v0.12.0

What's Changed

• update changelog for 0.11.0 by @cpanato in #989
• bump sigstore/sigstore from 1.2.1 to 1.4.0 by @k4leung4 in #985
• check supportedVersions list rather than directly reading from version map by @bobcallaway in #1003
• enable blocking specific pluggable type versions from being inserted into the log by @bobcallaway in #1004
• api.SearchLogQueryHandler thread safety by @cdris in #1006
• 'docker compose' to 'docker-compose' by @bobcallaway in #1009
• Intoto v0.0.2 by @pxp928 in #973
• Add bounds on number of elements in api/v1/log/entries/retrieve by @priyawadhwa in #1011
• Change Checkpoint origin to be "Hostname - Tree ID" by @haydentherapper in #1013
• feat: add verification functions by @asraa in #986
• Validate tree ID on calls to /api/v1/log/entries/retrieve by @priyawadhwa in #1017
• Include checkpoint (STH) in entry upload and retrieve responses by @haydentherapper in #1015
• fix: use entry uuid uniformly in return responses by @asraa in #1012
• remove /api/v1/version endpoint by @bobcallaway in #1022
• upgrade to go1.19 by @cpanato in #1018
• update to go-swagger v0.30.2 by @bobcallaway in #1028
• Fix rekor-cli backwards incompatibility & run harness tests against HEAD by @priyawadhwa in #1030
• Fix harness tests @ main by @priyawadhwa in #1038
• Fetch all tags in harness tests by @priyawadhwa in #1039
• fix retrieve endpoint response code and add testing by @asraa in #1043
• update go builder to go1.19.1 by @cpanato in #1044

New Contributors

• @cdris made their first contribution in #1006
• @pxp928 made their first contribution in #973

Full Changelog: v0.11.0...v0.12.0

v0.11.0

What's Changed

• Bump github/codeql-action from 2.1.16 to 2.1.17 by @dependabot in #946
• Bump google.golang.org/protobuf from 1.28.0 to 1.28.1 by @dependabot in #947
• Bump golang from 6e10f44 to 8a62670 by @dependabot in #948
• Bump golang from 1.18.4 to 1.18.5 by @dependabot in #950
• Add rekor harness tests by @priyawadhwa in #945
• Persist and check attestations across harness tests by @priyawadhwa in #952
• Bump github/codeql-action from 2.1.17 to 2.1.18 by @dependabot in #955
• Bump github.com/go-openapi/swag from 0.21.1 to 0.22.0 by @dependabot in #958
• Bump github.com/prometheus/client_golang from 1.12.2 to 1.13.0 by @dependabot in #959
• Add harness test for getting all entries by UUID and EntryID by @priyawadhwa in #957
• Bump go.uber.org/zap from 1.21.0 to 1.22.0 by @dependabot in #961
• Bump gopkg.in/ini.v1 from 1.66.6 to 1.67.0 by @dependabot in #960
• api: fix inclusion proof verification flake by @asraa in #956
• change default value for rekor_server.hostname to server's hostname by @bobcallaway in #963
• Bump github.com/go-openapi/errors from 0.20.2 to 0.20.3 by @dependabot in #964
• fix nil-pointer error when artifact-hash is passed without artifact by @dsa0x in #965
• Add prometheus summary to track metric latency by @priyawadhwa in #966
• compute payload and envelope hashes upon validating intoto proposed entries by @bobcallaway in #967
• update field documentation on publicKey for hashedrekord by @bobcallaway in #969
• Bump actions/github-script from 6.1.0 to 6.1.1 by @dependabot in #971
• Bump github.com/mediocregopher/radix/v4 from 4.1.0 to 4.1.1 by @dependabot in #972
• Allow sharding config to be written in yaml or json by @priyawadhwa in #974
• Bump sigstore/cosign-installer from 2.5.0 to 2.5.1 by @dependabot in #975
• Bump github.com/go-openapi/swag from 0.22.0 to 0.22.1 by @dependabot in #978
• Bump github.com/go-openapi/loads from 0.21.1 to 0.21.2 by @dependabot in #977
• fix incorrect schema id for cose type by @bobcallaway in #979
• Bump github.com/go-openapi/spec from 0.20.6 to 0.20.7 by @dependabot in #976
• fix: make rekor verify work with sharded uuids by @asraa in #970
• update builder and cosign images by @cpanato in #981
• remove trailing slash on directories by @bobcallaway in #984
• add changelog for v0.11.0 release by @cpanato in #982
• add support for intersection & union in search operations by @dsa0x in #968
• Update scorecard-action to v2:alpha by @azeemshaikh38 in #987

