Skip to content

Releases: spiffe/spire

v1.7.6

07 Dec 21:02
Compare
Choose a tag to compare

Security

v1.8.5

22 Nov 22:09
ae8cfd3
Compare
Choose a tag to compare

Added

  • All credential types supported by Azure can now be used in azure_msi NodeAttestor plugin and azure_key_vault KeyManager plugin (#4568)
  • EnableHostnameLabel field in Server and Agent telemetry configuration section that enables addition of a hostname label to metrics (#4584)

Changed

  • Agent SDS API now provides a SPIFFEValidationContext as the default CertificateValidationContext when the Envoy version cannot be determined (#4618)
  • Server CAs now contain a serialNumber attribute in the Subject DN (#4585)
  • Improved accuracy of Agent log message for SVID renewal events (#4654)

Deprecated

  • use_msi configuration fields in azure_msi NodeAttestor plugin and azure_key_vault KeyManager plugin are deprecated in favor of the chained Azure SDK credential loading strategy (#4568)

Fixed

  • Agent SDS API now provides correct CertificateValidationContext when Envoy registered in SPIRE after the first SDS request (#4611)

v1.8.4

08 Nov 02:01
Compare
Choose a tag to compare

Security

v1.7.5

08 Nov 00:34
Compare
Choose a tag to compare

Security

v1.8.3

25 Oct 21:26
eaa04d5
Compare
Choose a tag to compare

Added

  • SPIRE Agent distributes sync requests to the SPIRE server to mitigate thundering herd situations (#4534)
  • Allow configuring prefixes for all metrics (#4535)
  • Documentation improvements (#4579, #4569)

Changed

  • SPIRE Agent performs the initial sync more aggressively when tuned with a longer sync interval (#4479)

Fixed

  • Release artifacts have the correct version information (#4564)
  • The SPIRE Agent insecureBootstrap and trustBundleUrl configurables are now mutually exclusive (#4532)
  • Bug preventing JWT-SVIDs from being minted when a Credential Composer plugin is configured (#4489)

v1.8.2

12 Oct 22:25
Compare
Choose a tag to compare

Security

v1.7.4

12 Oct 21:23
Compare
Choose a tag to compare

Security

v1.8.1

10 Oct 23:21
Compare
Choose a tag to compare

Security

v1.7.3

10 Oct 22:15
Compare
Choose a tag to compare

Security

v1.8.0

20 Sep 17:39
872f76d
Compare
Choose a tag to compare

Added

  • azure_key_vault KeyManager plugin (#4458)
  • Server configuration to set refresh hint of local bundle (#4400)
  • Support for batch entry deletion in spire-server CLI (#4371)
  • aws_iid NodeAttestor can now be used in AWS Gov Cloud and China regions (#4427)
  • status_code and status_message fields in SPIRE Agent logs on gRPC errors (#4262)

Changed

  • Bundle server configuration is now organized by endpoint profiles (#4476)
  • Release artifacts are now statically linked with musl rather than glibc (#4491)
  • Agent no longer requests unused SVIDs for node aliases they belong to, reducing server signing load (#4467)
  • Entry IDs can now be optionally set by the client for BatchCreateEntry requests (#4477)

Fixed

  • Concurrent workload attestation using systemd plugin (#4360)
  • Bug in k8s WorkloadAttestor plugin that failed attestation in some scenarios (#4468)
  • Server can now be run on Linux arm64 when using SQLite (#4491)

Removed

  • Support for Envoy SDS v2 API (#4444)
  • Server no longer cleans up stale data in the database on startup (#4443)
  • Server no longer deletes entries with invalid SPIFFE IDs on startup (#4449)