Releases: sigstore/sigstore-java
Releases · sigstore/sigstore-java
v1.1.0
See CHANGELOG.md for more details.
What's Changed
- update versions after 1.0.0 by @loosebazooka in #800
- Update dependency org.eclipse.jetty:jetty-server to v11.0.24 by @renovate in #803
- Update gradle/actions action to v4.0.1 by @renovate in #804
- Update dependency com.google.errorprone:error_prone_core to v2.31.0 by @renovate in #805
- Update dependency com.google.http-client:google-http-client-bom to v1.45.0 by @renovate in #806
- Update sigstore/community digest to af27ecc by @renovate in #801
- Update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v1.2.2 by @renovate in #802
- Update dependency com.google.guava:guava to v33.3.1-jre by @renovate in #815
- Update actions/checkout action to v4.2.0 by @renovate in #818
- Update actions/setup-java action to v4.4.0 by @renovate in #819
- Update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v1.3.0 by @renovate in #821
- Update dependency org.apache.maven.plugins:maven-gpg-plugin to v3.2.7 by @renovate in #816
- Update protobuf_grpc by @renovate in #824
- Update gradle/actions action to v4.1.0 by @renovate in #823
- Update dependency org.mockito:mockito-bom to v5.14.1 by @renovate in #822
- Update sigstore/community digest to 95ef39c by @renovate in #814
- Update dependency org.junit:junit-bom to v5.11.1 by @renovate in #817
- Move known roles in TUF by @loosebazooka in #826
- Separate meta fetching from target fetching by @loosebazooka in #827
- Non inferred file names by @loosebazooka in #828
- Update actions/checkout action to v4.2.1 by @renovate in #830
- Update dependency org.junit:junit-bom to v5.11.2 by @renovate in #831
- Update dependency org.mockito:mockito-bom to v5.14.2 by @renovate in #832
- Update dependency de.thetaphi.forbiddenapis:de.thetaphi.forbiddenapis.gradle.plugin to v3.8 by @renovate in #833
- Update dependency org.junit:junit-bom to v5.11.3 by @renovate in #835
- Update dependency net.ltgt.errorprone:net.ltgt.errorprone.gradle.plugin to v4.1.0 by @renovate in #834
- Update sigstore/community digest to dcc3c01 by @renovate in #829
- Store meta state in memory by @loosebazooka in #836
- Update tuf updater api surface by @loosebazooka in #839
- More tuf updates for conformance by @loosebazooka in #840
- Start adding tuf conformance by @loosebazooka in #838
- Update protobuf_grpc by @renovate in #842
- Update softprops/action-gh-release action to v2.1.0 by @renovate in #844
- Update actions/setup-go action to v5.1.0 by @renovate in #845
- Update staging and public good embedded starter roots by @loosebazooka in #848
- Add tuf specific key/signature handlers by @loosebazooka in #847
- Use tuf verifiers in updater by @loosebazooka in #849
- Cleanup by @loosebazooka in #850
- Update actions/checkout action to v4.2.2 by @renovate in #843
- Cleanup keys parsing, caller specifies type by @loosebazooka in #851
- Handle targets with path elements by @loosebazooka in #853
- Fix test_duplicate_sig_keyids by @loosebazooka in #852
- Rekor Entries should be reconstructed and compared by @loosebazooka in #856
Full Changelog: v1.0.0...v1.1.0
Contributors
loosebazooka and renovate
Assets 2
v1.0.0
See CHANGELOG.md for more details.
v0.12.0
See CHANGELOG.md for more details.
v0.11.0
See CHANGELOG.md for more details.
v0.10.0
See CHANGELOG.md for more details.
v0.9.0-gradle
See CHANGELOG.md for more details.
v0.8.0-gradle
See CHANGELOG.md for more details.
v0.7.0-gradle
See CHANGELOG.md for more details.
v0.6.0
See CHANGELOG.md for more details.