New Contributors

• @dsa0x made their first contribution in #965

Full Changelog: v0.10.0...v0.11.0

v0.10.0

** Note: Rekor will not send application/yaml responses anymore only application/json responses

What's Changed

• reuse DSSE signature wrappers instead of a local copy by @bobcallaway in #912
• Updates on the release job/makefile cleanup by @cpanato in #914
• Return 404 if entry isn't found in log by @priyawadhwa in #915
• Bump actions/setup-go from 3.2.0 to 3.2.1 by @dependabot in #916
• Bump google.golang.org/grpc from 1.47.0 to 1.48.0 by @dependabot in #920
• Bump golang from 1.18.3 to 1.18.4 by @dependabot in #919
• Bump github/codeql-action from 2.1.15 to 2.1.16 by @dependabot in #924
• Bump actions/dependency-review-action from 2.0.2 to 2.0.4 by @dependabot in #925
• Bump github.com/veraison/go-cose from 1.0.0-alpha.1 to 1.0.0-rc.1 by @dependabot in #928
• Bump sigs.k8s.io/release-utils from 0.7.1 to 0.7.2 by @dependabot in #927
• Update cosign image in validate-release job by @priyawadhwa in #931
• Bump github.com/go-openapi/strfmt from 0.21.2 to 0.21.3 by @dependabot in #930
• Bump sigstore/cosign-installer from 2.4.1 to 2.5.0 by @dependabot in #936
• Bump github.com/google/trillian from 1.4.1 to 1.4.2 in /hack/tools by @dependabot in #939
• Bump sigs.k8s.io/release-utils from 0.7.2 to 0.7.3 by @dependabot in #937
• update go builder and cosign image by @cpanato in #934
• Bump imjasonh/setup-ko from 0.4 to 0.5 by @dependabot in #940
• Drop application/yaml content type by @haydentherapper in #933
• Add rekor test harness to presubmit tests by @priyawadhwa in #921
• ✨ Enable Scorecard badge by @azeemshaikh38 in #941
• update go mod in hack/tools to go1.18 by @cpanato in #935
• update changelog in preparation of v0.10.0 release by @cpanato in #943
• Bump golang from 9349ed8 to 6e10f44 by @dependabot in #942
• add ldflags back by @cpanato in #944

New Contributors

• @azeemshaikh38 made their first contribution in #941

Full Changelog: v0.9.1...v0.10.0

Thanks to all contributors!

v0.9.1

What's Changed

• feat: add subject URIs to index for x509 certificates by @asraa in #897
• Bump sigstore/cosign-installer from 2.4.0 to 2.4.1 by @dependabot in #898
• fix: sql syntax in dbcreate script by @xens in #903
• Switch to go 1.18 and pin release-utils to v0.7.1 by @saschagrunert in #904
• Check inactive shards for UUID for /retrieve endpoint by @priyawadhwa in #905
• ensure log messages have requestID where possible by @bobcallaway in #907
• Bump github.com/theupdateframework/go-tuf from 0.3.0 to 0.3.1 by @dependabot in #906
• Remove unnecessary lookup of non-existent attestations from storage layer by @bobcallaway in #909
• Fix bug where /retrieve endpoint returns wrong logIndex across shards by @priyawadhwa in #908
• cleanup makefile with generated code; cleanup unused files by @bobcallaway in #910
• add changelog for v0.9.1 by @cpanato in #911

