Releases: smallstep/certificates
Releases · smallstep/certificates
Step CA v0.26.2 (24-06-13)
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
--certificate step-ca_darwin_0.26.2_amd64.tar.gz.sig.pem \
--signature step-ca_darwin_0.26.2_amd64.tar.gz.sig \
--certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
step-ca_darwin_0.26.2_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- d6973c9 Set date for 0.26.2 release in changelog (#1886)
- d4b2916 Changelog update for 0.26.2 (#1885)
- f9e5971 Merge pull request #1884 from smallstep/mariano/linkedca
- c8e65ab Fix linter warnings
- b4616ee Upgrade linkedca
- 634ece4 Merge pull request #1802 from jdoupe/AuthParams
- a017c0e Merge branch 'master' into AuthParams
- 8b36f7b Merge pull request #1878 from smallstep/dependabot/go_modules/google.golang.org/api-0.183.0
- 30b2cd1 Merge branch 'master' into dependabot/go_modules/google.golang.org/api-0.183.0
- a0b9360 Merge pull request #1879 from smallstep/dependabot/go_modules/golang.org/x/crypto-0.24.0
- d5171be Merge branch 'master' into dependabot/go_modules/golang.org/x/crypto-0.24.0
- 6e12cfa Merge pull request #1880 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.47.0
- d1de1ad Merge branch 'master' into dependabot/go_modules/google.golang.org/api-0.183.0
- 0ce8fb6 Merge branch 'master' into dependabot/go_modules/golang.org/x/crypto-0.24.0
- 3b9631b Merge branch 'master' into dependabot/go_modules/go.step.sm/crypto-0.47.0
- 474f5d2 Update hardcoded AWS certs (#1881)
- 7ab8391 Bump go.step.sm/crypto from 0.46.0 to 0.47.0
- 23f120e Bump golang.org/x/crypto from 0.23.0 to 0.24.0
- e3444c0 Bump google.golang.org/api from 0.182.0 to 0.183.0
- 669d992 Merge pull request #1870 from smallstep/dependabot/go_modules/google.golang.org/api-0.182.0
- 68c5238 Merge pull request #1869 from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api/auth/approle-0.7.0
- 4884379 Merge pull request #1868 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.46.0
- 437154d Bump google.golang.org/api from 0.181.0 to 0.182.0
- 2a9bbff Bump github.com/hashicorp/vault/api/auth/approle from 0.6.0 to 0.7.0
- 4d7ca9d Bump go.step.sm/crypto from 0.45.1 to 0.46.0
- 587d0d5 Merge pull request #1858 from smallstep/dependabot/go_modules/cloud.google.com/go/security-1.17.0
- 34fde59 Bump cloud.google.com/go/security from 1.16.1 to 1.17.0
- fe8c3d3 Merge pull request #1859 from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api/auth/kubernetes-0.7.0
- 013c2f2 Bump github.com/hashicorp/vault/api/auth/kubernetes from 0.6.0 to 0.7.0
- 4208b0a Merge pull request #1860 from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api-1.14.0
- 6de7aa9 Merge pull request #1861 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.45.1
- f3e4f0a Bump go.step.sm/crypto from 0.45.0 to 0.45.1
- 2b8f3e7 Bump github.com/hashicorp/vault/api from 1.13.0 to 1.14.0
- 47b5048 Merge pull request #1850 from smallstep/mariano/signer
- 7d6eea0 Merge pull request #1853 from smallstep/dependabot/go_modules/google.golang.org/grpc-1.64.0
- 99ce13a Fix linter warnings
- 5cdfc2c Bump google.golang.org/grpc from 1.63.2 to 1.64.0
- 980687b Merge pull request #1854 from smallstep/dependabot/go_modules/google.golang.org/api-0.181.0
- 8121a05 Bump google.golang.org/api from 0.180.0 to 0.181.0
- ad0ac55 Merge pull request #1844 from smallstep/mariano/account-provisioner
