1# CERTIFICATE-TRANSPARENCY-GO Changelog
2
3## HEAD
4
5## v1.1.8
6
7* Recommended Go version for development: 1.21
8 * Using a different version can lead to presubmits failing due to unexpected diffs.
9
10### Add support for AIX
11
12* crypto/x509: add AIX operating system by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1277
13
14### Monitoring
15
16* Distribution metric to monitor the start of get-entries requests by @phbnf in https://github.com/google/certificate-transparency-go/pull/1364
17
18### Fixes
19
20* Use the appropriate HTTP response code for backend timeouts by @robstradling in https://github.com/google/certificate-transparency-go/pull/1313
21
22### Misc
23
24* Move golangci-lint from Cloud Build to GitHub Action by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1230
25* Set golangci-lint GH action timeout to 5m by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1231
26* Added Slack channel details by @mhutchinson in https://github.com/google/certificate-transparency-go/pull/1246
27* Improve fuzzing by @AdamKorcz in https://github.com/google/certificate-transparency-go/pull/1345
28
29### Dependency update
30
31* Bump golang from `20f9ab5` to `5ee1296` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1216
32* Bump golang from `20f9ab5` to `5ee1296` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1217
33* Bump golang from `20f9ab5` to `5ee1296` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1218
34* Bump k8s.io/klog/v2 from 2.100.1 to 2.110.1 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1219
35* Bump golang from `20f9ab5` to `5ee1296` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1220
36* Bump golang from `5ee1296` to `5bafbbb` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1221
37* Bump golang from `5ee1296` to `5bafbbb` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1222
38* Bump golang from `5ee1296` to `5bafbbb` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1223
39* Bump golang from `5ee1296` to `5bafbbb` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1224
40* Update the minimal image to gcr.io/distroless/base-debian12 by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1148
41* Bump jq from 1.6 to 1.7 by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1225
42* Bump github.com/spf13/cobra from 1.7.0 to 1.8.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1226
43* Bump golang.org/x/time from 0.3.0 to 0.4.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1227
44* Bump github.com/mattn/go-sqlite3 from 1.14.17 to 1.14.18 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1228
45* Bump github.com/gorilla/mux from 1.8.0 to 1.8.1 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1229
46* Bump golang from 1.21.3-bookworm to 1.21.4-bookworm in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1232
47* Bump golang from 1.21.3-bookworm to 1.21.4-bookworm in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1233
48* Bump golang from 1.21.3-bookworm to 1.21.4-bookworm in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1234
49* Bump golang from 1.21.3-bookworm to 1.21.4-bookworm in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1235
50* Bump go-version-input from 1.20.10 to 1.20.11 in govulncheck.yml by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1238
51* Bump golang.org/x/net from 0.17.0 to 0.18.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1236
52* Bump github/codeql-action from 2.22.5 to 2.22.6 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1240
53* Bump github/codeql-action from 2.22.6 to 2.22.7 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1241
54* Bump golang from `85aacbe` to `dadce81` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1243
55* Bump golang from `85aacbe` to `dadce81` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1242
56* Bump golang from `85aacbe` to `dadce81` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1244
57* Bump golang from `85aacbe` to `dadce81` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1245
58* Bump golang from `dadce81` to `52362e2` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1247
59* Bump golang from `dadce81` to `52362e2` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1248
60* Bump golang from `dadce81` to `52362e2` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1249
61* Bump golang from `dadce81` to `52362e2` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1250
62* Bump github/codeql-action from 2.22.7 to 2.22.8 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1251
63* Bump golang.org/x/net from 0.18.0 to 0.19.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1252
64* Bump golang.org/x/time from 0.4.0 to 0.5.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1254
65* Bump alpine from `eece025` to `34871e7` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1256
66* Bump alpine from `eece025` to `34871e7` in /trillian/examples/deployment/docker/envsubst by @dependabot in https://github.com/google/certificate-transparency-go/pull/1257
67* Bump go-version-input from 1.20.11 to 1.20.12 in govulncheck.yml by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1264
68* Bump actions/setup-go from 4.1.0 to 5.0.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1261
69* Bump golang from 1.21.4-bookworm to 1.21.5-bookworm in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1259
70* Bump golang from 1.21.4-bookworm to 1.21.5-bookworm in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1263
71* Bump golang from 1.21.4-bookworm to 1.21.5-bookworm in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1262
72* Bump golang from 1.21.4-bookworm to 1.21.5-bookworm in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1260
73* Bump go.etcd.io/etcd/v3 from 3.5.10 to 3.5.11 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1266
74* Bump github/codeql-action from 2.22.8 to 2.22.9 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1269
75* Bump alpine from `34871e7` to `51b6726` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1270
76* Bump alpine from 3.18 to 3.19 in /trillian/examples/deployment/docker/envsubst by @dependabot in https://github.com/google/certificate-transparency-go/pull/1271
77* Bump golang from `a6b787c` to `2d3b13c` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1272
78* Bump golang from `a6b787c` to `2d3b13c` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1273
79* Bump golang from `a6b787c` to `2d3b13c` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1274
80* Bump golang from `a6b787c` to `2d3b13c` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1275
81* Bump github/codeql-action from 2.22.9 to 2.22.10 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1278
82* Bump google.golang.org/grpc from 1.59.0 to 1.60.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1279
83* Bump github/codeql-action from 2.22.10 to 3.22.11 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1280
84* Bump distroless/base-debian12 from `1dfdb5e` to `8a0bb63` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1281
85* Bump github.com/google/trillian from 1.5.3 to 1.5.4-0.20240110091238-00ca9abe023d by @mhutchinson in https://github.com/google/certificate-transparency-go/pull/1297
86* Bump actions/upload-artifact from 3.1.3 to 4.0.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1282
87* Bump github/codeql-action from 3.22.11 to 3.23.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1295
88* Bump github.com/mattn/go-sqlite3 from 1.14.18 to 1.14.19 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1283
89* Bump golang from 1.21.5-bookworm to 1.21.6-bookworm in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1300
90* Bump distroless/base-debian12 from `8a0bb63` to `0a93daa` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1284
91* Bump golang from 1.21.5-bookworm to 1.21.6-bookworm in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1299
92* Bump golang from 1.21.5-bookworm to 1.21.6-bookworm in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1298
93* Bump golang from 1.21.5-bookworm to 1.21.6-bookworm in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1301
94* Bump golang from `688ad7f` to `1e8ea75` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1306
