Skip to content

Releases: atsuoishimoto/oidc-ssh-ca

0.2.0

15 Jun 01:06
@atsuoishimoto atsuoishimoto
0.2.0
4364418
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
0.2.0 Latest
Latest
  • Certificate restrictions in policy. Rules can now emit force_command (the target runs only this command) and source_address (a CIDR allowlist of where the certificate may be used). Both are baked into the certificate by the CA, so they apply on every target server without per-host AuthorizedPrincipalsFile options.
  • Hardened validation. Key ID templates and certificate principals are now checked against a strict allowlist at policy load time (and again at issuance), rejecting newlines, control characters, and unbounded values that could be injected into sshd logs or the audit trail.
  • Supply-chain hardening. CI gained govulncheck and a CodeQL workflow, releases emit SLSA build provenance, and vulnerable dependencies were bumped.
  • Simpler Lambda support. The Lambda-specific code was removed; the binary now runs the ordinary serve HTTP server behind the AWS Lambda Web Adapter.
Assets 9
Loading

0.1.0

13 Jun 06:49
@atsuoishimoto atsuoishimoto
0.1.0
44e8dc2
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Choose a tag to compare

View all tags
0.1.0
  • Initial release
Loading