v0.5.0
Important Changes
- Use TUF framework to obtain verification material
What's Changed
- Fuzzing: Add new fuzzers by @arthurscchan in #380
- Fuzzing: Add fuzzers for CertificateEntry and Serialization classes by @arthurscchan in #386
- doc: improve descriptions for Gradle Plugin Portal by @vlsi in #396
- Fix changelog link in GitHub release notes by @szpak in #395
- Exception handling: Wrap illegal state exception by @arthurscchan in #397
- Exception fixing: Add handling for possible empty content for PemObject by @arthurscchan in #394
- Update after 0.4.0 release by @loosebazooka in #393
@renovate in #403 - Improve readme by @ljacomet in #408
- Allow updaters to init on existing repos by @loosebazooka in #409
- Fuzzing: Add fuzzer for DigitallySigned class by @arthurscchan in #407
- Force convention for URL for HttpMetaFetcher by @loosebazooka in #410
- Use spec-compliant persisted target filenames by @loosebazooka in #411
- Avoid failures on removal of published artifacts by @ljacomet in #416
- don't fail if fuzzOut isn't specified by @loosebazooka in #413
- update links to use CDN-backed endpoints by @bobcallaway in #418
- v1 tuf client by @loosebazooka in #415
- Add initial BYOB-based SLSA-generator by @AdamKorcz in #357
- Add pkix der encoded key parsing by @loosebazooka in #429
- Fix: Fix possible Null Pointer Exception by @arthurscchan in #406
- Add interfaces for sigstore trusted_root by @loosebazooka in #430
- Bump
sigstore-conformanceto 0.0.4 by @tetsuo-cpp in #436 - Add fuzzer for RekorTypes by @arthurscchan in #437
- Add fuzzer for RekorVerifier by @arthurscchan in #438
- Fixes: Add digest length checking by @arthurscchan in #405
- Fuzzing: Add fuzzer for dev.sigstore.bundle package by @arthurscchan in #431
- Add fuzzers for FulcioVerifier by @arthurscchan in #433
- Separate BundleFuzzer by @arthurscchan in #452
- Handle parse exceptions on raw rekor entry by @loosebazooka in #451
- Remove unused KeylessSigningFuzzer by @arthurscchan in #456
- Small update to the verify example by @jerolimov in #454
- use base google-http-client-bom by @hboutemy in #469
- Upgrade error_prone_core to 2.20.0 by @loosebazooka in #471
java/pull/470 - Add accessors to trustroot by @loosebazooka in #432
- Fix fuzzing issues by @loosebazooka in #473
- Handle more uncaught runtime exceptions on rekor response by @loosebazooka in #474
- Add validity helpers by @loosebazooka in #476
- Updates before applying tuf to fulcio client by @loosebazooka in #477
- configure fulcio (v2 for now) with trustroot by @loosebazooka in #478
- configure rekor signer (v2 for now) with trustroot by @loosebazooka in #487
- configure rekor verifier (v2 for now) with trustroot by @loosebazooka in #488
- Use tuf cdn, add staging by @loosebazooka in #491
- Handle pkcs1 rsa keys in trsuted_root by @loosebazooka in #493
- fix(deps): update dependency com.gradle.plugin-publish:com.gradle.plugin-publish.gradle.plugin to v1.2.1 by @renovate in #481
- Use tuf to init signer and verifier by @loosebazooka in #492
- Combine all pico cli updates into single renovate PR by @loosebazooka in #503
- Update ValidFor for endpoint inclusion by @loosebazooka in #516
- Add RootProvider by @loosebazooka in #517
- Fix validate SCTs when cert chain is just leaf by @loosebazooka in #520
- Use new TUF based clients by @loosebazooka in #500
- Update conformance tests by @loosebazooka in #521
- Minor update to builder usage by @loosebazooka in #522
- Add some new helpers to Certificates by @loosebazooka in #524
- Add defaults to keylessverificationrequest by @loosebazooka in #526
- Enable tests to query fulcio cert chain by @loosebazooka in #525
- Update signing result to store leaf certs only by @loosebazooka in #523
- Ensure release script and stage-vote-release work by @loosebazooka in #529
New Contributors
- @ljacomet made their first contribution in #408
- @jerolimov made their first contribution in #454
- @hboutemy made their first contribution in #469
Full Changelog: v0.4.0...v0.5.0
Contributors
ljacomet, christoph-jerolimov, and 9 other contributors