- 192e90e Merge branch 'master' into mariano/account-provisioner
- 812ffd3 Reverse assert statements
- d0548f9 Use %q instead of '%s'
- 14959db Merge pull request #1849 from smallstep/mariano/log-errors
- c0b7c33 Use a function as the error logger
- 9e8087f Add GetX509Signer method
- 8673818 Split provisioner check in two cases
- f3f484c Log errors using slog.Logger
- fdb0cf0 Merge pull request #1848 from smallstep/mariano/intermediates
- d4862a2 Add methods to get the intermediate certificates
- e08b277 Merge pull request #1847 from smallstep/mariano/x5c-insecure
- b6afed3 Upgrade go.step.sm/crypto to v0.45.0
- 9355923 Merge pull request #1839 from smallstep/dependabot/go_modules/google.golang.org/api-0.180.0
- a8e9a18 Bump google.golang.org/api from 0.177.0 to 0.180.0
- 803d3d3 Merge pull request #1840 from smallstep/dependabot/go_modules/google.golang.org/protobuf-1.34.1
- e0e7ae6 Merge pull request #1841 from smallstep/dependabot/go_modules/golang.org/x/net-0.25.0
- 72a8bb3 Merge pull request #1842 from smallstep/dependabot/go_modules/github.com/prometheus/client_golang-1.19.1
- 5fa5a63 Verify provisioner with id if available
- 9cbdc73 Bump github.com/prometheus/client_golang from 1.19.0 to 1.19.1
- 42341c7 Bump golang.org/x/net from 0.24.0 to 0.25.0
- 0dff5c4 Bump google.golang.org/protobuf from 1.34.0 to 1.34.1
- e3ba702 Merge pull request #1827 from smallstep/dependabot/go_modules/golang.org/x/crypto-0.23.0
- fe29cca Merge pull request #1828 from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.33.0
- 8cf5e3c Merge pull request #1829 from smallstep/dependabot/go_modules/cloud.google.com/go/longrunning-0.5.7
- 928d446 Bump golang.org/x/crypto from 0.22.0 to 0.23.0
- e11833e Bump cloud.google.com/go/longrunning from 0.5.6 to 0.5.7
- 591b9f7 Merge pull request #1826 from smallstep/dependabot/go_modules/cloud.google.com/go/security-1.16.1
- a2f2332 Merge pull request #1831 from smallstep/mariano/err-not-found
- b1e31b1 Use always acme.IsErrNotFound
- cca6f6d Merge pull request #1830 from smallstep/mariano/provisioner-id
- d037ed6 Add provisioner id to acme accounts
- 9b25665 Bump github.com/newrelic/go-agent/v3 from 3.32.0 to 3.33.0
- 8933a2e Bump cloud.google.com/go/security from 1.16.0 to 1.16.1
- 2c71543 Merge pull request #1817 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.44.8
- 949e2fd Fix test error expectation in
TestAuthorityNew - 281efbb Bump go.step.sm/crypto from 0.44.6 to 0.44.8
- 14b1211 Merge pull request #1815 from smallstep/dependabot/go_modules/github.com/urfave/cli-1.22.15
- 0b894a0 Merge pull request #1816 from smallstep/dependabot/go_modules/google.golang.org/api-0.176.1
- 20e315b Merge pull request #1819 from smallstep/mariano/not-found
- 296ac4e Make ISErrNotFound more flexible
- 28a87bb Merge pull request #1818 from smallstep/dependabot/github_actions/dependabot/fetch-metadata-2.1.0
- bf03d56 Bump dependabot/fetch-metadata from 2.0.0 to 2.1.0
- 6715c65 Bump google.golang.org/api from 0.176.0 to 0.176.1
- 798e190 Bump github.com/urfave/cli from 1.22.14 to 1.22.15
- 5072d7a chore: fix function names in comment (#1813)
- 03c3cf5 fixed Scopes and AuthParams assignment
- aa543a3 add Scopes to OIDC struct
- 4879376 add AuthParams and Scopes to linkedca OIDC structures
- 2fcf340 add AuthParams to OIDC struct
Thanks!
Those were the changes on v0.26.2!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peek at the freshest PKI memes.