95* Bump golang from `688ad7f` to `1e8ea75` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1305
96* Use trillian release instead of pinned commit by @mhutchinson in https://github.com/google/certificate-transparency-go/pull/1304
97* Bump actions/upload-artifact from 4.0.0 to 4.1.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1310
98* Bump golang from `1e8ea75` to `cbee5d2` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1312
99* Bump golang from `688ad7f` to `cbee5d2` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1308
100* Bump golang from `1e8ea75` to `cbee5d2` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1311
101* Bump golang.org/x/net from 0.19.0 to 0.20.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1302
102* Bump golang from `b651ed8` to `cbee5d2` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1309
103* Bump golang from `cbee5d2` to `c4b696f` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1314
104* Bump golang from `cbee5d2` to `c4b696f` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1315
105* Bump github/codeql-action from 3.23.0 to 3.23.1 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1317
106* Bump golang from `cbee5d2` to `c4b696f` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1316
107* Bump golang from `cbee5d2` to `c4b696f` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1318
108* Bump k8s.io/klog/v2 from 2.120.0 to 2.120.1 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1319
109* Bump actions/upload-artifact from 4.1.0 to 4.2.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1320
110* Bump actions/upload-artifact from 4.2.0 to 4.3.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1321
111* Bump golang from `c4b696f` to `d8c365d` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1326
112* Bump golang from `c4b696f` to `d8c365d` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1323
113* Bump google.golang.org/grpc from 1.60.1 to 1.61.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1324
114* Bump golang from `c4b696f` to `d8c365d` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1322
115* Bump golang from `c4b696f` to `d8c365d` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1325
116* Bump github.com/mattn/go-sqlite3 from 1.14.19 to 1.14.20 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1327
117* Bump github/codeql-action from 3.23.1 to 3.23.2 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1328
118* Bump alpine from `51b6726` to `c5b1261` in /trillian/examples/deployment/docker/envsubst by @dependabot in https://github.com/google/certificate-transparency-go/pull/1330
119* Bump alpine from `51b6726` to `c5b1261` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1329
120* Bump go.etcd.io/etcd/v3 from 3.5.11 to 3.5.12 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1332
121* Bump github.com/mattn/go-sqlite3 from 1.14.20 to 1.14.21 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1333
122* Bump golang from `d8c365d` to `69bfed3` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1335
123* Bump golang from `d8c365d` to `69bfed3` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1338
124* Bump golang from `d8c365d` to `69bfed3` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1337
125* Bump golang from `d8c365d` to `69bfed3` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1336
126* Bump golang from `69bfed3` to `3efef61` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1339
127* Bump github.com/mattn/go-sqlite3 from 1.14.21 to 1.14.22 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1344
128* Bump golang from `69bfed3` to `3efef61` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1341
129* Bump golang from `69bfed3` to `3efef61` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1343
130* Bump distroless/base-debian12 from `0a93daa` to `f47fa3d` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1340
131* Bump golang from `69bfed3` to `3efef61` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1342
132* Bump github/codeql-action from 3.23.2 to 3.24.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1346
133* Bump actions/upload-artifact from 4.3.0 to 4.3.1 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1347
134* Bump golang from 1.21.6-bookworm to 1.22.0-bookworm in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1350
135* Bump golang from 1.21.6-bookworm to 1.22.0-bookworm in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1348
136* Bump golang from 1.21.6-bookworm to 1.22.0-bookworm in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1349
137* Bump golang from 1.21.6-bookworm to 1.22.0-bookworm in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1351
138* Bump golang.org/x/crypto from 0.18.0 to 0.19.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1353
139* Bump golangci/golangci-lint-action from 3.7.0 to 4.0.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1354
140* Bump golang.org/x/net from 0.20.0 to 0.21.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1352
141* Bump distroless/base-debian12 from `f47fa3d` to `2102ce1` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1355
142* Bump github/codeql-action from 3.24.0 to 3.24.1 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1357
143* Bump golang from `874c267` to `5a3e169` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1356
144* Bump golang from `874c267` to `5a3e169` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1358
145* Bump golang from `874c267` to `5a3e169` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1359
146* Bump golang from `874c267` to `5a3e169` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1360
147* Bump github/codeql-action from 3.24.1 to 3.24.3 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1366
148* Bump golang from `5a3e169` to `925fe3f` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1363
149* Bump google.golang.org/grpc from 1.61.0 to 1.61.1 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1362
150* Bump golang from `5a3e169` to `925fe3f` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1365
151* Bump golang from `5a3e169` to `925fe3f` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1361
152* Bump golang from `5a3e169` to `925fe3f` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1367
153* Bump golang/govulncheck-action from 1.0.1 to 1.0.2 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1368
154* Bump github/codeql-action from 3.24.3 to 3.24.5 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1371
155* Bump google.golang.org/grpc from 1.61.1 to 1.62.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1369
156* Bump distroless/base-debian12 from `2102ce1` to `5eae9ef` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1372
157* Bump distroless/base-debian12 from `5eae9ef` to `f9b0e86` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1375
158* Bump golang.org/x/crypto from 0.19.0 to 0.20.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1374
159* Bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1373
160* Bump github/codeql-action from 3.24.5 to 3.24.6 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1377
161* Bump distroless/base-debian12 from `f9b0e86` to `5eae9ef` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1376
162* Bump golang.org/x/net from 0.21.0 to 0.22.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1378
163* Bump Go from 1.20 to 1.21 by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1386
164* Bump google.golang.org/grpc from 1.62.0 to 1.62.1 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1380
165* Bump golang from 1.22.0-bookworm to 1.22.1-bookworm in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1382
166* Bump golang from 1.22.0-bookworm to 1.22.1-bookworm in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1385
167* Bump golang from 1.22.0-bookworm to 1.22.1-bookworm in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1384
168* Bump golang from 1.22.0-bookworm to 1.22.1-bookworm in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1383
169
170## v1.1.7
171
172* Recommended Go version for development: 1.20
173 * This is the version used by the Cloud Build presubmits. Using a different version can lead to presubmits failing due to unexpected diffs.
