Skip to content

v4.3.0

Latest
Latest

Choose a tag to compare

View all tags
@jku jku released this 03 Jun 16:07
· 10 commits to main since this release
v4.3.0
4baa76f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Added

  • Issuer.identity_token accepts an optional redirect_port argument to
    accomodate OIDC providers that require pre-registered redirect URIs
    (#1029)

Fixed

  • Fix ~60s keep-alive deadlock in browser-based OIDC authentication
    (#1693)
  • Avoid over-using connections when signing many artifacts: Use one connection
    per thread (#1732)

Changed

  • With Rekor v2 DSSE signing/verification now uses Hashedrekord log entries. This is based on Rekor v2 spec change: sigstore/architecture-docs#63
    (#1776)
  • sigstore is now compatible with cryptography 48 and tuf 7
    (#1773)
  • Embedded TUF metadata has been updated
    (#1785)
Assets 4
Loading