Step CA v0.26.1 (24-04-22)
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
--certificate step-ca_darwin_0.26.1_amd64.tar.gz.sig.pem \
--signature step-ca_darwin_0.26.1_amd64.tar.gz.sig \
--certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
step-ca_darwin_0.26.1_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- 9cbab5a Add changelog for 0.26.1 (#1812)
- d6bf551 Merge pull request #1803 from smallstep/herman/fix-scep-vault-ra
- f4d506f Merge pull request #1811 from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api-1.13.0
- 1e5e267 Remove leftover debug print
- 760014c go mod tidy
- 2561a72 Dedupe CA and SCEP client creation logic
- 3965305 Bump github.com/hashicorp/vault/api from 1.12.2 to 1.13.0
- 65cfee5 Merge pull request #1810 from smallstep/dependabot/go_modules/google.golang.org/api-0.176.0
- 8d4effc Bump google.golang.org/api from 0.172.0 to 0.176.0
- 4a37559 Merge pull request #1809 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.44.6
- d7ed031 Merge pull request #1808 from smallstep/dependabot/go_modules/cloud.google.com/go/security-1.16.0
- 8720200 Rewrite SCEP integration tests to only use the HTTPS endpoint
- 57a6b85 Bump go.step.sm/crypto from 0.44.4 to 0.44.6
- 0ba61c5 Bump cloud.google.com/go/security from 1.15.6 to 1.16.0
- b0fabe1 Add some SCEP integration tests
- 113a6dd Remove reporting the CA mode from startup logs
- 6bc0a86 Fix CA startup with Vault RA configuration
- 07279dd Merge pull request #1801 from smallstep/herman/upgrade-crypto-v0.44.4
- 4c6b0b3 Upgrade
go.step.sm/cryptotov0.44.4 - f1a2c68 Merge pull request #1798 from smallstep/herman/fix-instrumented-key-manager
- 7df3ad0 Merge pull request #1797 from smallstep/mariano/init-scep
- 4202d66 Remove debug statement
- d6bbe5b Add support for
kmsapi.Decrypterto instrumented key manager - 721345e Merge pull request #1793 from verytrap/master
- db92404 chore: fix function names in comment
- 725a913 Allow custom SCEP key manager
- 397877a Merge pull request #1795 from smallstep/herman/fix-scep-failinfo-oid
- b226b6e Prevent exposing any internal details in SCEP failure message
- 02956ad Merge pull request #1794 from smallstep/herman/fix-scep-failinfo-oid
- 037554e Fix the
id-scep-failInfoTextOID - 1513152 Merge pull request #1791 from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.32.0
- c9ba31a Bump github.com/newrelic/go-agent/v3 from 3.31.0 to 3.32.0
- 1f69ff8 Merge pull request #1792 from smallstep/dependabot/go_modules/google.golang.org/grpc-1.63.2
- a76f071 Bump google.golang.org/grpc from 1.62.1 to 1.63.2
- 08ef9fe Merge pull request #1789 from smallstep/dependabot/go_modules/golang.org/x/net-0.24.0
- 57d6285 Bump golang.org/x/net from 0.22.0 to 0.24.0
- d5758ba Merge pull request #1784 from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.31.0
- 166c496 Merge pull request #1785 from smallstep/dependabot/go_modules/google.golang.org/api-0.172.0
- 1be0932 Merge pull request #1786 from smallstep/carl/winget-fix
- f04a5e3 Fix winget release URL
- d1523c9 Bump google.golang.org/api from 0.171.0 to 0.172.0
- 44c48a7 Bump github.com/newrelic/go-agent/v3 from 3.30.0 to 3.31.0
- 188e4e3 Add version number to winget branch name (#1783)
Thanks!
Those were the changes on v0.26.1!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peek at the freshest PKI memes.
