From 39a3d2831b67410934e5eabef88c5fa260394e6f Mon Sep 17 00:00:00 2001 From: Hayden Blauzvern Date: Tue, 6 Aug 2024 21:34:59 +0000 Subject: [PATCH 1/2] Add changelog for v2.4.0 Signed-off-by: Hayden Blauzvern --- CHANGELOG.md | 35 +++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 595c022dc31..844c3025455 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,3 +1,38 @@ +# v2.4.0 + +v2.4.0 begins the modernization of the Cosign client, which includes: + +* Support for the newer Sigstore specification-compliant bundle format +* Support for providing trust roots (e.g. Fulcio certificates, Rekor keys) + through a trust root file, instead of many different flags +* Conformance test suite integration to verify signing and verification behavior + +In future updates, we'll include: + +* General support for the trust root file, instead of only when using the bundle + format during verification +* Simplification of trust root flags and deprecation of the + Cosign-specific bundle format +* Bundle support with container signing + +## Features + +* Add new bundle support to `verify-blob` and `verify-blob-attestation` (#3796) +* Adding protobuf bundle support to sign-blob and attest-blob (#3752) +* Bump sigstore/sigstore to support `email_verified` as string or boolean (#3819) +* Conformance testing for cosign (#3806) +* move incremental builds per commit to GHCR instead of GCR (#3808) +* Add support for recording creation timestamp for cosign attest (#3797) +* Include SCT verification failure details in error message (#3799) + +## Contributors + +* Bob Callaway +* Hayden B +* Slavek Kabrda +* Zach Steindler +* Zsolt Horvath + # v2.3.0 ## Features From 775591c0ebb8153ab45b659f54be6a6db62decb6 Mon Sep 17 00:00:00 2001 From: Hayden Blauzvern Date: Tue, 6 Aug 2024 21:37:07 +0000 Subject: [PATCH 2/2] Add note about containers Signed-off-by: Hayden Blauzvern --- CHANGELOG.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 844c3025455..1755d45df30 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -15,6 +15,8 @@ In future updates, we'll include: Cosign-specific bundle format * Bundle support with container signing +We have also moved nightly Cosign container builds to GHCR instead of GCR. + ## Features * Add new bundle support to `verify-blob` and `verify-blob-attestation` (#3796)