174
175* Bump golangci-lint from 1.51.1 to 1.55.1 (developers should update to this version).
176
177### Add support for WASI port
178
179* Add build tags for wasip1 GOOS by @flavio in https://github.com/google/certificate-transparency-go/pull/1089
180
181### Add support for IBM Z operating system z/OS
182
183* Add build tags for zOS by @onlywork1984 in https://github.com/google/certificate-transparency-go/pull/1088
184
185### Log List
186
187* Add support for "is_all_logs" field in loglist3 by @phbnf in https://github.com/google/certificate-transparency-go/pull/1095
188
189### Documentation
190
191* Improve Dockerized Test Deployment documentation by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1179
192
193### Misc
194
195* Escape forward slashes in certificate Subject names when used as user quota id strings by @robstradling in https://github.com/google/certificate-transparency-go/pull/1059
196* Search whole chain looking for issuer match by @mhutchinson in https://github.com/google/certificate-transparency-go/pull/1112
197* Use proper check per @AGWA instead of buggy check introduced in #1112 by @mhutchinson in https://github.com/google/certificate-transparency-go/pull/1114
198* Build the ctfe/ct_server binary without depending on glibc by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1119
199* Migrate CTFE Ingress manifest to support GKE version 1.23 by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1086
200* Remove Dependabot ignore configuration by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1097
201* Add "github-actions" and "docker" Dependabot config by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1101
202* Add top level permission in CodeQL workflow by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1102
203* Pin Docker image dependencies by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1110
204* Remove GO111MODULE from Dockerfile and Cloud Build yaml files by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1113
205* Add docker Dependabot config by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1126
206* Export is_mirror = 0.0 for non mirror instead of nothing by @phbnf in https://github.com/google/certificate-transparency-go/pull/1133
207* Add govulncheck GitHub action by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1145
208* Spelling by @jsoref in https://github.com/google/certificate-transparency-go/pull/1144
209
210### Dependency update
211
212* Bump Go from 1.19 to 1.20 by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1146
213* Bump golangci-lint from 1.51.1 to 1.55.1 by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1214
214* Bump go.etcd.io/etcd/v3 from 3.5.8 to 3.5.9 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1083
215* Bump golang.org/x/crypto from 0.8.0 to 0.9.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/108
216* Bump github.com/mattn/go-sqlite3 from 1.14.16 to 1.14.17 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1092
217* Bump golang.org/x/net from 0.10.0 to 0.11.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1094
218* Bump github.com/prometheus/client_golang from 1.15.1 to 1.16.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1098
219* Bump google.golang.org/protobuf from 1.30.0 to 1.31.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1099
220* Bump golang.org/x/net from 0.11.0 to 0.12.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1108
221* Bump actions/checkout from 3.1.0 to 3.5.3 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1103
222* Bump github/codeql-action from 2.1.27 to 2.20.3 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1104
223* Bump ossf/scorecard-action from 2.0.6 to 2.2.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1105
224* Bump actions/upload-artifact from 3.1.0 to 3.1.2 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1106
225* Bump github/codeql-action from 2.20.3 to 2.20.4 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1115
226* Bump github/codeql-action from 2.20.4 to 2.21.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1117
227* Bump golang.org/x/net from 0.12.0 to 0.14.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1124
228* Bump github/codeql-action from 2.21.0 to 2.21.2 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1121
229* Bump github/codeql-action from 2.21.2 to 2.21.4 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1125
230* Bump golang from `fd9306e` to `eb3f9ac` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1127
231* Bump alpine from 3.8 to 3.18 in /trillian/examples/deployment/docker/envsubst by @dependabot in https://github.com/google/certificate-transparency-go/pull/1129
232* Bump golang from `fd9306e` to `eb3f9ac` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1128
233* Bump alpine from `82d1e9d` to `7144f7b` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1130
234* Bump golang from `fd9306e` to `eb3f9ac` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1131
235* Bump golang from 1.19-alpine to 1.21-alpine in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1132
236* Bump actions/checkout from 3.5.3 to 3.6.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1134
237* Bump github/codeql-action from 2.21.4 to 2.21.5 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1135
238* Bump distroless/base from `73deaaf` to `46c5b9b` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1136
239* Bump actions/checkout from 3.6.0 to 4.0.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1137
240* Bump golang.org/x/net from 0.14.0 to 0.15.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1139
241* Bump github.com/rs/cors from 1.9.0 to 1.10.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1140
242* Bump actions/upload-artifact from 3.1.2 to 3.1.3 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1141
243* Bump golang from `445f340` to `96634e5` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1142
244* Bump github/codeql-action from 2.21.5 to 2.21.6 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1149
245* Bump Docker golang base images to 1.21.1 by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1147
246* Bump github/codeql-action from 2.21.6 to 2.21.7 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1150
247* Bump github/codeql-action from 2.21.7 to 2.21.8 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1152
248* Bump golang from `d3114db` to `a0b3bc4` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1155
249* Bump golang from `d3114db` to `a0b3bc4` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1157
250* Bump golang from `d3114db` to `a0b3bc4` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1156
251* Bump golang from `d3114db` to `a0b3bc4` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1158
252* Bump golang from `e06b3a4` to `114b9cc` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1159
253* Bump golang from `a0b3bc4` to `114b9cc` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1160
254* Bump golang from `a0b3bc4` to `114b9cc` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1161