Step CA v0.26.0 (24-03-29)
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
--certificate step-ca_darwin_0.26.0_amd64.tar.gz.sig.pem \
--signature step-ca_darwin_0.26.0_amd64.tar.gz.sig \
--certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
step-ca_darwin_0.26.0_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- 395a3ee Update go.step.sm/crypto (#1781)
- 4772d7c Merge pull request #1780 from smallstep/herman/update-changelog-20240328
- 854288a Update changelog for
v0.26.0release - 4016b69 Merge pull request #1776 from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api-1.12.2
- b5b723e Merge pull request #1775 from smallstep/dependabot/go_modules/google.golang.org/api-0.171.0
- 0a6e79a Merge pull request #1778 from smallstep/dependabot/github_actions/dependabot/fetch-metadata-2.0.0
- 9d86361 Bump github.com/hashicorp/vault/api from 1.12.1 to 1.12.2
- 7e05343 Merge pull request #1774 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.44.1
- 014b4ef Bump dependabot/fetch-metadata from 1.6.0 to 2.0.0
- 21734f7 Bump google.golang.org/api from 0.169.0 to 0.171.0
- 927cd97 Bump go.step.sm/crypto from 0.43.1 to 0.44.1
Thanks!
Those were the changes on v0.26.0!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peek at the freshest PKI memes.
Step CA v0.26.0-rc2 (24-03-20)
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
--certificate step-ca_darwin_0.26.0-rc2_amd64.tar.gz.sig.pem \
--signature step-ca_darwin_0.26.0-rc2_amd64.tar.gz.sig \
--certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
step-ca_darwin_0.26.0-rc2_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- 2650944 Merge pull request #1773 from smallstep/herman/cosign-2.x
- 7888d86 Use
--yesto acknowledge user prompts forcosignsigning
Thanks!
Those were the changes on v0.26.0-rc2!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peek at the freshest PKI memes.
Release v0.26.0-rc1
Merge pull request #1772 from smallstep/jdoss/Enable_tpmkms Enable tpmkms
Step CA v0.25.3-rc7 (24-03-05)
v0.25.3-rc7
This tag was signed with the committer’s verified signature.
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
--certificate step-ca_darwin_0.25.3-rc7_amd64.tar.gz.sig.pem \
--signature step-ca_darwin_0.25.3-rc7_amd64.tar.gz.sig \
--certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
step-ca_darwin_0.25.3-rc7_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- 1583e53 Merge branch 'master' into wire-acme-extensions
- ec223c1 Merge pull request #1748 from smallstep/dependabot/go_modules/github.com/stretchr/testify-1.9.0
- b7e3e0b Merge pull request #1746 from smallstep/dependabot/go_modules/google.golang.org/api-0.167.0
- 022deaf Merge pull request #1749 from smallstep/dependabot/go_modules/github.com/prometheus/client_golang-1.19.0
- 5853c73 Bump github.com/prometheus/client_golang from 1.18.0 to 1.19.0
- cf0d6f8 Bump github.com/stretchr/testify from 1.8.4 to 1.9.0
- 69c7ca9 Bump google.golang.org/api from 0.165.0 to 0.167.0
- 755ae0b Fix Wire mock CA interface implementation
- 364566b Merge branch 'master' into wire-acme-extensions
- 10aa48c Merge pull request #1743 from smallstep/herman/improve-request-id
- 2a47644 Fix linting issue
- d392c16 Improve functional coverage of request ID integration test
- 7fd524f Default to generating request IDs using UUIDv4 format in CA
- 0898c6d Use UUIDv4 as automatically generated client request identifier
- 0d5c692 Merge pull request #1744 from smallstep/carl/readme-updates
