Releases: sigstore/timestamp-authority
Releases · sigstore/timestamp-authority
v2.0.4
Changelog
What's Changed
- chore(deps): bump go.step.sm/crypto from 0.74.0 to 0.75.0 by @dependabot[bot] in #1239
- chore(deps): bump github.com/tink-crypto/tink-go-hcvault/v2 from 2.3.0 to 2.4.0 by @dependabot[bot] in #1238
- chore(deps): bump github.com/go-openapi/errors from 0.22.4 to 0.22.5 in the gomod group by @dependabot[bot] in #1240
- chore(deps): bump github/codeql-action from 4.31.6 to 4.31.7 in the actions group by @dependabot[bot] in #1241
- chore(deps): bump golang from
20b91edto0ece421by @dependabot[bot] in #1242 - chore(deps): bump golang.org/x/net from 0.47.0 to 0.48.0 by @dependabot[bot] in #1244
- chore(deps): bump github.com/go-openapi/spec from 0.22.1 to 0.22.2 in the gomod group by @dependabot[bot] in #1243
- chore(deps): bump golang from
0ece421toa22b2e6by @dependabot[bot] in #1245 - chore(deps): bump the gomod group with 5 updates by @dependabot[bot] in #1246
- chore(deps): bump github.com/tink-crypto/tink-go/v2 from 2.5.0 to 2.6.0 by @dependabot[bot] in #1247
- chore(deps): bump the actions group with 2 updates by @dependabot[bot] in #1248
- chore(deps): bump google.golang.org/protobuf from 1.36.10 to 1.36.11 in the gomod group by @dependabot[bot] in #1249
- chore(deps): bump github/codeql-action from 4.31.7 to 4.31.8 in the actions group by @dependabot[bot] in #1250
- chore(deps): bump actions/cache from 4.3.0 to 5.0.0 by @dependabot[bot] in #1251
- chore(deps): bump golang from
a22b2e6to36b4f45by @dependabot[bot] in #1253 - chore(deps): bump the gomod group with 5 updates by @dependabot[bot] in #1254
- chore(deps): bump actions/upload-artifact from 5.0.0 to 6.0.0 by @dependabot[bot] in #1257
- chore(deps): bump actions/cache from 5.0.0 to 5.0.1 in the actions group by @dependabot[bot] in #1256
- chore(deps): bump github.com/go-playground/validator/v10 from 10.28.0 to 10.29.0 by @dependabot[bot] in #1255
- update changelog for v2.0.4 by @bobcallaway in #1258
Full Changelog: v2.0.3...v2.0.4
Contributors
bobcallaway and dependabot
Assets 35
- 25.6 KB
2025-12-15T17:13:12Z - 2.1 KB
2025-12-15T17:07:38Z - 9.89 KB
2025-12-15T17:07:38Z - 21.3 MB
2025-12-15T17:07:33Z - 9.87 KB
2025-12-15T17:07:38Z - 111 KB
2025-12-15T17:07:36Z - 20.2 MB
2025-12-15T17:07:34Z - 9.69 KB
2025-12-15T17:07:39Z - 111 KB
2025-12-15T17:07:37Z - 20.8 MB
2025-12-15T17:07:34Z -
2025-12-15T17:02:36Z -
2025-12-15T17:02:36Z - Loading
v2.0.3
v2.0.2
v2.0.2
This release bumps the Go version to 1.25.
v2.0.1
v2.0.1
This release is identical to v2.0.0, as it only contains a fix for the release pipeline.
v2.0.0 changes the default HTTP response code to 200 for timestamp responses,
which matches all other well-known TSA implementations. Sigstore clients already
handle both 200 and 201 response codes, so no changes are needed to clients.
If you need backwards compatibility, you can deploy the service with
--use-http-201.
This release also changes the format of the binary and container signature,
which is now a Sigstore bundle.
To verify a release, use the latest Cosign 3.x, verifying with
cosign verify-blob --bundle <artifact>-keyless.sigstore.json <artifact>.
Features
- changes default HTTP response code to 200 for timestamp responses (#1202)
- feat: add configurable max request body size for TSA server (#1176)
Testing
- test: Add a K6 loadtest
Documentation
- Minor improvements to documentation (#1169)
Misc
- (fix): minor gosec issues under x509.go (#1201)
Full Changelog: v1.2.9...v2.0.1
v1.2.9
v1.2.8
v1.2.8
Features
- Allow full issuing chain in response (#1082)
- Relax EKU chaining rules verification for intermediate certs (#1078)
Full Changelog: v1.2.7...v1.2.8
v1.2.7
What's Changed
- swap yaml library to k8s fork by @bobcallaway in #1049
- Fix --http-ping-only flag to not affect https listener by @mktgbnk in #1051
- Bump Tink to v2, use shared KeyHandle converter by @haydentherapper in #1053
- fetch-tsa-certs: Add "--org-name" by @jku in #1056
- Fix: Disallow timestamp requests where digest length is inconsistent with hash algorithm by @aaronlew02 in #1066
Full Changelog: v1.2.6...v1.2.7
Contributors
jku, bobcallaway, and 3 other contributors
Assets 46
v1.2.6
What's Changed
- allow operators to customize customize HTTP request correlation IDs by @bobcallaway in #1026
- Do not assume leaf certificate is first in chain by @haydentherapper in #1040
Full Changelog: v1.2.5...v1.2.6
Contributors
bobcallaway and Hayden-IO
Assets 46
v1.2.5
v1.2.4
What's Changed
Full Changelog: v1.2.3...v1.2.4
Contributors
dnwe