255* Bump actions/checkout from 4.0.0 to 4.1.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1162
256* Bump golang from `114b9cc` to `9c7ea4a` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1163
257* Bump golang from `114b9cc` to `9c7ea4a` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1166
258* Bump golang from `114b9cc` to `9c7ea4a` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1165
259* Bump golang from `114b9cc` to `9c7ea4a` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1164
260* Bump github/codeql-action from 2.21.8 to 2.21.9 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1169
261* Bump golang from `9c7ea4a` to `61f84bc` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1168
262* Bump github.com/prometheus/client_golang from 1.16.0 to 1.17.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1172
263* Bump golang from `9c7ea4a` to `61f84bc` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1170
264* Bump github.com/rs/cors from 1.10.0 to 1.10.1 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1176
265* Bump alpine from `7144f7b` to `eece025` in /trillian/examples/deployment/docker/envsubst by @dependabot in https://github.com/google/certificate-transparency-go/pull/1174
266* Bump alpine from `7144f7b` to `eece025` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1175
267* Bump golang from `9c7ea4a` to `61f84bc` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1171
268* Bump golang from `9c7ea4a` to `61f84bc` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1173
269* Bump distroless/base from `46c5b9b` to `a35b652` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1177
270* Bump golang.org/x/crypto from 0.13.0 to 0.14.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1178
271* Bump github/codeql-action from 2.21.9 to 2.22.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1180
272* Bump golang from 1.21.1-bookworm to 1.21.2-bookworm in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1181
273* Bump golang.org/x/net from 0.15.0 to 0.16.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1184
274* Bump golang from 1.21.1-bookworm to 1.21.2-bookworm in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1182
275* Bump golang from 1.21.1-bookworm to 1.21.2-bookworm in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1185
276* Bump golang from 1.21.1-bookworm to 1.21.2-bookworm in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1183
277* Bump github/codeql-action from 2.22.0 to 2.22.1 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1186
278* Bump distroless/base from `a35b652` to `b31a6e0` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1188
279* Bump ossf/scorecard-action from 2.2.0 to 2.3.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1187
280* Bump github.com/google/go-cmp from 0.5.9 to 0.6.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1189
281* Bump golang.org/x/net from 0.16.0 to 0.17.0 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1190
282* Bump go-version-input from 1.20.8 to 1.20.10 in govulncheck by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1195
283* Bump golang from 1.21.2-bookworm to 1.21.3-bookworm in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1193
284* Bump golang from 1.21.2-bookworm to 1.21.3-bookworm in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1191
285* Bump golang from 1.21.2-bookworm to 1.21.3-bookworm in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1194
286* Bump golang from 1.21.2-bookworm to 1.21.3-bookworm in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1192
287* Bump golang from `a94b089` to `8f9a1ec` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1196
288* Bump github/codeql-action from 2.22.1 to 2.22.2 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1197
289* Bump golang from `a94b089` to `5cc7ddc` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1200
290* Bump golang from `a94b089` to `5cc7ddc` in /internal/witness/cmd/witness by @dependabot in https://github.com/google/certificate-transparency-go/pull/1199
291* Bump github/codeql-action from 2.22.2 to 2.22.3 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1202
292* Bump golang from `5cc7ddc` to `20f9ab5` in /integration by @dependabot in https://github.com/google/certificate-transparency-go/pull/1203
293* Bump golang from `a94b089` to `20f9ab5` in /trillian/examples/deployment/docker/ctfe by @dependabot in https://github.com/google/certificate-transparency-go/pull/1198
294* Bump golang from `8f9a1ec` to `20f9ab5` in /internal/witness/cmd/feeder by @dependabot in https://github.com/google/certificate-transparency-go/pull/1201
295* Bump actions/checkout from 4.1.0 to 4.1.1 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1204
296* Bump github/codeql-action from 2.22.3 to 2.22.4 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1206
297* Bump ossf/scorecard-action from 2.3.0 to 2.3.1 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1207
298* Bump github/codeql-action from 2.22.4 to 2.22.5 by @dependabot in https://github.com/google/certificate-transparency-go/pull/1209
299* Bump multiple Go module dependencies by @roger2hk in https://github.com/google/certificate-transparency-go/pull/1213
300
301## v1.1.6
302
303### Dependency update
304
305* Bump Trillian to v1.5.2
306* Bump Prometheus to v0.43.1
307
308## v1.1.5
309
310### Public/Private Key Consistency
311
312 * #1044: If a public key has been configured for a log, check that it is consistent with the private key.
313 * #1046: Ensure that no two logs in the CTFE configuration use the same private key.
314
315### Cleanup
316
317 * Remove v2 log list package files.
318
319### Misc
320
321 * Updated golangci-lint to v1.51.1 (developers should update to this version).
322 * Bump Go version from 1.17 to 1.19.
323
324## v1.1.4
325
326[Published 2022-10-21](https://github.com/google/certificate-transparency-go/releases/tag/v1.1.4)
327
328### Cleanup
329
330 * Remove log list v1 package and its dependencies.
331
332### Migrillian
333
334 * #960: Skip consistency check when root is size zero.
335
336### Misc
337
338 * Update Trillian to [0a389c4](https://github.com/google/trillian/commit/0a389c4bb8d97fb3be8f55d7e5b428cf4304986f)
339 * Migrate loglist dependency from v1 to v3 in ctclient cmd.
340 * Migrate loglist dependency from v1 to v3 in ctutil/loginfo.go
341 * Migrate loglist dependency from v1 to v3 in ctutil/sctscan.go
342 * Migrate loglist dependency from v1 to v3 in trillian/integration/ct_hammer/main.go
343 * Downgrade 429 errors to verbosity 2
344
345## v1.1.3
346
347[Published 2022-05-14](https://github.com/google/certificate-transparency-go/releases/tag/v1.1.3)
348
349### Integration
350
351 * Breaking change to API for `integration.HammerCTLog`:
352 * Added `ctx` as first argument, and terminate loop if it becomes cancelled
353
354### JSONClient
355
356 * PostAndParseWithRetry now does backoff-and-retry upon receiving HTTP 429.
357
358### Cleanup
359
360 * `WithBalancerName` is deprecated and removed, using the recommended way.
361 * `ctfe.PEMCertPool` type has been moved to `x509util.PEMCertPool` to reduce
362 dependencies (#903).