- cd3e91b Updated README
- b9d6bfc Cleanup CA client tests by removing
smallstep/assert - 532b9df Improve CA client request ID handling
- 06696e6 Move user ID handling to
useridpackage - 7e5f109 Decouple request ID middleware from logging middleware
- 535e2a9 Fix the e2e request ID test (again)
- b83b8aa Make random TCP address reservation more contained
- 2255857 Fix
clientshadowing and e2e request ID test case - 5c2572c Add support for user provider
X-Request-Idheader value - cf8a501 Add a basic e2e test for
X-Request-Idreflection - fb4cd6f fix: Webhook-related instruments
- a58f595 Add reflection of request ID in
X-Request-Idresponse header - c798735 Merge pull request #1542 from smallstep/herman/webhook-request-id
- c1c2e73 Add
X-Request-Idto all requests made by our CA clients - 4213a19 Use
X-Request-Idas canonical request identifier (if available) - 041b486 Remove usages of
Signwithout context - c16a0b7 Remove
smallstep/assertandpkg/errorsfrom webhook tests - 9689508 Add tests for webhook request IDs
- 2a8b80a Merge branch 'master' into herman/webhook-request-id
- 6ce502c Merge pull request #1741 from smallstep/dependabot/go_modules/github.com/go-jose/go-jose/v3-3.0.2
- 0d2aeff Merge pull request #1739 from smallstep/dependabot/go_modules/google.golang.org/grpc-1.62.0
- 5ee2e02 Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.2
- e4bbe89 Bump google.golang.org/grpc from 1.61.0 to 1.62.0
- 98a976b Merge pull request #1740 from smallstep/dependabot/go_modules/github.com/fxamacker/cbor/v2-2.6.0
- a583b59 Merge pull request #1738 from smallstep/dependabot/go_modules/github.com/googleapis/gax-go/v2-2.12.2
- 0b196b0 Bump github.com/fxamacker/cbor/v2 from 2.5.0 to 2.6.0
- fa941dc Bump github.com/googleapis/gax-go/v2 from 2.12.0 to 2.12.2
- bb6aae0 Merge pull request #1736 from patsevanton/master
- c2dfe59 Сorrection of spelling errors
- 0d4f53f Merge branch 'master' into wire-acme-extensions
- e968275 Merge pull request #1729 from patsevanton/master
- 7e1b93b Update examples/README.md
- dc577e2 Merge pull request #1724 from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.30.0
- 3a2b426 Bump github.com/newrelic/go-agent/v3 from 3.29.1 to 3.30.0
- f7554a0 Merge pull request #1725 from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api/auth/kubernetes-0.6.0
- 685e107 Merge pull request #1726 from smallstep/dependabot/go_modules/google.golang.org/api-0.165.0
- 0a074cb Spelling errors and punctuation have been corrected
- 8e1f538 Bump google.golang.org/api from 0.160.0 to 0.165.0
- e6491ca Merge pull request #1727 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.43.1
- 507f4d0 Bump go.step.sm/crypto from 0.43.0 to 0.43.1
- 2ffc908 Bump github.com/hashicorp/vault/api/auth/kubernetes from 0.5.0 to 0.6.0
- 0a97e1b Merge branch 'master' into wire-acme-extensions
- bb296c9 Merge pull request #1708 from smallstep/herman/csr-expires-header
- bd99db0 Merge pull request #1685 from venkyg-sec/allow_custom_tls_config
- 503e504 Merge branch 'master' into allow_custom_tls_config
- beea482 Fix linter errors in ca/ca.go
- 073fcb7 Merge pull request #1684 from venkyg-sec/allow_external_x509_ca_service_intf
- ac773ff Merge branch 'master' into allow_external_x509_ca_service_intf
- 9fcdd3f Fix format warnings on ca/ca.go
- 3dbb4aa Change CRL unavailable case to HTTP 404
- 5d865b2 Merge pull request #1715 from rvichery/aws-ca-west-1-iid-certificate
- ee44ac1 fixup! Add AWS ca-west-1 identity document certificate
