Version 1.7.3

Changes

• Fix bug in flag handling for disabling auth in server mode when using SPIFFE workload API (#418)
• Bump dependency versions and minor fixes (#411, #409, #414, #413)

Version 1.7.2

Changes

• Updated Go toolchain and bumped all dependencies to latest versions (#411)
• Avoid setting GetCertificate for SPIFFE in client mode if auth is disabled (#407)

Plus some miscellaneous fixes & build changes (#405, #399, #401, #397, #395)

Full Changelog: v1.7.1...v1.7.2

Version 1.7.1

Changes

• Reload OPA policies during reload (#381)
• Bump Go version in Docker container to 1.19 (#383)
• Provide darwin-arm64/universal release binaries (#388)

Version 1.7.0

Changes

• Update to Go 1.19 for release builds & bump dependencies
• Fix a memory leak in HTTP status checking (#379, thanks @phamann)
• Add support for OPA to allow auth based on Rego policies (#374, thanks @spacedub)
• Update to latest go-spiffe for better Windows support (#371, thanks @MarcosDY)

Version 1.7.0-rc.1

Changes

• Update to Go 1.19 for release builds & bump dependencies
• Fix a memory leak in HTTP status checking (#379, thanks @phamann)
• Add support for OPA to allow auth based on Rego policies (#374, thanks @spacedub)
• Update to latest go-spiffe for better Windows support (#371, thanks @MarcosDY)

Version 1.6.1

Changes

• Add support for HTTP status endpoints for targets (#365, thanks to @mccurdyc)
• Support for filtering keychain identities by serial and/or issuer (#352)
• Add initial ACME support in server mode (#348, thanks to @ryankoski)
• Better connect proxy resolution handling (#357, #360)

Version 1.6.0

Changes

• Add support for TLS 1.3 and fix bug that prevented the use of RSA-PSS when keychain identities were used on macOS/Win.
• Add new experimental flag for macOS (--keychain-require-token) to fetch keychain identities backed by hardware tokens.
• Changed the default log output to stdout, previously stderr, to avoid issues with Windows thinking the process crashed.

Other
Migrated release build process to GitHub Actions to avoid the need for cross-compilation toolchains. Unfortunately this means that linux/arm64 and windows/386 release builds will not be available for the moment. We plan to add back release builds for those platforms for when feasible with GitHub Actions.

Version 1.6.0-rc.3

Added changes to make RSA-PSS (for TLS 1.3) work on Windows using platform certificate store keys (certstore).

Version 1.6.0-rc.2

Second release candidate for 1.6.0, fixes ordering of TLS 1.3 cipher suites.

Version 1.6.0-rc.1

First release candidate for v1.6.0

Changes

• Add support for TLS 1.3 and fix bug that prevented the use of RSA-PSS when keychain identities were used on macOS.
• Add new experimental flag for macOS (--keychain-require-token) to fetch keychain identities backed by hardware tokens.
• Changed the default log output to stdout, previously stderr, to avoid issues with Windows thinking the process crashed.

Other

• Migrated release build process to GitHub Actions to avoid the need for cross-compilation toolchains. Unfortunately this means that {linux,darwin}/arm64 and windows/386 release builds will not be available for the moment. We plan to add back release builds for those platforms for when feasible with GitHub Actions.