New Contributors

• @xens made their first contribution in #903
• @saschagrunert made their first contribution in #904

Full Changelog: v0.9.0...v0.9.1

Thanks for all contributors!

v0.9.0

What's Changed

• Add COSE support to Rekor by @kommendorkapten in #867
• Bump github/codeql-action from 2.1.13 to 2.1.14 by @dependabot in #885
• Bump ossf/scorecard-action from 1.1.1 to 1.1.2 by @dependabot in #888
• Bump github/codeql-action from 2.1.14 to 2.1.15 by @dependabot in #893
• Fix intoto index keys by @bobcallaway in #889
• Resolve virtual log index when calling /retrieve endpoint by @priyawadhwa in #894
• add changelog for v0.9.0 by @cpanato in #895

New Contributors

• @kommendorkapten made their first contribution in #867

Full Changelog: v0.8.2...v0.9.0

Thanks to all contributors!

v0.8.2

What's Changed

• collect docker-compose logs if sharding tests fail, also trim IDs by @bobcallaway in #869
• ensure fallback logic executes if attestation key is empty when fetching attestation by @bobcallaway in #878
• Bump github.com/spf13/cobra from 1.4.0 to 1.5.0 by @dependabot in #881
• Bump github/codeql-action from 2.1.12 to 2.1.13 by @dependabot in #880
• add changelog for v0.8.2 by @cpanato in #882

Full Changelog: v0.8.1...v0.8.2

v0.8.1

What's Changed

• Bump sigstore/cosign-installer from 2.3.0 to 2.4.0 by @dependabot in #868
• Bump actions/dependency-review-action from 1.0.2 to 2 by @dependabot in #871
• Fix indexing bug for intoto attestations by @priyawadhwa in #870
• Bump actions/dependency-review-action from 2.0.0 to 2.0.2 by @dependabot in #875
• Allow an expired certificate chain to be uploaded and verified by @haydentherapper in #873
• add changelog for v0.8.1 by @cpanato in #874

Full Changelog: v0.8.0...v0.8.1

Thanks for all contributors!

v0.8.0

What's Changed

• Bump gopkg.in/ini.v1 from 1.66.4 to 1.66.5 by @dependabot in #846
• Update go-tuf and sigstore/sigstore to non-vulnerable go-tuf version. by @dhaus67 in #847
• Bump gopkg.in/ini.v1 from 1.66.5 to 1.66.6 by @dependabot in #848
• Configure rekor server in e2e tests via env variable by @priyawadhwa in #850
• Bump github.com/secure-systems-lab/go-securesystemslib from 0.3.1 to 0.4.0 by @dependabot in #853
• Bump google.golang.org/grpc from 1.46.2 to 1.47.0 by @dependabot in #852
• Bump ossf/scorecard-action from 1.1.0 to 1.1.1 by @dependabot in #857
• Bump github/codeql-action from 2.1.11 to 2.1.12 by @dependabot in #858
• update cross-builder image to use go1.17.11 and dockerfile base image by @cpanato in #860
• update go.mod to go1.17 by @cpanato in #861
• Improve error message when using ED25519 with HashedRekord type by @haydentherapper in #862
• Bump github.com/go-openapi/validate from 0.21.0 to 0.22.0 by @dependabot in #863
• Bump github.com/spf13/viper from 1.11.0 to 1.12.0 by @dependabot in #844
• Allow retrieving entryIDs or UUIDs via /api/v1/log/entries/retrieve endpoint by @priyawadhwa in #859
• Print total tree size, including inactive shards in rekor-cli loginfo by @priyawadhwa in #864
• add changelog for v0.8.0 by @cpanato in #866

New Contributors

• @dhaus67 made their first contribution in #847

Full Changelog: v0.7.0...v0.8.0

v0.7.0

⚠️ Breaking Change

Removed timestamping authority API. This is a breaking API change.
If you are relying on the timestamping authority to issue signed timestamps, create signed timestamps using either OpenSSL or a service such as FreeTSA.

