Skip to content
Choose a tag to compare


@drrt drrt released this
Choose a tag to compare
  • Fix a bug in which the agent periodically logged connection errors (#906)
  • Kubernetes SAT node attestor now supports the TokenReview API (#904)
  • Agent cache refactored to improve memory management and fix a leak (#863)
  • UpstreamCA "disk" will now reload cert and keys when needed (#903)
  • Introduced Nested SPIRE: server clusters can now be chained together (#890)
  • Fix a bug in AWS IID NodeResolver with instance profile lookup (#888)
  • Improved workload attestation and fixed a security bug related to PID reuse (#886)
  • New Kubernetes bundle notifier for keeping a bundle configmap up-to-date (#877)
  • New plugin type Notifier for programatically taking action on important events (#877)
  • New NodeAttestor based on SSH certificates (#868, #870)
  • v2 client library for Workload API interaction (#841)
  • Back-compat bundle management code removed - bundle is now handled correctly (#858, #859)
  • Plugins can now expose auxiliary services and consume host-based services (#840)
  • Fix bug preventing agent recovery prior to its first SVID rotation (#839)
  • Agent and server can now export telemetry to Prometheus, Statsd, DogStatsd (#817)
  • Fix bug in SDS API that prevented updates following Envoy restart (#820)
  • Kubernetes workload attestor now supports using the secure port (#814)
  • Support for TLS-protected connections to MySQL (#821)
  • X509-SVID can now include an optional CN/DNS SAN (#798)
  • SQL DataStore plugin now supports MySQL (#784)
  • Fix bug preventing agent from reconnecting to a new server after an error (#795)
  • Fix bug preventing agent from shutting down when streams are open (#790)
  • Registration entries can now have an expiry and be pruned automatically (#776, #793)
  • New Kubernetes NodeAttestor based on PSAT for node specificity (#771, #860)
  • New UpstreamCA plugin for AWS secret manager (#751)
  • Healthcheck commands exposed in server and agent (#758, #763)
  • Kubernetes workload attestor extended with additional selectors (#720)
  • UpstreamCA "disk" now supports loading multiple key types (#717)