- aaf5a1c Merge branch 'master' into wire-acme-extensions
- 490d065 Merge pull request #1713 from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api/auth/approle-0.6.0
- 283d46d Add AWS ca-west-1 identity document certificate
- a3bed40 Bump github.com/hashicorp/vault/api/auth/approle from 0.5.0 to 0.6.0
- d174e78 Merge pull request #1712 from smallstep/dependabot/go_modules/golang.org/x/net-0.21.0
- 5f91441 Merge pull request #1711 from smallstep/dependabot/go_modules/cloud.google.com/go/longrunning-0.5.5
- a32dade Bump golang.org/x/net from 0.20.0 to 0.21.0
- b9db4e3 Bump cloud.google.com/go/longrunning from 0.5.4 to 0.5.5
- c76dad8 Improve tests for CRL HTTP handler
- 69f5f8d Use
stretchr/testifyinstead ofsmallstep/assertfor tests - d1deb7f Add
Expiresheader to CRL response - 95fdbc1 Merge pull request #1691 from smallstep/herman/wire-acme-improvements
- 194341e Address review comments
- 745017c Add test for OIDC auto discovery configuration
- 138c101 Add validation for Wire UserID + DeviceID identifiers
- 5d7e533 Add validation of
namein DPoP token - 2e78301 Simplify the DPoP target provider functionality
- c6a6622 Improve test coverage for Wire authorizations
- ef657d7 Fix OIDC target
- e153be3 Replace
smallstep/assertwithstretchr/testifyfor ACME provisioner - 37a9f36 Merge branch 'wire-acme-extensions' into herman/wire-acme-improvements
- 92b6191 Merge branch 'master' into wire-acme-extensions
- 6724692 Merge pull request #1706 from smallstep/dependabot/go_modules/github.com/prometheus/client_golang-1.18.0
- 6d29e8a Merge pull request #1704 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.43.0
- 05ccf84 Merge pull request #1705 from smallstep/dependabot/go_modules/cloud.google.com/go/security-1.15.5
- 78522c7 Bump github.com/prometheus/client_golang from 1.15.1 to 1.18.0
- 053d05b Bump cloud.google.com/go/security from 1.15.4 to 1.15.5
- 5209393 Bump go.step.sm/crypto from 0.42.1 to 0.43.0
- e6d9208 Merge branch 'wire-acme-extensions' into herman/wire-acme-improvements
- ace27c0 Merge branch 'master' into wire-acme-extensions
- c579239 Add basic support for OIDC provider instantiation through discovery
- cd21f8d Refactor OIDC verifier instantation to happen only once
- 19feae5 Add test for ACME initialization with Wire challenges
- 59ea731 Merge pull request #1693 from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api-1.11.0
- 78d889a Bump github.com/hashicorp/vault/api from 1.10.0 to 1.11.0
- 2fcb33b Merge pull request #1695 from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.29.1
- fe926e9 Merge pull request #1694 from smallstep/dependabot/go_modules/github.com/google/uuid-1.6.0
- 8123d6a Merge pull request #1692 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.42.1
- d9cf8aa Bump github.com/newrelic/go-agent/v3 from 3.29.0 to 3.29.1
- eeaabbc Bump github.com/google/uuid from 1.5.0 to 1.6.0
- 1122090 Bump go.step.sm/crypto from 0.42.0 to 0.42.1
- 14e8d47 Skip Wire option validation and initialization if not enabled
- 8a9b1b3 Move Wire option validation to provisioner initialization
- 79943d2 Merge branch 'wire-acme-extensions' into herman/wire-acme-improvements
- a0e4cba Merge branch 'master' into wire-acme-extensions
- dd1ff9c Implementation of the Prometheus endpoint (#1669)
- 4d4719a Change URLs used in DPoP template test
- 356e707 Allow usage o...
Step CA v0.25.3-rc6 (24-02-27)
v0.25.3-rc6
This tag was signed with the committer’s verified signature.
