Workflow

Spiffe

Latest version: v0.1.4

Safety actively analyzes 685670 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 16 of 18

0.9.2

- Fixed a crash when a key protecting the bundle endpoint is removed (1326)
- Bundle endpoint client now supports Web-PKI authenticated endpoints (1327)
- SPIRE now warns if the CA TTL will result in shorter-than-expected SVID lifetimes (1294)

0.9.1

- Agent cache file writes are now atomic, more resilient (1267)
- Introduced Google Cloud Storage bundle notifier plugin for server (1227)
- Server and agent now detect unknown configuration options in supported blocks (1289, 1299, 1306, 1307)
- Improved agent response to heavy server load through use of request backoffs (1270)
- The in-memory telemetry sink can now be disabled, and will be by default in a future release (1248)
- Agents will now re-balance connections to servers (and re-resolve DNS) automatically (1265)
- Improved behavior of M3 duration telemetry (1262)
- Fixed a bug in which MySQL deadlock may occur under heavy attestation load (1291)
- KeyManager "disk" now emits a friendly error when directory option is missing (1313)

0.9.0

- Users can now opt out of workload executable hashing when enabling the workload path as a selector (1078)
- Added M3 support to telemetry and other telemetry and logging improvements (1059, 1085, 1086, 1094, 1102, 1122,1138,1160,1186,1208)
- SQL auto-migration can be disabled (1089)
- SQL schema compatibility checks are aligned with upgrade compatibility guarantees (1089)
- Agent CLI can provide information on attested nodes (1098)
- SPIRE can tolerate small SVID expiration periods (1115)
- Reduced Docker image sizes by roughly 25% (1140)
- The `upstream_bundle` configurable is deprecated (1147)
- Agents can be configured to bootstrap insecurely with SPIRE Servers for ease of evaluation (1148)
- The issuer claim in JWT-SVIDs can be customized (1164)
- SPIRE Server supports a wider variety of signing key types (1169)
- New OIDC discovery provider that serves a compatible JWKS document with signing keys from the trust domain (1170,1175)
- New Upstream CA plugin that signs SPIRE Server CA CSRs using a Private Ceriticate Authority in AWS Certificate Manager (1172)
- Agents respond more predictably when making requests to an overloaded SPIRE Server (1182)
- Docker Workload Attestor supports a wider variety of cgroup drivers (1188)
- Docker Workload Attestor supports selection based on container environment variables (1205)
- Fixed an issue in which Kubernetes workload attestation occasionally fails to identify the caller (1216)

0.8.5

Security

- Fixed CVE-2021-27098
- Fixed file descriptor leak in peertracker

0.8.4

- Fixed spurious agent synchronization failures during agent SVID rotation (1084)
- Added support for [Kind](https://kind.sigs.k8s.io) to the Kubernetes Workload Attestor (#1133)
- Added support for ACME v2 to the bundle endpoint (1187)
- Fixed a bug that could result in agent crashes after upgrading to 0.8.2 or newer (1194)

0.8.3

- Upgrade to Go 1.12.12 in response to CVE-2019-17596 (1204)

Page 16 of 18

Links

Releases

Has known vulnerabilities

Previous Next

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.