Workflow

Spiffe

Latest version: v0.1.5

Safety actively analyzes 714772 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 4 of 18

1.8.7

Added

- Agents can now be configured with an availability target, which establishes the minimum amount of time desired to gracefully handle server or agent downtime, influencing how aggressively X509-SVIDs should be rotated (4599)
- SyncAuthorizedEntries RPC, which allows agents to only sync down changes instead of the entire set of entries. Agents can be configured to use this new RPC through the `use_sync_authorized_entries` experimental setting (4648)
- Experimental support for an events based entry cache which reduces overhead on the database (4379, 4411, 4527, 4451, 4562, 4723, 4731)

Changed

- The maximum number of open database connections in the datastore now defaults to 100 instead of unlimited (4656)
- Agents now shut down when they can't synchronize entries with the server due to an unknown authority error (4617)

Removed

- Agents no longer maintains agent SVID and bundle information in the legacy paths in the data directory (4717)

1.8.6

Security

- Updated to Go 1.21.5 to address CVE-2023-39326

1.8.5

Added

- All credential types supported by Azure can now be used in `azure_msi` NodeAttestor plugin and `azure_key_vault` KeyManager plugin (4568)
- `EnableHostnameLabel` field in Server and Agent `telemetry` configuration section that enables addition of a hostname label to metrics (4584)

Changed

- Agent SDS API now provides a SPIFFEValidationContext as the default CertificateValidationContext when the Envoy version cannot be determined (4618)
- Server CAs now contain a `serialNumber` attribute in the `Subject` DN (4585)
- Improved accuracy of Agent log message for SVID renewal events (4654)

Deprecated

- `use_msi` configuration fields in `azure_msi` NodeAttestor plugin and `azure_key_vault` KeyManager plugin are deprecated in favor of the chained Azure SDK credential loading strategy (4568)

Fixed

- Agent SDS API now provides correct CertificateValidationContext when Envoy registered in SPIRE after the first SDS request (4611)

1.8.4

Security

- Updated to Go 1.21.4 to address CVE-2023-45283, CVE-2023-45284

1.8.3

Added

- SPIRE Agent distributes sync requests to the SPIRE server to mitigate thundering herd situations (4534)
- Allow configuring prefixes for all metrics (4535)
- Documentation improvements (4579, 4569)

Changed

- SPIRE Agent performs the initial sync more aggressively when tuned with a longer sync interval (4479)

Fixed

- Release artifacts have the correct version information (4564)
- The SPIRE Agent `insecureBootstrap` and `trustBundleUrl` configurables are now mutually exclusive (4532)
- Bug preventing JWT-SVIDs from being minted when a Credential Composer plugin is configured (4489)

1.8.2

Security

- Updated to google.golang.org/grpc v1.58.3 and golang.org/x/net v0.17.0 to address CVE-2023-39325, CVE-2023-44487

Page 4 of 18

Links

Releases

Has known vulnerabilities

Previous Next

© 2025 Safety CLI Cybersecurity Inc. All Rights Reserved.