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
--certificate step-ca_darwin_0.25.3-rc6_amd64.tar.gz.sig.pem \
--signature step-ca_darwin_0.25.3-rc6_amd64.tar.gz.sig \
--certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
step-ca_darwin_0.25.3-rc6_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- fb4cd6f fix: Webhook-related instruments
- c798735 Merge pull request #1542 from smallstep/herman/webhook-request-id
- 041b486 Remove usages of
Signwithout context - c16a0b7 Remove
smallstep/assertandpkg/errorsfrom webhook tests - 9689508 Add tests for webhook request IDs
- 2a8b80a Merge branch 'master' into herman/webhook-request-id
- 6ce502c Merge pull request #1741 from smallstep/dependabot/go_modules/github.com/go-jose/go-jose/v3-3.0.2
- 0d2aeff Merge pull request #1739 from smallstep/dependabot/go_modules/google.golang.org/grpc-1.62.0
- 5ee2e02 Bump github.com/go-jose/go-jose/v3 from 3.0.1 to 3.0.2
- e4bbe89 Bump google.golang.org/grpc from 1.61.0 to 1.62.0
- 98a976b Merge pull request #1740 from smallstep/dependabot/go_modules/github.com/fxamacker/cbor/v2-2.6.0
- a583b59 Merge pull request #1738 from smallstep/dependabot/go_modules/github.com/googleapis/gax-go/v2-2.12.2
- 0b196b0 Bump github.com/fxamacker/cbor/v2 from 2.5.0 to 2.6.0
- fa941dc Bump github.com/googleapis/gax-go/v2 from 2.12.0 to 2.12.2
- bb6aae0 Merge pull request #1736 from patsevanton/master
- c2dfe59 Сorrection of spelling errors
- e968275 Merge pull request #1729 from patsevanton/master
- 7e1b93b Update examples/README.md
- dc577e2 Merge pull request #1724 from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.30.0
- 3a2b426 Bump github.com/newrelic/go-agent/v3 from 3.29.1 to 3.30.0
- f7554a0 Merge pull request #1725 from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api/auth/kubernetes-0.6.0
- 685e107 Merge pull request #1726 from smallstep/dependabot/go_modules/google.golang.org/api-0.165.0
- 0a074cb Spelling errors and punctuation have been corrected
- 8e1f538 Bump google.golang.org/api from 0.160.0 to 0.165.0
- e6491ca Merge pull request #1727 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.43.1
- 507f4d0 Bump go.step.sm/crypto from 0.43.0 to 0.43.1
- 2ffc908 Bump github.com/hashicorp/vault/api/auth/kubernetes from 0.5.0 to 0.6.0
- bb296c9 Merge pull request #1708 from smallstep/herman/csr-expires-header
- bd99db0 Merge pull request #1685 from venkyg-sec/allow_custom_tls_config
- 503e504 Merge branch 'master' into allow_custom_tls_config
- beea482 Fix linter errors in ca/ca.go
- 073fcb7 Merge pull request #1684 from venkyg-sec/allow_external_x509_ca_service_intf
- ac773ff Merge branch 'master' into allow_external_x509_ca_service_intf
- 9fcdd3f Fix format warnings on ca/ca.go
- 3dbb4aa Change CRL unavailable case to HTTP 404
- 5d865b2 Merge pull request #1715 from rvichery/aws-ca-west-1-iid-certificate
- ee44ac1 fixup! Add AWS ca-west-1 identity document certificate
- 490d065 Merge pull request #1713 from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api/auth/approle-0.6.0
- 283d46d Add AWS ca-west-1 identity document certificate
- a3bed40 Bump github.com/hashicorp/vault/api/auth/approle from 0.5.0 to 0.6.0
- d174e78 Merge pull request #1712 from smallstep/dependabot/go_modules/golang.org/x/net-0.21.0
- 5f91441 Merge pull request #1711 from smallstep/dependabot/go_modules/cloud.google.com/go/longrunning-0.5.5
- a32dade Bump golang.org/x/net from 0.20.0 to 0.21.0
- b9db4e3 Bump cloud.google.com/go/longrunning from 0.5.4 to 0.5.5
- c76dad8 Improve tests for CRL HTTP handler
- 69f5f8d Use
stretchr/testifyinstead ofsmallstep/assertfor tests - d1deb7f Add
Expiresheader to CRL response - 6724692 Merge pull request #1706 from smallstep/dependabot/go_modules/github.com/prometheus/client_golang-1.18.0
- 6d29e8a Merge pull request #1704 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.43.0
- 05ccf84 Merge pull request #1705 from smallstep/dependabot/go_modules/cloud.google.com/go/security-1.15.5
