.
  • CI hardening: every GitHub Action bumped to its current major (checkout v7, build-push-action v7, gitleaks-action v3, golangci-lint-action v9, action-gh-release v3) — the only breaking change across all five is the Node 24 runtime, already provided by GitHub-hosted runners.

Full details in CHANGELOG.md.

Install or upgrade:

curl -fsSL https://attachra.org/install | sudo bash

Tested in production on a live grommunio (Postfix-based) deployment. Use at your own risk before v1.0.0 — config, policy and API formats are not frozen yet.