Releases: sse-secure-systems/connaisseur
Releases · sse-secure-systems/connaisseur
Version 2.2.0
v2.2.0
Major Scope
The release contains central improvements to usability and compatibility of Connaisseur:
- More native Helm integration
- Charts published in public Connaisseur Artifact Hub repository
- Updating Connaisseur (configuration) via
helm upgrade
- Better compatibility with different flavors of Kubernetes (e.g. Openshift/OKD)
- Better compatibility with different versions of Kubernetes (automated tests for v1.16+)
- Improved KMS support for Cosign
Changelog
Full Changelog: v2.1.2...v2.2.0
Docs
- add instruction how to upgrade if added via helm (#365)
- notes on Kubernetes version compatibility (#356)
- add comments for automatic child approval feature (#356)
Fix
- bump helm app version (#364)
- changelogger (#361)
- remove alerting logs when alerting is not configured (#359)
- pod restart on config change (#358)
- k8s version minor parsing in helm (#342)
- admission webhook api version typo (#342)
- webhook api version (#345)
- increase timeout (#346)
- pod restart on config change (#280)
- changed bootstrapping, upgarding and deletion of Connaisseur (#255)
- use compliant/consistent validator names (#335)
- satisfy new pylint rule to enable pylint update (#314)
Ci
- expose helm chart on github pages (#307)
- k8s version test with v1.16 (#349)
- add k8s version compatibility tests (#342)
- fix release pipeline (#368)
Feat
- cosign kms support (#360)
- expose security context for e.g. compatibility with OKD/OpenShift 4 (#288)
- expose automatic child approval (#284)
- Add PodSecurityPolicy (#259)
Refactor
- fix minor issues and typos (#362)
Update
- update pyyaml requirement from ~=5.4.1 to ~=6.0 (#357)
- update mkdocs-material requirement from ~=7.3.2 to ~=7.3.3 (#355)
- update jsonschema requirement from ~=4.0.1 to ~=4.1.0 (#351)
- update pytest-subprocess requirement from ~=1.1.2 to ~=1.2.0 (#350)
- cosign built image package versions (#348)
- update mkdocs-material requirement from ~=7.3.1 to ~=7.3.2 (#343)
- cosign v1.0.0 to v1.2.1 (#289)
- update mike requirement from ~=1.1.1 to ~=1.1.2 (#340)
- update flask requirement from ~=2.0.1 to ~=2.0.2 (#341)
- bump stackrox/kube-linter-action from 1.0.3 to 1.0.4 (#339)
- update pytz requirement from ~=2021.1 to ~=2021.3 (#338)
- update mkdocs-material requirement from ~=7.3.0 to ~=7.3.1 (#337)
- update pytest-cov requirement from ~=2.12.1 to ~=3.0.0 (#336)
- update pylint requirement from ~=2.10.2 to ~=2.11.1 (#313)
- update jsonschema requirement from ~=3.2.0 to ~=4.0.1 (#330)
- bump stackrox/kube-linter-action from 1.0.2 to 1.0.3 (#319)
- update mkdocs-material requirement from ~=7.2.6 to ~=7.3.0 (#317)
- bump codecov/codecov-action from 2.0.3 to 2.1.0 (#309)
- update mike requirement from ~=1.1.0 to ~=1.1.1 (#310)
- update mike requirement from ~=1.0.1 to ~=1.1.0 (#303)
- update mkdocs-material requirement from ~=7.2.5 to ~=7.2.6 (#300)
Test
- k8s version test with v1.16 (#349)
New Contributors
- @youssefazrak made their first contribution in #259
- @pflaeging made their first contribution in #288
Thanks to all Contributors 🚀
Contributors
pflaeging and youssefazrak
Assets 2
Version 2.1.2
Version 2.1.1
v2.1.1
Docs
- minor rewording (#291)
- update cosign key type support (#282)
- remove outdated 2.0 announcement (#274)
- remove Helm purge flag from README.md (#277)
- update banner (#265)
- add namespace info for validator secrets (#263)
- add note on k8s version requirement for detection mode warnings (#236)
- add markdown footnotes (#236)
- update Chart.yaml (#146)
- Fix mistakes in documentation for integration test and health/ready endpoints (#232)
Update
- update mkdocs-material requirement in /docs (#286)
- bump codecov/codecov-action from 2.0.2 to 2.0.3 (#283)
- update pylint requirement from ~=2.9.6 to ~=2.10.2 (#281)
- bump stackrox/kube-linter-action from 1.0.0 to 1.0.2 (#271)
- update mkdocs-material requirement in /docs (#256)
- update mkdocs-material requirement from ~=7.2.2 to ~=7.2.3 (#247)
- update rfc3339-validator requirement from ~=0.1.2 to ~=0.1.4 (#241)
- update python-dateutil requirement from ~=2.8.1 to ~=2.8.2 (#240)
- update pytest-subprocess requirement from ~=1.0.1 to ~=1.1.2 (#239)
- update pytest-cov requirement from ~=2.10.0 to ~=2.12.1 (#227)
- update pytest-mock requirement from ~=3.3.1 to ~=3.6.1 (#229)
- update mkdocs-material requirement from ~=7.2.1 to ~=7.2.2 (#231)
- bump codecov/codecov-action from 1 to 2.0.2 (#214)