What's Changed

• remove URL fetch of keys/artifacts server-side by @bobcallaway in #735
• Bump sigstore/cosign-installer from 2.2.0 to 2.2.1 by @dependabot in #776
• Bump github.com/spf13/viper from 1.10.1 to 1.11.0 by @dependabot in #777
• Bump actions/checkout from 3.0.0 to 3.0.1 by @dependabot in #778
• Bump anchore/sbom-action from 0.10.0 to 0.11.0 by @dependabot in #779
• Bump github.com/mediocregopher/radix/v4 from 4.0.0 to 4.1.0 by @dependabot in #781
• Bump github.com/mitchellh/mapstructure from 1.4.3 to 1.5.0 by @dependabot in #782
• Bump codecov/codecov-action from 3.0.0 to 3.1.0 by @dependabot in #785
• Bump actions/checkout from 3.0.1 to 3.0.2 by @dependabot in #786
• Bump google-github-actions/auth from 0.7.0 to 0.7.1 by @dependabot in #790
• Bump google.golang.org/grpc from 1.45.0 to 1.46.0 by @dependabot in #791
• Bump github/codeql-action from 2.1.8 to 2.1.9 by @dependabot in #796
• Bump sigstore/cosign-installer from 2.2.1 to 2.3.0 by @dependabot in #795
• Bump github.com/google/go-cmp from 0.5.7 to 0.5.8 by @dependabot in #794
• intoto: add index on materials digest of slsa provenance by @asraa in #793
• Bump github.com/go-openapi/runtime from 0.23.3 to 0.24.0 by @dependabot in #799
• chore(deps): Included dependency review by @naveensrinivasan in #788
• Check if intoto hash is available before accessing it as an index key by @priyawadhwa in #800
• Bump github.com/go-playground/validator/v10 from 10.10.1 to 10.11.0 by @dependabot in #803
• Move deprecated dependency: google/trillian/merkle to transparency-dev by @asraa in #807
• Bump github.com/go-openapi/spec from 0.20.5 to 0.20.6 by @dependabot in #802
• Bump github.com/go-openapi/runtime from 0.24.0 to 0.24.1 by @dependabot in #811
• Retrieve shard tree length if it isn't provided in the config by @priyawadhwa in #810
• Bump github/codeql-action from 2.1.9 to 2.1.10 by @dependabot in #816
• Bump golangci/golangci-lint-action from 3.1.0 to 3.2.0 by @dependabot in #815
• update release builder images to use go 1.17.10 and cosign image to 1.8.0 by @cpanato in #820
• Bump github/codeql-action from 03e2e3c45f9f937ffe65a1caa4c9960d420a31f9 to 2.1.10 by @dependabot in #821
• Bump actions/setup-go from 3.0.0 to 3.1.0 by @dependabot in #822
• Bump github.com/google/trillian from 1.4.0 to 1.4.1 by @dependabot in #817
• Bump github.com/google/trillian from 1.4.0 to 1.4.1 in /hack/tools by @dependabot in #818
• update go to 1.17.10 in the dockerfile by @cpanato in #819
• Bump github.com/prometheus/client_golang from 1.12.1 to 1.12.2 by @dependabot in #827
• Limit the number of certificates parsed in a chain by @haydentherapper in #823
• Bump actions/github-script from 6.0.0 to 6.1.0 by @dependabot in #826
• Bump actions/dependency-review-action from 3f943b86c9a289f4e632c632695e2e0898d9d67d to 1 by @dependabot in #825
• Bump google.golang.org/grpc from 1.46.0 to 1.46.2 by @dependabot in #828
• Bump google-github-actions/auth from 0.7.1 to 0.7.2 by @dependabot in #830
• Bump github/codeql-action from 2.1.10 to 2.1.11 by @dependabot in #829
• Breaking change: Remove timestamping authority by @haydentherapper in #813
• Bump google-github-actions/auth from 0.7.2 to 0.7.3 by @dependabot in #832
• Add back owners for rfc3161 package type by @haydentherapper in #833
• all: remove dependency on deprecated github.com/pkg/errors by @zchee in #834
• Bump actions/upload-artifact from 3.0.0 to 3.1.0 by @dependabot in #836
• Bump goreleaser/goreleaser-action from 2.9.1 to 3 by @dependabot in #837
• Bump actions/dependency-review-action from 1.0.1 to 1.0.2 by @dependabot in #840
• Bump google-github-actions/auth from 0.7.3 to 0.8.0 by @dependabot in #839
• name stored attestations by digest instead of UUID by @bobcallaway in #769
• Bump ossf/scorecard-action from 1.0.4 to 1.1.0 by @dependabot in #843
• Bump actions/setup-go from 3.1.0 to 3.2.0 by @dependabot in #842
• add changelog for 0.7.0 release by @cpanato in #835

