1# v1.2.2
2
3## Changes
4
5### Bug fixes
6
7* Go checksum database error on installation due to deleting a tag
8
9### Misc
10
11* Dependabot updates
12
13# v1.2.1
14
15v1.2.1 includes a minor bug fix to set the SignedData version value
16in a timestamp response as per the RFC.
17
18## Changes
19
20### Bug Fixes
21
22* Bump digitorus/timestamp version to pick up RFC correctness fix (#584)
23
24# v1.2.0
25
26v1.2.0 is based on Go 1.21.3.
27
28## Changes
29
30### Enhancements
31
32* Support other hash algs for pre-signed timestamp besides SHA256 (#488)
33* new http-ping-only flag for 'timestamp-server serve' (#474)
34
35### Bug Fixes
36
37* Fix bug where TSA signing fails if cert hash != content hash. (#465)
38
39### Misc
40
41* expand README on Cloud KMS deployment (#476)
42* upgrade to Go1.21 (#471)
43
44## Contributors
45
46* Billy Lynch
47* Carlos Tadeu Panato Junior
48* Dmitry Savintsev
49* Hayden B
50
51# 1.1.2
52
531.1.2 fixes a signing related hash function bug and a typo.
54
55## Changes
56
57### Enhancements
58
59### Bug Fixes
60
61* Fix hash function hardcoding bug by updating dependency (https://github.com/sigstore/timestamp-authority/pull/452)
62
63### Misc
64
65* Fix typo in OpenAPI spec (https://github.com/sigstore/timestamp-authority/pull/419)
66* Update GoReleaser flag (https://github.com/sigstore/timestamp-authority/pull/356)
67
68## Contributors
69
70* Carlos Tadeu Panato Junior
71* Dmitry Savintsev
72* Meredith Lancaster
73
74# 1.1.1
75
761.1.1 fixes a bug in the JSON format request code.
77
78## Changes
79
80### Enhancements
81
82### Bug Fixes
83
84* Update how the JSON body is parsed (https://github.com/sigstore/timestamp-authority/pull/343)
85
86### Misc
87
88## Contributors
89
90* Meredith Lancaster
91
92# 1.1.0
93
941.1.0 now supports making timestamp requests in JSON format in addition to DER encoded format.
95
96## Changes
97
98### Enhancements
99
100* Support timestamp requests in JSON format (https://github.com/sigstore/timestamp-authority/pull/247)
101
102### Bug Fixes
103
104### Misc
105
106* Fix typo in README (https://github.com/sigstore/timestamp-authority/pull/294)
107
108## Contributors
109
110* Andrea Cosentino
111* Meredith Lancaster
112
113# 1.0.0
114
1151.0 release of the timestamp authority. No changes from the previous release candidate.
116
117Thank you to all contributors!
118
119# 1.0.0-rc.1
120
121_Note: This is a prerelease for 1.0. Please try it out and file issues!_
122
123## Changes
124
125* Upgrade to go 1.20.1 (https://github.com/sigstore/timestamp-authority/pull/245)
126
127### Documentation
128
129* Update policy (https://github.com/sigstore/timestamp-authority/pull/251, https://github.com/sigstore/timestamp-authority/pull/262)
130
131## Contributors
132
133* Carlos Tadeu Panato Junior
134* Hayden B
135* Meredith Lancaster
136
137# 1.0.0-rc.0
138
139_Note: This is a prerelease for 1.0. Please try it out and file issues!_
140
141## Changes
142
143SLSA provenance is now uploaded with each release. Use
144[slsa-verifier](https://github.com/slsa-framework/slsa-verifier/) to verify
145the release.
146
147### Misc
148
149* Mock NTP client (https://github.com/sigstore/timestamp-authority/pull/217)
150
151## Contributors
152
153* Carlos Tadeu Panato Junior
154* Hayden B
155* Meredith Lancaster
156
157# 0.2.1
158
1590.2.1 now rejects timestamp requests that use SHA-1. For server operators, it
160now defaults to using NTP monitoring.
