Skip to content

v3.6.0

Latest
Latest
Compare
Choose a tag to compare
@woodruffw woodruffw released this 10 Dec 22:18
· 9 commits to main since this release
v3.6.0
44aa3eb
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.

Added

  • API: The DSSE Envelope class now performs automatic validation
    (#1211)

  • API: Added signature property to Envelope class for accessing raw
    signature bytes (#1211)

  • Signed timestamps embedded in bundles are now automatically verified
    against Timestamp Authorities provided within the Trusted Root ([#1206]
    (#1206))

  • Bundles are now generated with signed timestamps when signing if the
    Trusted Root contains one or more Timestamp Authorities
    (#1216)

Removed

  • Support for "detached" SCTs has been fully removed, aligning
    sigstore-python with other sigstore clients
    (#1236)

Fixed

  • Fixed a CLI parsing bug introduced in 3.5.1 where a warning about
    verifying legacy bundles was never shown
    (#1198)

  • Strengthened the requirement that an inclusion promise is present
    if no other source of signed time is present
    (#1247)

Assets 4
Loading