363
364### Misc
365
366 * updated golangci-lint to v1.46.1 (developers should update to this version)
367 * update `google.golang.org/grpc` to v1.46.0
368 * `ctclient` tool now uses Cobra for better CLI experience (#901).
369 * #800: Remove dependency from `ratelimit`.
370 * #927: Add read-only mode to CTFE config.
371
372## v1.1.2
373
374[Published 2021-09-21](https://github.com/google/certificate-transparency-go/releases/tag/v1.1.2)
375
376### CTFE
377
378 * Removed the `-by_range` flag.
379
380### Updated dependencies
381
382 * Trillian from v1.3.11 to v1.4.0
383 * protobuf to v2
384
385## v1.1.1
386
387[Published 2020-10-06](https://github.com/google/certificate-transparency-go/releases/tag/v1.1.1)
388
389### Tools
390
391#### CT Hammer
392
393Added a flag (--strict_sth_consistency_size) which when set to true enforces the current behaviour of only request consistency proofs between tree sizes for which the hammer has seen valid STHs.
394When setting this flag to false, if no two usable STHs are available the hammer will attempt to request a consistency proof between the latest STH it's seen and a random smaller (but > 0) tree size.
395
396
397### CTFE
398
399#### Caching
400
401The CTFE now includes a Cache-Control header in responses containing purely
402immutable data, e.g. those for get-entries and get-proof-by-hash. This allows
403clients and proxies to cache these responses for up to 24 hours.
404
405#### EKU Filtering
406
407> :warning: **It is not yet recommended to enable this option in a production CT Log!**
408
409CTFE now supports filtering logging submissions by leaf certificate EKU.
410This is enabled by adding an extKeyUsage list to a log's stanza in the
411config file.
412
413The format is a list of strings corresponding to the supported golang x509 EKUs:
414 |Config string | Extended Key Usage |
415 |----------------------------|----------------------------------------|
416 |`Any` | ExtKeyUsageAny |
417 |`ServerAuth` | ExtKeyUsageServerAuth |
418 |`ClientAuth` | ExtKeyUsageClientAuth |
419 |`CodeSigning` | ExtKeyUsageCodeSigning |
420 |`EmailProtection` | ExtKeyUsageEmailProtection |
421 |`IPSECEndSystem` | ExtKeyUsageIPSECEndSystem |
422 |`IPSECTunnel` | ExtKeyUsageIPSECTunnel |
423 |`IPSECUser` | ExtKeyUsageIPSECUser |
424 |`TimeStamping` | ExtKeyUsageTimeStamping |
425 |`OCSPSigning` | ExtKeyUsageOCSPSigning |
426 |`MicrosoftServerGatedCrypto`| ExtKeyUsageMicrosoftServerGatedCrypto |
427 |`NetscapeServerGatedCrypto` | ExtKeyUsageNetscapeServerGatedCrypto |
428
429When an extKeyUsage list is specified, the CT Log will reject logging
430submissions for leaf certificates that do not contain an EKU present in this
431list.
432
433When enabled, EKU filtering is only performed at the leaf level (i.e. there is
434no 'nested' EKU filtering performed).
435
436If no list is specified, or the list contains an `Any` entry, no EKU
437filtering will be performed.
438
439#### GetEntries
440Calls to `get-entries` which are at (or above) the maximum permitted number of
441entries whose `start` parameter does not fall on a multiple of the maximum
442permitted number of entries, will have their responses truncated such that
443subsequent requests will align with this boundary.
444This is intended to coerce callers of `get-entries` into all using the same
445`start` and `end` parameters and thereby increase the cacheability of
446these requests.
447
448e.g.:
449
450<pre>
451Old behaviour:
452 1 2 3
453 0 0 0
454Entries>-----|---------|---------|----...
455Client A -------|---------|----------|...
456Client B --|--------|---------|-------...
457 ^ ^ ^
458 `--------`---------`---- requests
459
460With coercion (max batch = 10 entries):
461 1 2 3
462 0 0 0
463Entries>-----|---------|---------|----...
464Client A ----X---------|---------|...
465Client B --|-X---------|---------|-------...
466 ^
467 `-- Requests truncated
468</pre>
469
470This behaviour can be disabled by setting the `--align_getentries`
471flag to false.
472
473#### Flags
474
475The `ct_server` binary changed the default of these flags:
476
477- `by_range` - Now defaults to `true`
478
479The `ct_server` binary added the following flags:
480- `align_getentries` - See GetEntries section above for details
481
482Added `backend` flag to `migrillian`, which now replaces the deprecated
483"backend" feature of Migrillian configs.
484
485#### FixedBackendResolver Replaced
486
487This was previously used in situations where a comma separated list of
488backends was provided in the `rpcBackend` flag rather than a single value.
489
490It has been replaced by equivalent functionality using a newer gRPC API.
491However this support was only intended for use in integration tests. In
492production we recommend the use of etcd or a gRPC load balancer.
493
494### LogList
495
496Log list tools updated to use the correct v2 URL (from v2_beta previously).
497
498### Libraries
499
500#### x509 fork
501
502Merged upstream Go 1.13 and Go 1.14 changes (with the exception
503of https://github.com/golang/go/commit/14521198679e, to allow
504old certs using a malformed root still to be logged).
505
506#### asn1 fork
507
508Merged upstream Go 1.14 changes.
509
510#### ctutil
511
512Added VerifySCTWithVerifier() to verify SCTs using a given ct.SignatureVerifier.
513
514### Configuration Files
515
516Configuration files that previously had to be text-encoded Protobuf messages can
517now alternatively be binary-encoded instead.
518
519### JSONClient
520
521- `PostAndParseWithRetry` error logging now includes log URI in messages.
522
523### Minimal Gossip Example
524
525All the code for this, except for the x509ext package, has been moved over
526to the [trillian-examples](https://github.com/google/trillian-examples) repository.
527
528This keeps the code together and removes a circular dependency between the
529two repositories. The package layout and structure remains the same so
530updating should just mean changing any relevant import paths.
531
532### Dependencies
533
534A circular dependency on the [monologue](https://github.com/google/monologue) repository has been removed.
