Skip to content

v2.0.1
Compare
Choose a tag to compare
@sigstore-bot sigstore-bot released this 06 Apr 19:56
· 602 commits to main since this release
v2.0.1
This tag was signed with the committer’s verified signature.
haydentherapper Hayden B
SSH Key Fingerprint: jzX0b3tCjduspDDUI0+hECHgZQGwB+Mmm4vFFsg3mDY Learn about vigilant mode.
8faaee4
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Installation

go install github.com/sigstore/cosign/v2/cmd/cosign@v2.0.1

Enhancements

  • Add environment variable token provider (#2864)
  • Remove cosign policy command (#2846)
  • Allow customising 'go' executable with GOEXE var (#2841)
  • Consistent tlog warnings during verification (#2840)
  • Add riscv64 arch (#2821)
  • Default generated PEM labels to SIGSTORE (#2735)
  • Update privacy statement and confirmation (#2797)
  • Add exit codes for verify errors (#2766)
  • Add Buildkite provider (#2779)
  • verify-blob-attestation: Loosen arg requirements if --check-claims=false (#2746)

Bug Fixes

  • PKCS11 sessions are now opened read only (#2853)
  • Makefile: date format of log should not show signatures (#2835)
  • Add missing flags to cosign verify dockerfile/manifest (#2830)
  • Add a warning to remember how to configure a custom Gitlab host (#2816)
  • Remove tag warning message from save/copy commands (#2799)
  • Mark keyless pem files with b64 (#2671)

Contributors

  • Aleksandr Razumov
  • Batuhan Apaydın
  • Billy Lynch
  • Carlos Tadeu Panato Junior
  • Chris Burns
  • Derek Burdick
  • Dmitry Savintsev
  • favonia
  • Hayden B
  • Hector Fernandez
  • Ivana Atanasova
  • joe miller
  • Luiz Carvalho
  • Paolo Mainardi
  • priyawadhwa
  • Radoslav Dimitrov
  • Steve Winslow
  • Vincent Batts
  • Zack Newman

Full Changelog: v2.0.0...v2.0.1

Assets 160
Loading