Releases: spiffe/spire
Releases · spiffe/spire
v1.7.6
Security
- Updated to Go 1.20.12 to address CVE-2023-39326
v1.8.5
Added
- All credential types supported by Azure can now be used in
azure_msi
NodeAttestor plugin andazure_key_vault
KeyManager plugin (#4568) EnableHostnameLabel
field in Server and Agenttelemetry
configuration section that enables addition of a hostname label to metrics (#4584)
Changed
- Agent SDS API now provides a SPIFFEValidationContext as the default CertificateValidationContext when the Envoy version cannot be determined (#4618)
- Server CAs now contain a
serialNumber
attribute in theSubject
DN (#4585) - Improved accuracy of Agent log message for SVID renewal events (#4654)
Deprecated
use_msi
configuration fields inazure_msi
NodeAttestor plugin andazure_key_vault
KeyManager plugin are deprecated in favor of the chained Azure SDK credential loading strategy (#4568)
Fixed
- Agent SDS API now provides correct CertificateValidationContext when Envoy registered in SPIRE after the first SDS request (#4611)
v1.8.4
Security
- Updated to Go 1.21.4 to address CVE-2023-45283, CVE-2023-45284
v1.7.5
Security
- Updated to Go 1.20.11 to address CVE-2023-45283, CVE-2023-45284
v1.8.3
Added
- SPIRE Agent distributes sync requests to the SPIRE server to mitigate thundering herd situations (#4534)
- Allow configuring prefixes for all metrics (#4535)
- Documentation improvements (#4579, #4569)
Changed
- SPIRE Agent performs the initial sync more aggressively when tuned with a longer sync interval (#4479)
Fixed
v1.8.2
Security
- Updated to google.golang.org/grpc v1.58.3 and golang.org/x/net v0.17.0 to address CVE-2023-39325, CVE-2023-44487
v1.7.4
Security
- Updated to google.golang.org/grpc v1.58.3 and golang.org/x/net v0.17.0 to address CVE-2023-39325, CVE-2023-44487
v1.8.1
Security
- Updated to Go 1.21.3 to address CVE-2023-39325, CVE-2023-44487
v1.7.3
Security
- Updated to Go 1.20.10 to address CVE-2023-39325, CVE-2023-44487
v1.8.0
Added
azure_key_vault
KeyManager plugin (#4458)- Server configuration to set refresh hint of local bundle (#4400)
- Support for batch entry deletion in
spire-server
CLI (#4371) aws_iid
NodeAttestor can now be used in AWS Gov Cloud and China regions (#4427)status_code
andstatus_message
fields in SPIRE Agent logs on gRPC errors (#4262)
Changed
- Bundle server configuration is now organized by endpoint profiles (#4476)
- Release artifacts are now statically linked with musl rather than glibc (#4491)
- Agent no longer requests unused SVIDs for node aliases they belong to, reducing server signing load (#4467)
- Entry IDs can now be optionally set by the client for BatchCreateEntry requests (#4477)
Fixed
- Concurrent workload attestation using
systemd
plugin (#4360) - Bug in
k8s
WorkloadAttestor plugin that failed attestation in some scenarios (#4468) - Server can now be run on Linux arm64 when using SQLite (#4491)