From 4a6592612dc015f24d0700b6d274b3663d128ad8 Mon Sep 17 00:00:00 2001 From: Bob Callaway Date: Tue, 28 Mar 2023 18:13:50 -0400 Subject: [PATCH] update CHANGELOG for v1.1.0 (#1409) Signed-off-by: Bob Callaway --- CHANGELOG.md | 96 ++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 96 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 4a45fbb26..b3527f688 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,99 @@ +# v1.1.0 + +## Functional Enhancements +* improve validation on intoto v0.0.2 type (#1351) +* add feature to limit HTTP request body length to process (#1334) +* add information about the file size limit (#1313) +* Add script to backfill Redis from Rekor (#1163) +* Feature: add search support for sha512 (#1142) + +## Quality Enhancements +* fuzzing: refactor OSS-Fuzz build script (#1377) +* Update cloudbuild for cosign 2.0 (#1375) +* Tests - Additional sharding tests (#1180) +* jar type: add fuzzer for 3rd-party dep (#1360) +* update cosign to 2.0.0 and builder image and also cosign flags (#1368) +* fuzzing: move alpine utils to fuzz utils (#1335) +* fuzzing: add seed for alpine fuzzer (#1342) +* jar: add v001 fuzzer (#1327) +* fuzzing: open writer later in fuzz utils (#1326) +* fuzzing: remove tar operations in alpine fuzzer (#1322) +* alpine: add v001 fuzzer (#1316) +* hashedrekord: add v001 fuzzer (#1315) +* fuzzing: add call to IndexKeys in multiple fuzzers (#1302) +* fuzzing: improve cose fuzzer (#1300) +* fuzzing: improve fuzz utils (#1298) +* fuzzing: improve alpine fuzzer (#1273) +* fuzzing: go mod edit go-fuzz-headers (#1272) +* fuzzing: add .options file (#1271) +* fuzzing: build helm fuzzer from correct dir (#1264) +* types: refactor multiple fuzzers (#1258) +* helm: add fuzzer for provenance unmarshalling (#1243) +* pki: add fuzzer (#1256) +* Fuzzing: Add more bug detectors (#1253) +* Refactor e2e - part 5 (#1236) +* Removed unused tool/deps (#1244) +* Fixed the invalid path (#1245) +* Run latest fuzzers in OSS-Fuzz (#1221) +* Fuzz tests - hashedrekord (#1224) +* Update builder (#1228) +* Revamping rekor e2e - part 4 of N (#1218) +* types: add fuzzers (#1225) +* jar type: add fuzzer (#1215) +* Revamping rekor e2e - part 3 of N (#1177) +* modify OSS-Fuzz build script (#1214) +* move over oss-fuzz build script (#1204) +* wrap redis client errors to aid debugging (#1176) +* don't test release candidate builds in harness (#1183) +* types/alpine: add fuzzer (#1200) +* logging tweaks to improve usability (#1235) +* Add backfill-redis to the release artifacts (#1174) +* ensure jobs run on release branches (#1181) +* update builder image and cosign (#1165) +* Refactor e2e tests - x509 apk (#1152) +* Sharding - Additional tests (#1156) +* Ran gofmt and cleaned up (#1157) +* Fuzz - Fuzz tests for sharding (#1147) +* Revamping rekor e2e - part 1 of N (#1089) + +## Bug Fixes +* remove goroutine usage from SearchLogQuery (#1407) +* drop log messages regarding attestation storage to debug (#1408) +* fix ko-local build (#1381) +* disable blocking checks (#1353) +* fix validation for proposed vs committed log entries for intoto v0.0.1 (#1309) +* fix: fix regex for multi-digit counts (#1321) +* return NotFound if treesize is 0 rather than calling trillian (#1311) +* enumerate slice to get sugared logs (#1312) +* put a reasonable size limit on ssh key reader (#1288) +* CLIENT: Fix Custom Host and Path Issue (#1306) +* do not persist local state if log is empty; fail consistency proofs from 0 size (#1290) +* correctly handle invalid or missing pki format (#1281) +* Add Verifier to get public key/cert and identities for entry type (#1210) +* fix goroutine leak in client; add insecure TLS option (#1238) +* Fix - Remove the force-recreate flag (#1179) +* trim whitespace around public keys before parsing (#1175) +* stop inserting envelope hash for intoto:0.0.2 types into index (#1171) +* Revert "remove double encoding of payload and signature fields for intoto (#1150)" (#1158) +* remove double encoding of payload and signature fields for intoto (#1150) +* fix SearchLogQuery behavior to conform to openapi spec (#1145) +* Remove pem-certificate-chain from client (#1138) +* fix flag type for operator in search (#1136) +* use sigstore/community dep review (#1132) + +## Contributors +* AdamKorcz +* Batuhan Apaydın +* Bob Callaway +* Carlos Tadeu Panato Junior +* Fabian Kammel +* Fredrik Skogman +* Hayden B +* Joyce +* Naveen +* Noah Kreiger +* Priya Wadhwa + # v1.0.1 ## Enhancements