- update requests requirement from ~=2.24.0 to ~=2.26.0 (#230)
- update flask requirement from ~=1.1.2 to ~=2.0.1 (#228)
- update pylint requirement from ~=2.7.2 to ~=2.9.6 (#217)
- update pytz requirement from ~=2020.1 to ~=2021.1 (#219)
- update ecdsa requirement from ~=0.15 to ~=0.17 (#216)
- update requests-mock requirement from ~=1.8.0 to ~=1.9.3 (#218)
Fix
- bump helm hook version (#293)
- specify encoding in file reads (#281)
- IaC security configuration (#273)
- Fix variable namespace in make uninstall definition (#234)
- Fix order of webhook and sentinel probes during readiness probe (#235)
Test
Ci
- add trivy IaC scan (#273)
- fix pylint to scan connaisseur dir (#269)
- drop redundant dependabot configuration (#268)
- add kube-linter (#146)
Refactor
- fix linting errors (#269)
Build
- expose webhook failurePolicy (#267)
- add namespaces to makefile commands (#266)
- get signed cosign binary (#204)
Feat
- helm security/resource configs (#146)
Version 2.1.0
Version 2.0.0
v2.0.0
Docs
- rewrite documentation (#158)
- fix get-root utility (#183)
- add setup guide for local integration test (#149)
- added ADR4 (#156)
- Document delegation feature (#144)
- code documentation for config.py (#90)
- ADR for multi notary configuraiton (#90)
- updated for multi notary support (#90)
Feat
- github pages documentation (#158)
- add cosign authentication via k8s dockerconfigjson (#179)
- update-cosign-v0.6.0 (#173)
- new ignore/validate label namespacebased validation (#164)
- concise and functional preconfiguration (#164)
- modular validation (#156)
- prepared helm chart (#156)
- added multi notary support (#90)
- added get_root_key utility (#90)
- parallel trust data request (#169)
- use helm to create certs (#104)
Fix
- make annihilate deletes everything (#185)
- fix get-root utility by (#183)
- multi validator authentication (#179)
- auth config schema (#174)
- wrong image path (#157)
- Set side effect to None so server-side dry run is possible (#170)
- health probe fails after some time (#166)
- pin Python major version (#162)
- do not check alert config on hook image to ensure
make uninstallis working (#161) - use precise IP for alerting endpoint during integration test (#159)
- broken authentication (#156)
- link in README.md (#190)
- image loading for release workflow (#192)
Ci
- added valid initContainer IT (#157)
- add timer (#169)
- adjusted pipeline for modular validation (#156)
- Add integration tests for delegation feature and edge case of multiple defined digests for a tag (#144)
- fail slow on integration tests (#150)
- refactor workflows to reduce code duplication (#145)
- fix release workflow (#189)
Refactor
- switch to helm install (#172)
- rename detection mode in config (#164)
- adjusted tests for modular validation (#156)
- configure cluster name in values.yaml; add namespace to alert messages (#147)
- refactored alerting (#155)
- refactored cosign extension (#101)
- refactored all tests (#101)
- updated helm chart (#101)
- More object orientation (#101)
Test
Version 1.5.0
Version 1.4.7
Version 1.4.6
v1.4.6
Docs
- adjust public keys in READMEs to DockerHub Repo (#102)
Fix
- adjust public keys in READMEs to DockerHub Repo (#102)
- Never use non-validated data for validation (#89)
Feat
- Enable Per-Namespace verification (#100)
Refactor
- Reduce complexity of 'process_chain_of_trust' (#89)
Hotfix
- updated pylint (#97)
Ci
- updated pylint (#97)
Version 1.4.5
v1.4.5
Ci
- Add nightly scans with safety and trivy (#92)
- Improve tag detection during release (#78)
- parallelize source code scans (#77)
Docs
- Typos and small reformulations (#88)
- Documentation for image validation (#88)
- Move test images into securesystems DockerHub repository (#79)
Test
- improve validation test coverage (#88)
- Move test images into securesystems DockerHub repository (#79)
Fix
Version 1.4.4
v1.4.4
Build
Docs
- add recording of Berlin Crypto Meetup (#72)
- Release concept for Connaisseur image and release check on new tagged commit on master branch (#44)
Fix
- Add installation output and increase sentinel lifetime (#64)
- Fix handling of invalid requests, increase test coverage (#63)
- Fixed JSON validation schema for trust data (#75)
- fixed bandit issues (#68)
- fixed delegation validation behavior (#68)
Ci
- add build step (#56)
- fixed bandit issues (#68)
- Release concept for Connaisseur image and release check on new tagged commit on master branch (#44)
Test
- Fix handling of invalid requests, increase test coverage (#63)
Refactor
- Moved validation code (#68)