Skip to content

Latest commit

 

History

History
144 lines (95 loc) · 5.71 KB

CHANGELOG.md

File metadata and controls

144 lines (95 loc) · 5.71 KB

Changelog

All notable changes to protobuf-specs will be documented in this file.

The format is based on Keep a Changelog.

All versions prior to 0.2.0 are untracked.

[Unreleased]

Added

Changed

0.3.3

  • Allowed specifying artifact digest for verification (#406
  • Added version to SigningConfig message (#383

Changed

  • Docs: Clarify that integration time is only trustworthy with a Signed Entry Timestamp (#442
  • Docs: Clarify inclusion promise requirement (#380
  • Docs: Clarify that artifact digest verification should not be used with in-toto attestations (#461

0.3.2

  • Added TransparencyLogInstance.checkpoint_key_id as an optional key identifier for logs that generate checkpoints (#284)

Changed

  • Docs: Clarified DSSE envelope signature cardinality (#318)
  • Docs: Clarifier behavior of key identifiers (#284)

0.3.1

  • Added client configuration message for signing (#277)
  • Added a new format for the media type that is compatible with OCI registries (#279)
  • Added events.proto for Ruby package (#264)
  • Targeted Node16 for Typescript package (#230)

Changed

  • Docs: Removed timestamp from checkpoint (#247)
  • Remove EXPERIMENTAL prefix from LMS schemes (#214)

Fixed

  • Docs: Clarified trust anchor in chain (#245

0.3.0

  • Options for more generic observer time (#179)
  • BREAKING: VerificationMaterials.contents now has an additional certificate variant, which is preferred in 0.3 bundles with the Sigstore PGI (#191)
  • Added algorithm registry documentation and updated PublicKeyDetails message (#194, #212)
    • Deterministic ECDSA is deprecated
    • NIST-P384 and NIST-P521 curves added
    • Existing (and underspecified) RSA key types are deprecated. New RSA keytypes are defined that specifies size of public modulus and hash algorithm. RSA now only supports PKCS#1 signature scheme, and PKIX (SubjectPublicKeyInfo) encoding.
    • Experimental support for LMS key types.

Changed

  • Deprecated support for detached SCTs (#188)

Fixed

  • Docs: Clarified rotation of verification materials in the trust root (#210

0.2.1

Added

  • CloudEvents proto for Rekor pub/sub messages (#86)
  • Generate jsonschema (#112)
  • Rust bindings for jsonschema (#118)
  • Dependabot to update dependencies (#99)

Changed

There were no changes in this release.

Fixed

  • Docs: Fixed spelling error (#97)
  • Docs: Clarified log index vs global log index (#101)
  • Docs: Clarified purpose of SET as a signed timestamp (#100)
  • Docs: Clarify message digest purpose (#114)

Removed

There were no removals in this release.

0.2.0

Added

  • Rust bindings have been added (#88)

Changed

  • TransparencyLogEntry.inclusion_proof is now marked as required (was previously optional), while TransparencyLogEntry.inclusion_promise is now marked as optional (was previously required) (#84)

  • More Rekor messages and message fields have been marked as required (#79)

  • Ruby bindings: class names have been updated and now live in the Sigstore:: namespace (#87)

Fixed

  • Docs: Clarify that TransparencyLogEntry.canonicalized_body is optional (#74)

  • Docs: Clarify that key IDs are digests over SPKI encodings (#73)

  • Docs: Clarify that bundled certificate chains must not contain root or intermediate certificates that should be trused out-of-band (#77)

  • Docs: Clarify TimeRange validity periods (#78)

Removed

There were no removals in this release.