|
| 1 | +# v2.2.1 |
| 2 | +**Note: This release comes with a fix for CVE-2023-46737 described in this [Github Security Advisory](https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9). Please upgrade to this release ASAP** |
| 3 | + |
| 4 | +## Enhancements |
| 5 | +* feat: Support basic auth and bearer auth login to registry (#3310) |
| 6 | +* add support for ignoring certificates with pkcs11 (#3334) |
| 7 | +* Support ReplaceOp in Signatures (#3315) |
| 8 | +* feat: added ability to get image digest back via triangulate (#3255) |
| 9 | +* feat: add `--only` flag in `cosign copy` to copy sign, att & sbom (#3247) |
| 10 | +* feat: add support attaching a Rekor bundle to a container (#3246) |
| 11 | +* feat: add support outputting rekor response on signing (#3248) |
| 12 | +* feat: improve dockerfile verify subcommand (#3264) |
| 13 | +* Add guard flag for experimental OCI 1.1 verify. (#3272) |
| 14 | +* Deprecate SBOM attachments (#3256) |
| 15 | +* feat: dedent line in cosign copy doc (#3244) |
| 16 | +* feat: add platform flag to cosign copy command (#3234) |
| 17 | +* Add SLSA 1.0 attestation support to cosign. Closes #2860 (#3219) |
| 18 | +* attest: pass OCI remote opts to att resolver. (#3225) |
| 19 | + |
| 20 | +## Bug Fixes |
| 21 | +* Merge pull request from GHSA-vfp6-jrw2-99g9 |
| 22 | +* fix: allow cosign download sbom when image is absent (#3245) |
| 23 | +* ci: add a OCI registry test for referrers support (#3253) |
| 24 | +* Fix ReplaceSignatures (#3292) |
| 25 | +* Stop using deprecated in_toto.ProvenanceStatement (#3243) |
| 26 | +* Fixes #3236, disable SCT checking for a cosign verification when usin… (#3237) |
| 27 | +* fix: update error in `SignedEntity` to be more descriptive (#3233) |
| 28 | +* Fail timestamp verification if no root is provided (#3224) |
| 29 | + |
| 30 | + |
| 31 | +## Documentation |
| 32 | +* Add some docs about verifying in an air-gapped environment (#3321) |
| 33 | +* Update CONTRIBUTING.md (#3268) |
| 34 | +* docs: improves the Contribution guidelines (#3257) |
| 35 | +* Remove security policy (#3230) |
| 36 | + |
| 37 | + |
| 38 | +## Others |
| 39 | +* Set go to min 1.21 and update dependencies (#3327) |
| 40 | +* Update contact for code of conduct (#3266) |
| 41 | +* Update .ko.yaml (#3240) |
| 42 | + |
| 43 | + |
| 44 | +## Contributors |
| 45 | +* AdamKorcz |
| 46 | +* Andres Galante |
| 47 | +* Appu |
| 48 | +* Billy Lynch |
| 49 | +* Bob Callaway |
| 50 | +* Caleb Woodbine |
| 51 | +* Carlos Tadeu Panato Junior |
| 52 | +* Dylan Richardson |
| 53 | +* Gareth Healy |
| 54 | +* Hayden B |
| 55 | +* John Kjell |
| 56 | +* Jon Johnson |
| 57 | +* jonvnadelberg |
| 58 | +* Luiz Carvalho |
| 59 | +* Priya Wadhwa |
| 60 | +* Ramkumar Chinchani |
| 61 | +* Tosone |
| 62 | +* Ville Aikas |
| 63 | +* Vishal Choudhary |
| 64 | +* ziel |
| 65 | + |
1 | 66 | # v2.2.0 |
2 | 67 |
|
3 | 68 | ## Enhancements |
|
0 commit comments