535
536A circular dependency on the [trillian-examples](https://github.com/google/trillian-examples) repository has been removed.
537
538The version of trillian in use has been updated to 1.3.11. This has required
539various other dependency updates including gRPC and protobuf. This code now
540uses the v2 proto API. The Travis tests now expect the 3.11.4 version of
541protoc.
542
543The version of etcd in use has been switched to the one from `go.etcd.io`.
544
545Most of the above changes are to align versions more closely with the ones
546used in the trillian repository.
547
548## v1.1.0
549
550Published 2019-11-14 15:00:00 +0000 UTC
551
552### CTFE
553
554The `reject_expired` and `reject_unexpired` configuration fields for the CTFE
555have been changed so that their behaviour reflects their name:
556
557- `reject_expired` only rejects expired certificates (i.e. it now allows
558 not-yet-valid certificates).
559- `reject_unexpired` only allows expired certificates (i.e. it now rejects
560 not-yet-valid certificates).
561
562A `reject_extensions` configuration field for the CTFE was added, this allows
563submissions to be rejected if they contain an extension with any of the
564specified OIDs.
565
566A `frozen_sth` configuration field for the CTFE was added. This STH will be
567served permanently. It must be signed by the log's private key.
568
569A `/healthz` URL has been added which responds with HTTP 200 OK and the string
570"ok" when the server is up.
571
572#### Flags
573
574The `ct_server` binary has these new flags:
575
576- `mask_internal_errors` - Removes error strings from HTTP 500 responses
577 (Internal Server Error)
578
579Removed default values for `--metrics_endpoint` and `--log_rpc_server` flags.
580This makes it easier to get the documented "unset" behaviour.
581
582#### Metrics
583
584The CTFE exports these new metrics:
585
586- `is_mirror` - set to 1 for mirror logs (copies of logs hosted elsewhere)
587- `frozen_sth_timestamp` - time of the frozen Signed Tree Head in milliseconds
588 since the epoch
589
590#### Kubernetes
591
592Updated prometheus-to-sd to v0.5.2.
593
594A dedicated node pool is no longer required by the Kubernetes manifests.
595
596### Log Lists
597
598A new package has been created for parsing, searching and creating JSON log
599lists compatible with the
600[v2 schema](http://www.gstatic.com/ct/log_list/v2_beta/log_list_schema.json):
601`github.com/google/certificate-transparency-go/loglist2`.
602
603### Docker Images
604
605Our Docker images have been updated to use Go 1.11 and
606[Distroless base images](https://github.com/GoogleContainerTools/distroless).
607
608The CTFE Docker image now sets `ENTRYPOINT`.
609
610### Utilities / Libraries
611
612#### jsonclient
613
614The `jsonclient` package now copes with empty HTTP responses. The user-agent
615header it sends can now be specified.
616
617#### x509 and asn1 forks
618
619Merged upstream changes from Go 1.12 into the `asn1` and `x509` packages.
620
621Added a "lax" tag to `asn1` that applies recursively and makes some checks more
622relaxed:
623
624- parsePrintableString() copes with invalid PrintableString contents, e.g. use
625 of tagPrintableString when the string data is really ISO8859-1.
626- checkInteger() allows integers that are not minimally encoded (and so are
627 not correct DER).
628- OIDs are allowed to be empty.
629
630The following `x509` functions will now return `x509.NonFatalErrors` if ASN.1
631parsing fails in strict mode but succeeds in lax mode. Previously, they only
632attempted strict mode parsing.
633
634- `x509.ParseTBSCertificate()`
635- `x509.ParseCertificate()`
636- `x509.ParseCertificates()`
637
638The `x509` package will now treat a negative RSA modulus as a non-fatal error.
639
640The `x509` package now supports RSASES-OAEP and Ed25519 keys.
641
642#### ctclient
643
644The `ctclient` tool now defaults to using
645[all_logs_list.json](https://www.gstatic.com/ct/log_list/all_logs_list.json)
646instead of [log_list.json](https://www.gstatic.com/ct/log_list/log_list.json).
647This can be overridden using the `--log_list` flag.
648
649It can now perform inclusion checks on pre-certificates.
650
651It has these new commands:
652
653- `bisect` - Finds a log entry given a timestamp.
654
655It has these new flags:
656
657- `--chain` - Displays the entire certificate chain
658- `--dns_server` - The DNS server to direct queries to (system resolver by
659 default)
660- `--skip_https_verify` - Skips verification of the HTTPS connection
661- `--timestamp` - Timestamp to use for `bisect` and `inclusion` commands (for
662 `inclusion`, only if --leaf_hash is not used)
663
664It now accepts hex or base64-encoded strings for the `--tree_hash`,
665`--prev_hash` and `--leaf_hash` flags.
666
667#### certcheck
668
669The `certcheck` tool has these new flags:
670
671- `--check_time` - Check current validity of certificate (replaces
672 `--timecheck`)
673- `--check_name` - Check validity of certificate name
674- `--check_eku` - Check validity of EKU nesting
675- `--check_path_len` - Check validity of path length constraint
676- `--check_name_constraint` - Check name constraints
677- `--check_unknown_critical_exts` - Check for unknown critical extensions
678 (replaces `--ignore_unknown_critical_exts`)
679- `--strict` - Set non-zero exit code for non-fatal errors in parsing
680
681#### sctcheck
682
683The `sctcheck` tool has these new flags:
684
685- `--check_inclusion` - Checks that the SCT was honoured (i.e. the
686 corresponding certificate was included in the issuing CT log)
687
688#### ct_hammer
689
690The `ct_hammer` tool has these new flags:
691
692- `--duplicate_chance` - Allows setting the probability of the hammer sending
693 a duplicate submission.
694
695## v1.0.21 - CTFE Logging / Path Options. Mirroring. RPKI. Non Fatal X.509 error improvements
696
697Published 2018-08-20 10:11:04 +0000 UTC
698
699### CTFE
700
701`CTFE` no longer prints certificate chains as long byte strings in messages when handler errors occur. This was obscuring the reason for the failure and wasn't particularly useful.
