You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+38Lines changed: 38 additions & 0 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -1,3 +1,41 @@
1
+
# v2.2.2
2
+
3
+
v2.2.2 adds a new container with a shell, `gcr.io/projectsigstore/cosign:vx.y.z-dev`, in addition to the existing
4
+
container `gcr.io/projectsigstore/cosign:vx.y.z` without a shell.
5
+
6
+
For private deployments, we have also added an alias for `--insecure-skip-log`, `--private-infrastructure`.
7
+
8
+
## Bug Fixes
9
+
10
+
* chore(deps): bump github.com/sigstore/sigstore from 1.7.5 to 1.7.6 (#3411) which fixes a bug with using Azure KMS
11
+
* Don't require CT log keys if using a key/sk (#3415)
12
+
* Fix copy without any flag set (#3409)
13
+
* Update cosign generate cmd to not include newline (#3393)
14
+
* Fix idempotency error with signing (#3371)
15
+
16
+
## Features
17
+
18
+
* Add `--yes` flag `cosign import-key-pair` to skip the overwrite confirmation. (#3383)
19
+
* Use the timeout flag value in verify* commands. (#3391)
20
+
* add --private-infrastructure flag (#3369)
21
+
22
+
## Container Updates
23
+
24
+
* Bump builder image to use go1.21.4 and add new cosign image tags with shell (#3373)
25
+
26
+
## Documentation
27
+
28
+
* Update SBOM_SPEC.md (#3358)
29
+
30
+
## Contributors
31
+
32
+
* Carlos Tadeu Panato Junior
33
+
* Dylan Richardson
34
+
* Hayden B
35
+
* Lily Sturmann
36
+
* Nikos Fotiou
37
+
* Yonghe Zhao
38
+
1
39
# v2.2.1
2
40
**Note: This release comes with a fix for CVE-2023-46737 described in this [Github Security Advisory](https://github.com/sigstore/cosign/security/advisories/GHSA-vfp6-jrw2-99g9). Please upgrade to this release ASAP**
0 commit comments