v1.2.2

v1.2.2

Changes

Bug fixes

• Go checksum database error on installation due to deleting a tag

Misc

• Dependabot updates

v1.2.1

v1.2.1

v1.2.1 includes a minor bug fix to set the SignedData version value
in a timestamp response as per the RFC.

Changes

Bug Fixes

• Bump digitorus/timestamp version to pick up RFC correctness fix (#584)

v1.2.0

v1.2.0

v1.2.0 is based on Go 1.21.3.

Changes

Enhancements

• Support other hash algs for pre-signed timestamp besides SHA256 (#488)
• new http-ping-only flag for 'timestamp-server serve' (#474)

Bug Fixes

• Fix bug where TSA signing fails if cert hash != content hash. (#465)

Misc

• expand README on Cloud KMS deployment (#476)
• upgrade to Go1.21 (#471)

Contributors

• Billy Lynch
• Carlos Tadeu Panato Junior
• Dmitry Savintsev
• Hayden B

v1.1.2

Changelog

1.1.2 fixes a signing related hash function bug and a typo.

Changes

Bug Fixes

• Fix hash function hardcoding bug by updating dependency (#452)

Misc

• Fix typo in OpenAPI spec (#419)
• Update GoReleaser flag (#356)

Contributors

• Carlos Tadeu Panato Junior
• Dmitry Savintsev
• Meredith Lancaster

Full Changelog: v1.1.1...v1.1.2

v1.1.1

Changelog

1.1.1 fixes a bug in the JSON format timestamp request code.

Changes

Bug Fixes

• Update how the JSON body is parsed (#343)

Contributors

• Meredith Lancaster

Full Changelog: v1.1.0...v1.1.1

v1.1.0

Changelog

1.1.0 now supports making timestamp requests in JSON format in addition to DER encoded format.

Changes

Enhancements

• Support timestamp requests in JSON format (#247)

Misc

• Fix typo in README (#294)

Contributors

• Andrea Cosentino
• Meredith Lancaster

Full Changelog: v1.0.0...v1.1.0

v1.0.0

Changelog

1.0 release of the timestamp authority. Thank you to all of the contributors!

v1.0.0-rc.1

1.0.0-rc.1

Note: This is a prerelease for 1.0. Please try it out and file issues!

Changes

• Upgrade to go 1.20.1 (#245)

Documentation

• Update policy (#251, #262)

Contributors

• Carlos Tadeu Panato Junior
• Hayden B
• Meredith Lancaster

v1.0.0-rc.0

Changelog

SLSA provenance is now uploaded with each release. Use slsa-verifier to verify the release.

Misc

• Mock NTP client (#217)

Contributors

• Carlos Tadeu Panato Junior
• Hayden B
• Meredith Lancaster

Full Changelog: v0.2.1...v1.0.0-rc.0

v0.2.1

Changelog

0.2.1 now rejects timestamp requests that use SHA-1. For server operators, it
now defaults to using NTP monitoring.

Changes

Enhancements

• Generate slsa provenance (#193)
• Use default NTP monitoring configuration (#186)
• Reject requests that use SHA-1 (#202)

Bug Fixes

Misc

• Update README with more details (#188)

Contributors

• Hayden B
• Hector Fernandez
• Meredith Lancaster

Full Changelog: v0.2.0...v0.2.1