Only contains dependency updates, but fixes #1252 due to breaking API change in sigstore/sigstore
- https://github.com/sigstore/timestamp-authority/security/advisories/GHSA-4qg8-fj49-pxjh; prevents OOM condition due to malformed request (#1236)
This release bumps the Go version to 1.25.
This release is identical to v2.0.0, as it only contains a fix for the release pipeline.
v2.0.0 changes the default HTTP response code to 200 for timestamp responses, which matches all other well-known TSA implementations. Sigstore clients already handle both 200 and 201 response codes, so no changes are needed to clients.
If you need backwards compatibility, you can deploy the service with
--use-http-201.
This release also changes the format of the binary and container signature,
which is now a Sigstore bundle.
To verify a release, use the latest Cosign 3.x, verifying with
cosign verify-blob --bundle <artifact>-keyless.sigstore.json <artifact>.
- changes default HTTP response code to 200 for timestamp responses (#1202)
- feat: add configurable max request body size for TSA server (#1176)
- test: Add a K6 loadtest
- Minor improvements to documentation (#1169)
- (fix): minor gosec issues under x509.go (#1201)
- logging: Don't use Error when logging 4xx responses (#1159)
- add feature to disable intermediate cert EKU enforcement (#1146)
- add documentation for AWS KMS example (#1094)
- Allow full issuing chain in response (#1082)
- Relax EKU chaining rules verification for intermediate certs (#1078)
- fetch-tsa-certs: Add "--org-name" (#1056)
- Fix: Disallow timestamp requests where digest length is inconsistent with hash algorithm (#1066)
- Fix --http-ping-only flag to not affect https listener (#1051)
- allow operators to customize the HTTP header used to customize request correlation IDs (#1026)
- Do not assume leaf certificate is first in chain (#1040)
- Exposes validity period of signing certificate as prometheus metric for monitoring
- fetch-tsa-certs now supports fetching a self-signed certificate chain
- Minor tweaks to CI configuration for hardening
- Add fuzzing coverage with oss-fuzz
- Dependabot updates
- Fix timestamp response to always be returned in GMT
- Relax go directive to permit 1.22.x
- Dependabot updates
- Don't mark hash argument as required in timestamp-cli
- Dependabot updates
- Go checksum database error on installation due to deleting a tag
- Dependabot updates
v1.2.1 includes a minor bug fix to set the SignedData version value in a timestamp response as per the RFC.
- Bump digitorus/timestamp version to pick up RFC correctness fix (#584)
v1.2.0 is based on Go 1.21.3.
- Support other hash algs for pre-signed timestamp besides SHA256 (#488)
- new http-ping-only flag for 'timestamp-server serve' (#474)
- Fix bug where TSA signing fails if cert hash != content hash. (#465)
- expand README on Cloud KMS deployment (#476)
- upgrade to Go1.21 (#471)
- Billy Lynch
- Carlos Tadeu Panato Junior
- Dmitry Savintsev
- Hayden B
1.1.2 fixes a signing related hash function bug and a typo.
- Fix hash function hardcoding bug by updating dependency (sigstore#452)
- Fix typo in OpenAPI spec (sigstore#419)
- Update GoReleaser flag (sigstore#356)
- Carlos Tadeu Panato Junior
- Dmitry Savintsev
- Meredith Lancaster
1.1.1 fixes a bug in the JSON format request code.
- Update how the JSON body is parsed (sigstore#343)
- Meredith Lancaster
1.1.0 now supports making timestamp requests in JSON format in addition to DER encoded format.
- Support timestamp requests in JSON format (sigstore#247)
- Fix typo in README (sigstore#294)
- Andrea Cosentino
- Meredith Lancaster
1.0 release of the timestamp authority. No changes from the previous release candidate.
Thank you to all contributors!
Note: This is a prerelease for 1.0. Please try it out and file issues!
- Upgrade to go 1.20.1 (sigstore#245)
- Update policy (sigstore#251, sigstore#262)
- Carlos Tadeu Panato Junior
- Hayden B
- Meredith Lancaster
Note: This is a prerelease for 1.0. Please try it out and file issues!
SLSA provenance is now uploaded with each release. Use slsa-verifier to verify the release.
- Mock NTP client (sigstore#217)
- Carlos Tadeu Panato Junior
- Hayden B
- Meredith Lancaster
0.2.1 now rejects timestamp requests that use SHA-1. For server operators, it now defaults to using NTP monitoring.
- Generate slsa provenance (sigstore#193)
- Use default NTP monitoring configuration (sigstore#186)
- Reject requests that use SHA-1 (sigstore#202)
- Update README with more details (sigstore#188)
- Hayden B
- Hector Fernandez
- Meredith Lancaster
0.2.0 improves the verification library (sigstore#121). The library now verifies the full certificate chain and additional properties of the timestamp.
- Start adding more verification with VerificationOpts struct (sigstore#153)
- Verify command returns the parsed timestamp (sigstore#174)
- Add intermediate and root verify flags (sigstore#180)
- Verify full certificate chain (sigstore#181)
- Add mock client (sigstore#175)
- Update timing accuracy statements in the policy document (sigstore#179)
- Hayden Blauzvern
- Meredith Lancaster
- Added an optional feature to compare the local time with a set of trusted ntp servers (sigstore#143)
- Register KMS providers (sigstore#160)
- Added .PHONY target for CLI rebuilding (sigstore#159)
- inspect: remove format flag (sigstore#155)
- Fredrik Skogman
- Hector Fernandez
- Meredith Lancaster
- neilnaveen
- Fix a bug where certChain was not set correctly (sigstore#140)
- Ville Aikas
- Update in memory signer to use intermediate certificate (sigstore#136)
- Move verify logic to pkg (sigstore#120)
- Require the file signer to specify the certificate chain (sigstore#137)
- Fix hashed message verification (sigstore#118)
- Update fetch TSA certs script for Tink (sigstore#111)
- Hayden Blauzvern
- Hector Fernandez
Initial release of sigstore/timestamp-authority
See the README for instructions on how to run the timestamp authority and fetch and verify signed timestamps.
- Carlos Tadeu Panato Junior (@cpanato)
- Hayden Blauzvern (@haydentherapper)
- Hector Fernandez (@hectorj2f)
- Meredith Lancaster (@malancas)