Skip to content

v1.5.0

Latest
Latest

Choose a tag to compare

View all tags
@sigstore-bot sigstore-bot released this 22 Jan 02:37
· 7 commits to main since this release
v1.5.0
This tag was signed with the committer’s verified signature.
Hayden-IO Hayden
SSH Key Fingerprint: ZJmEJziSaDOAh945+gfnh55LtM2wipvfyF5gBXYDueU
Verified
Learn about vigilant mode.
fe9717f
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

v1.5.0

This release fixes GHSA-273p-m2cw-6833 and GHSA-4c4x-jm2x-pf9j. Note that this
drops support for fetching public keys via URL when querying the search API.

Vulnerability Fixes

  • Handle malformed COSE and DSSE entries (#2729)
  • Drop support for fetching public keys by URL in the search index (#2731)

Features

  • Add support for a custom TLS config for clients (#2709)
Assets 58
Loading