- 78522c7 Bump github.com/prometheus/client_golang from 1.15.1 to 1.18.0
- 053d05b Bump cloud.google.com/go/security from 1.15.4 to 1.15.5
- 5209393 Bump go.step.sm/crypto from 0.42.1 to 0.43.0
- 59ea731 Merge pull request #1693 from smallstep/dependabot/go_modules/github.com/hashicorp/vault/api-1.11.0
- 78d889a Bump github.com/hashicorp/vault/api from 1.10.0 to 1.11.0
- 2fcb33b Merge pull request #1695 from smallstep/dependabot/go_modules/github.com/newrelic/go-agent/v3-3.29.1
- fe926e9 Merge pull request #1694 from smallstep/dependabot/go_modules/github.com/google/uuid-1.6.0
- 8123d6a Merge pull request #1692 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.42.1
- d9cf8aa Bump github.com/newrelic/go-agent/v3 from 3.29.0 to 3.29.1
- eeaabbc Bump github.com/google/uuid from 1.5.0 to 1.6.0
- 1122090 Bump go.step.sm/crypto from 0.42.0 to 0.42.1
- 356e707 Allow usage of externally supplied TLS config
- fbc1e89 Allow x509 Service CA implementation to be injected through ca and authority options
- 4ef093d Fix broken tests relying on
Signin mocks - 9e3807e Use
SignWithContextin the critical paths - 4e06bdb Add
SignWithContextmethod to authority and mocks - b2301ea Remove the webhook
Domethod - f3229d3 Propagate (original) request ID to webhook requests
Thanks!
Those were the changes on v0.25.3-rc6!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Step CA v0.25.3-rc5 (24-01-26)
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
--certificate step-ca_darwin_0.25.3-rc5_amd64.tar.gz.sig.pem \
--signature step-ca_darwin_0.25.3-rc5_amd64.tar.gz.sig \
--certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
step-ca_darwin_0.25.3-rc5_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- dd1ff9c Implementation of the Prometheus endpoint (#1669)
- 27ea4de Merge pull request #1687 from smallstep/dependabot/go_modules/google.golang.org/api-0.157.0
- b0833d7 Merge pull request #1686 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.42.0
- bcaf8a5 Bump google.golang.org/api from 0.156.0 to 0.157.0
- 18d3b7f Bump go.step.sm/crypto from 0.41.0 to 0.42.0
Thanks!
Those were the changes on v0.25.3-rc5!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Step CA v0.25.3-rc4 (24-01-25)
v0.25.3-rc4
This tag was signed with the committer’s verified signature.
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
--certificate step-ca_darwin_0.25.3-rc4_amd64.tar.gz.sig.pem \
--signature step-ca_darwin_0.25.3-rc4_amd64.tar.gz.sig \
--certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
step-ca_darwin_0.25.3-rc4_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- 675e418 Merge branch 'master' into wire-acme-extensions
- 502334f Merge pull request #1689 from smallstep/beltram/wire-acme-extensions
- a38132a Fix policy check for Wire user and device identifiers
- 93ba165 Fix tests to work with Wire
UserIDandDeviceID - 9eed61a use switch statement
- b8eb559 Update acme/order.go
- 27ea4de Merge pull request #1687 from smallstep/dependabot/go_modules/google.golang.org/api-0.157.0
- b0833d7 Merge pull request #1686 from smallstep/dependabot/go_modules/go.step.sm/crypto-0.42.0
- bcaf8a5 Bump google.golang.org/api from 0.156.0 to 0.157.0
- 18d3b7f Bump go.step.sm/crypto from 0.41.0 to 0.42.0
- a3de984 fix: use 2 separate identifiers for Wire
- 7e6356e Merge pull request #1670 from smallstep/herman/remove-rusty-cli
Thanks!
Those were the changes on v0.25.3-rc4!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Step CA v0.25.3-rc3 (24-01-17)
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
--certificate step-ca_darwin_0.25.3-rc3_amd64.tar.gz.sig.pem \
--signature step-ca_darwin_0.25.3-rc3_amd64.tar.gz.sig \
--certificate-identity-regexp "https://github\.com/smallstep/workflows/.*" \
--certificate-oidc-issuer https://token.actions.githubusercontent.com \
step-ca_darwin_0.25.3-rc3_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- 9cc3295 empty commit
Thanks!
Those were the changes on v0.25.3-rc3!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.