Spiffe

Latest version: v0.1.4

Safety actively analyzes 687918 Python packages for vulnerabilities to keep your Python projects secure.

Scan your dependencies

Page 9 of 18

1.4.4

Added

- Experimental support for limiting the number of SVIDs in the agent's cache (3181)
- Support for attesting Envoy proxy workloads when Istio is configured with holdApplicationUntilProxyStarts (3460)

Changed

- Improved bundle endpoint misconfiguration diagnostics (3395)
- OIDC Discovery Provider endpoint now has a timeout to read request headers (3435)
- Small documentation improvements (3443)

1.4.3

Security

- Updated minimum TLS version to 1.2 for the k8s-workload-registrar CRD mode webhook and the oidc-discovery-provider when using ACME

1.4.2

Added

- The X509-SVID Subject field now contains a unique ID to satisfy RFC 5280 requirements (3367)
- Agents now shut down when banned (3308)

Changed

- Small documentation improvements (3309, 3377)

1.4.1

Security

- Updated to Go 1.18.6 to address CVE-2022-27664

1.4.0

Added

- Support for Windows workload attestation on Kubernetes (3191)
- Support for using RSA keys with Workload X509-SVIDs (3237)
- Support for anonymous authentication to the Kubelet secure port when performing workload attestation on Kubernetes (3273)

Deprecated

- The Node Resolver plugin type (3272)

Fixed

- Persistence of the can_reattest flag during agent SVID renewal (3292)
- A regression in behavior preventing an agent from re-attesting when it has been evicted (3269)

Changed

- The Azure Node Attestor to optionally provide selectors (3272)
- The Docker Workload Attestor now fails when configured with unknown options (3243)
- Improved CRI-O support with Kubernetes workload attestation (3242)
- Agent data stored on disk has been consolidated to a single JSON file (3201)
- Agent and server data directories on Windows no longer inherit permissions from parent directory (3227)
- Endpoints exposed using named pipes explicitly deny access to remote callers (3236)
- Small documentation improvements (3264)

Removed

- The deprecated webhook mode from the k8s-workload-registrar (3235)
- Support for the configmap leader election lock type from the k8s-workload-registrar (3241)

1.3.6

Security

- Updated to Go 1.18.8 to address CVE-2022-41716. This vulnerability only affects users configuring external Server or Agent plugins on Windows.

Page 9 of 18

© 2024 Safety CLI Cybersecurity Inc. All Rights Reserved.