702
703`CTFE` now has a global log URL path prefix flag and a configuration proto for a log specific path. The latter should help for various migration strategies if existing C++ server logs are going to be converted to run on the new code.
704
705### Mirroring
706
707More progress has been made on log mirroring. We believe that it's now at the point where testing can begin.
708
709### Utilities / Libraries
710
711The `certcheck` and `ct_hammer` utilities have received more enhancements.
712
713`x509` and `x509util` now support Subject Information Access and additional extensions for [RPKI / RFC 3779](https://www.ietf.org/rfc/rfc3779.txt).
714
715`scanner` / `fixchain` and some other command line utilities now have better handling of non-fatal errors.
716
717Commit [3629d6846518309d22c16fee15d1007262a459d2](https://api.github.com/repos/google/certificate-transparency-go/commits/3629d6846518309d22c16fee15d1007262a459d2) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.21)
718
719## v1.0.20 - Minimal Gossip / Go 1.11 Fix / Utility Improvements
720
721Published 2018-07-05 09:21:34 +0000 UTC
722
723Enhancements have been made to various utilities including `scanner`, `sctcheck`, `loglist` and `x509util`.
724
725The `allow_verification_with_non_compliant_keys` flag has been removed from `signatures.go`.
726
727An implementation of Gossip has been added. See the `gossip/minimal` package for more information.
728
729An X.509 compatibility issue for Go 1.11 has been fixed. This should be backwards compatible with 1.10.
730
731Commit [37a384cd035e722ea46e55029093e26687138edf](https://api.github.com/repos/google/certificate-transparency-go/commits/37a384cd035e722ea46e55029093e26687138edf) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.20)
732
733## v1.0.19 - CTFE User Quota
734
735Published 2018-06-01 13:51:52 +0000 UTC
736
737CTFE now supports Trillian Log's explicit quota API; quota can be requested based on the remote user's IP, as well as per-issuing certificate in submitted chains.
738
739Commit [8736a411b4ff214ea20687e46c2b67d66ebd83fc](https://api.github.com/repos/google/certificate-transparency-go/commits/8736a411b4ff214ea20687e46c2b67d66ebd83fc) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.19)
740
741## v1.0.18 - Adding Migration Tool / Client Additions / K8 Config
742
743Published 2018-06-01 14:28:20 +0000 UTC
744
745Work on a log migration tool (Migrillian) is in progress. This is not yet ready for production use but will provide features for mirroring and migrating logs.
746
747The `RequestLog` API allows for logging of SCTs when they are issued by CTFE.
748
749The CT Go client now supports `GetEntryAndProof`. Utilities have been switched over to use the `glog` package.
750
751Commit [77abf2dac5410a62c04ac1c662c6d0fa54afc2dc](https://api.github.com/repos/google/certificate-transparency-go/commits/77abf2dac5410a62c04ac1c662c6d0fa54afc2dc) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.18)
752
753## v1.0.17 - Merkle verification / Tracing / Demo script / CORS
754
755Published 2018-06-01 14:25:16 +0000 UTC
756
757Now uses Merkle Tree verification from Trillian.
758
759The CT server now supports CORS.
760
761Request tracing added using OpenCensus. For GCE / K8 it just requires the flag to be enabled to export traces to Stackdriver. Other environments may differ.
762
763A demo script was added that goes through setting up a simple deployment suitable for development / demo purposes. This may be useful for those new to the project.
764
765Commit [3c3d22ce946447d047a03228ebb4a41e3e4eb15b](https://api.github.com/repos/google/certificate-transparency-go/commits/3c3d22ce946447d047a03228ebb4a41e3e4eb15b) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.17)
766
767## v1.0.16 - Lifecycle test / Go 1.10.1
768
769Published 2018-06-01 14:22:23 +0000 UTC
770
771An integration test was added that goes through a create / drain queue / freeze lifecycle for a log.
772
773Changes to `x509` were merged from Go 1.10.1.
774
775Commit [a72423d09b410b80673fd1135ba1022d04bac6cd](https://api.github.com/repos/google/certificate-transparency-go/commits/a72423d09b410b80673fd1135ba1022d04bac6cd) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.16)
776
777## v1.0.15 - More control of verification, grpclb, stackdriver metrics
778
779Published 2018-06-01 14:20:32 +0000 UTC
780
781Facilities were added to the `x509` package to control whether verification checks are applied.
782
783Log server requests are now balanced using `gRPClb`.
784
785For Kubernetes, metrics can be published to Stackdriver monitoring.
786
787Commit [684d6eee6092774e54d301ccad0ed61bc8d010c1](https://api.github.com/repos/google/certificate-transparency-go/commits/684d6eee6092774e54d301ccad0ed61bc8d010c1) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.15)
788
789## v1.0.14 - SQLite Removed, LeafHashForLeaf
790
791Published 2018-06-01 14:15:37 +0000 UTC
792
793Support for SQLite was removed. This motivation was ongoing test flakiness caused by multi-user access. This database may work for an embedded scenario but is not suitable for use in a server environment.
794
795A `LeafHashForLeaf` client API was added and is now used by the CT client and integration tests.
796
797Commit [698cd6a661196db4b2e71437422178ffe8705006](https://api.github.com/repos/google/certificate-transparency-go/commits/698cd6a661196db4b2e71437422178ffe8705006) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.14)
798
799## v1.0.13 - Crypto changes, util updates, sync with trillian repo, loglist verification
800
801Published 2018-06-01 14:15:21 +0000 UTC
802
803Some of our custom crypto package that were wrapping calls to the standard package have been removed and the base features used directly.
804
805Updates were made to GCE ingress and health checks.
806
807The log list utility can verify signatures.
808
809Commit [480c3654a70c5383b9543ec784203030aedbd3a5](https://api.github.com/repos/google/certificate-transparency-go/commits/480c3654a70c5383b9543ec784203030aedbd3a5) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.13)
810
811## v1.0.12 - Client / util updates & CTFE fixes
812
813Published 2018-06-01 14:13:42 +0000 UTC
814
815The CT client can now use a JSON loglist to find logs.