161
162## Changes
163
164### Enhancements
165
166* Generate slsa provenance (https://github.com/sigstore/timestamp-authority/pull/193)
167* Use default NTP monitoring configuration (https://github.com/sigstore/timestamp-authority/pull/186)
168* Reject requests that use SHA-1 (https://github.com/sigstore/timestamp-authority/pull/202)
169
170### Bug Fixes
171
172### Misc
173
174* Update README with more details (https://github.com/sigstore/timestamp-authority/pull/188)
175
176## Contributors
177
178* Hayden B
179* Hector Fernandez
180* Meredith Lancaster
181
182# 0.2.0
183
1840.2.0 improves the verification library (https://github.com/sigstore/timestamp-authority/issues/121).
185The library now verifies the full certificate chain and additional properties of the timestamp.
186
187## Changes
188
189### Enhancements
190
191* Start adding more verification with VerificationOpts struct (https://github.com/sigstore/timestamp-authority/pull/153)
192* Verify command returns the parsed timestamp (https://github.com/sigstore/timestamp-authority/pull/174)
193* Add intermediate and root verify flags (https://github.com/sigstore/timestamp-authority/pull/180)
194* Verify full certificate chain (https://github.com/sigstore/timestamp-authority/pull/181)
195
196### Bug fixes
197
198### Misc
199
200* Add mock client (https://github.com/sigstore/timestamp-authority/pull/175)
201* Update timing accuracy statements in the policy document (https://github.com/sigstore/timestamp-authority/pull/179)
202
203## Contributors
204
205* Hayden Blauzvern
206* Meredith Lancaster
207
208# 0.1.3
209
210## Changes
211
212### Enhancements
213
214* Added an optional feature to compare the local time with a set of trusted ntp servers (https://github.com/sigstore/timestamp-authority/pull/143)
215
216### Bug fixes
217
218* Register KMS providers
219 (https://github.com/sigstore/timestamp-authority/pull/160)
220* Added .PHONY target for CLI rebuilding (https://github.com/sigstore/timestamp-authority/pull/159)
221
222### Misc
223
224* inspect: remove format flag (https://github.com/sigstore/timestamp-authority/pull/155)
225
226## Contributors
227
228* Fredrik Skogman
229* Hector Fernandez
230* Meredith Lancaster
231* neilnaveen
232
233# 0.1.2
234
235## Changes
236
237### Enhancements
238
239### Bug fixes
240
241* Fix a bug where certChain was not set correctly (https://github.com/sigstore/timestamp-authority/pull/140)
242
243### Misc
244
245## Contributors
246
247* Ville Aikas
248
249# 0.1.1
250
251## Changes
252
253### Enhancements
254
255* Update in memory signer to use intermediate certificate (https://github.com/sigstore/timestamp-authority/pull/136)
256* Move verify logic to pkg (https://github.com/sigstore/timestamp-authority/pull/120)
257
258### Bug fixes
259
260* Require the file signer to specify the certificate chain (https://github.com/sigstore/timestamp-authority/pull/137)
261* Fix hashed message verification (https://github.com/sigstore/timestamp-authority/pull/118)
262* Update fetch TSA certs script for Tink (https://github.com/sigstore/timestamp-authority/pull/111)
263
264### Misc
265
266## Contributors
267
268* Hayden Blauzvern
269* Hector Fernandez
270
271# 0.1.0
272
273Initial release of sigstore/timestamp-authority
274
275See the [README](README.md) for instructions on how to run the timestamp authority
276and fetch and verify signed timestamps.
277
278## Contributors
279
280* Carlos Tadeu Panato Junior (@cpanato)
281* Hayden Blauzvern (@haydentherapper)
282* Hector Fernandez (@hectorj2f)
283* Meredith Lancaster (@malancas)
View as plain text