816
817CTFE had a fix applied for preissued precerts.
818
819A DNS client was added and CT client was extended to support DNS retrieval.
820
821Commit [74c06c95e0b304a050a1c33764c8a01d653a16e3](https://api.github.com/repos/google/certificate-transparency-go/commits/74c06c95e0b304a050a1c33764c8a01d653a16e3) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.12)
822
823## v1.0.11 - Kubernetes CI / Integration fixes
824
825Published 2018-06-01 14:12:18 +0000 UTC
826
827Updates to Kubernetes configs, mostly related to running a CI instance.
828
829Commit [0856acca7e0ab7f082ae83a1fbb5d21160962efc](https://api.github.com/repos/google/certificate-transparency-go/commits/0856acca7e0ab7f082ae83a1fbb5d21160962efc) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.11)
830
831## v1.0.10 - More scanner, x509, utility and client fixes. CTFE updates
832
833Published 2018-06-01 14:09:47 +0000 UTC
834
835The CT client was using the wrong protobuffer library package. To guard against this in future a check has been added to our lint config.
836
837The `x509` and `asn1` packages have had upstream fixes applied from Go 1.10rc1.
838
839Commit [1bec4527572c443752ad4f2830bef88be0533236](https://api.github.com/repos/google/certificate-transparency-go/commits/1bec4527572c443752ad4f2830bef88be0533236) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.10)
840
841## v1.0.9 - Scanner, x509, utility and client fixes
842
843Published 2018-06-01 14:11:13 +0000 UTC
844
845The `scanner` utility now displays throughput stats.
846
847Build instructions and README files were updated.
848
849The `certcheck` utility can be told to ignore unknown critical X.509 extensions.
850
851Commit [c06833528d04a94eed0c775104d1107bab9ae17c](https://api.github.com/repos/google/certificate-transparency-go/commits/c06833528d04a94eed0c775104d1107bab9ae17c) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.9)
852
853## v1.0.8 - Client fixes, align with trillian repo
854
855Published 2018-06-01 14:06:44 +0000 UTC
856
857
858
859Commit [e8b02c60f294b503dbb67de0868143f5d4935e56](https://api.github.com/repos/google/certificate-transparency-go/commits/e8b02c60f294b503dbb67de0868143f5d4935e56) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.8)
860
861## v1.0.7 - CTFE fixes
862
863Published 2018-06-01 14:06:13 +0000 UTC
864
865An issue was fixed with CTFE signature caching. In an unlikely set of circumstances this could lead to log mis-operation. While the chances of this are small, we recommend that versions prior to this one are not deployed.
866
867Commit [52c0590bd3b4b80c5497005b0f47e10557425eeb](https://api.github.com/repos/google/certificate-transparency-go/commits/52c0590bd3b4b80c5497005b0f47e10557425eeb) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.7)
868
869## v1.0.6 - crlcheck improvements / other fixes
870
871Published 2018-06-01 14:04:22 +0000 UTC
872
873The `crlcheck` utility has had several fixes and enhancements. Additionally the `hammer` now supports temporal logs.
874
875Commit [3955e4a00c42e83ff17ce25003976159c5d0f0f9](https://api.github.com/repos/google/certificate-transparency-go/commits/3955e4a00c42e83ff17ce25003976159c5d0f0f9) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.6)
876
877## v1.0.5 - X509 and asn1 fixes
878
879Published 2018-06-01 14:02:58 +0000 UTC
880
881This release is mostly fixes to the `x509` and `asn1` packages. Some command line utilities were also updated.
882
883Commit [ae40d07cce12f1227c6e658e61c9dddb7646f97b](https://api.github.com/repos/google/certificate-transparency-go/commits/ae40d07cce12f1227c6e658e61c9dddb7646f97b) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.5)
884
885## v1.0.4 - Multi log backend configs
886
887Published 2018-06-01 14:02:07 +0000 UTC
888
889Support was added to allow CTFE to use multiple backends, each serving a distinct set of logs. It allows for e.g. regional backend deployment with common frontend servers.
890
891Commit [62023ed90b41fa40854957b5dec7d9d73594723f](https://api.github.com/repos/google/certificate-transparency-go/commits/62023ed90b41fa40854957b5dec7d9d73594723f) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.4)
892
893## v1.0.3 - Hammer updates, use standard context
894
895Published 2018-06-01 14:01:11 +0000 UTC
896
897After the Go 1.9 migration references to anything other than the standard `context` package have been removed. This is the only one that should be used from now on.
898
899Commit [b28beed8b9aceacc705e0ff4a11d435a310e3d97](https://api.github.com/repos/google/certificate-transparency-go/commits/b28beed8b9aceacc705e0ff4a11d435a310e3d97) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.3)
900
901## v1.0.2 - Go 1.9
902
903Published 2018-06-01 14:00:00 +0000 UTC
904
905Go 1.9 is now required to build the code.
906
907Commit [3aed33d672ee43f04b1e8a00b25ca3e2e2e74309](https://api.github.com/repos/google/certificate-transparency-go/commits/3aed33d672ee43f04b1e8a00b25ca3e2e2e74309) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.2)
908
909## v1.0.1 - Hammer and client improvements
910
911Published 2018-06-01 13:59:29 +0000 UTC
912
913
914
915Commit [c28796cc21776667fb05d6300e32d9517be96515](https://api.github.com/repos/google/certificate-transparency-go/commits/c28796cc21776667fb05d6300e32d9517be96515) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0.1)
916
917## v1.0 - First Trillian CT Release
918
919Published 2018-06-01 13:59:00 +0000 UTC
920
921This is the point that corresponds to the 1.0 release in the trillian repo.
922
923Commit [abb79e468b6f3bbd48d1ab0c9e68febf80d52c4d](https://api.github.com/repos/google/certificate-transparency-go/commits/abb79e468b6f3bbd48d1ab0c9e68febf80d52c4d) Download [zip](https://api.github.com/repos/google/certificate-transparency-go/zipball/v1.0)
View as plain text