New Contributors

• @zchee made their first contribution in #834

Full Changelog: v0.6.0...v0.7.0

Thanks for all contributors!

v0.6.0

Notice: The server side remote fetching of resources will be removed in the next release

What's Changed

• attempting to fix codeowners file by @bobcallaway in #653
• Update the warning text for the GA release. by @dlorenc in #654
• Bump github.com/go-openapi/runtime from 0.22.0 to 0.23.0 by @dependabot in #655
• Bump github.com/go-openapi/strfmt from 0.21.1 to 0.21.2 by @dependabot in #656
• Bump go.uber.org/zap from 1.20.0 to 1.21.0 by @dependabot in #660
• Bump github/codeql-action from 1.0.31 to 1.0.32 by @dependabot in #659
• use upstream k8s version lib by @n3wscott in #657
• Bump golang from 301609e to fff998d by @dependabot in #662
• Bump actions/setup-go from 2.1.5 to 2.2.0 by @dependabot in #663
• Bump gopkg.in/ini.v1 from 1.66.3 to 1.66.4 by @dependabot in #664
• Add docs about API stability and deprecation policy by @priyawadhwa in #661
• update cross-build and dockerfile to use go 1.17.7 by @cpanato in #666
• Bump github/codeql-action from 1.0.32 to 1.1.0 by @dependabot in #668
• Bump actions/github-script from 5.1.0 to 6 by @dependabot in #669
• Move k8s objects out of the default namespace by @k4leung4 in #674
• add securityContext to deployment. by @k4leung4 in #678
• Add intoto type documentation by @jspeed-meyers in #679
• create namespace for rekor config in yaml. by @k4leung4 in #680
• Bump github/codeql-action from 1.1.0 to 1.1.2 by @dependabot in #682
• Bump ossf/scorecard-action from 1.0.3 to 1.0.4 by @dependabot in #683
• Set rekor-cli User-Agent header on requests by @bobcallaway in #684
• update security process link by @bobcallaway in #685
• Bump sigstore/cosign-installer from 2.0.0 to 2.0.1 by @dependabot in #686
• explicitly set permissions for github actions by @k4leung4 in #687
• Bump github.com/go-openapi/runtime from 0.23.0 to 0.23.1 by @dependabot in #689
• Bump github/codeql-action from 1.1.2 to 1.1.3 by @dependabot in #690
• Bump golangci/golangci-lint-action from 2.5.2 to 3 by @dependabot in #691
• Bump goreleaser/goreleaser-action from 2.8.1 to 2.9.0 by @dependabot in #692
• Bump golangci/golangci-lint-action from 3.0.0 to 3.1.0 by @dependabot in #693
• Bump github.com/secure-systems-lab/go-securesystemslib from 0.3.0 to 0.3.1 by @dependabot in #695
• Bump actions/setup-go from 2.2.0 to 3.0.0 by @dependabot in #694
• Bump goreleaser/goreleaser-action from 2.9.0 to 2.9.1 by @dependabot in #696
• Bump actions/checkout from 2.4.0 to 3 by @dependabot in #698
• Add documentation about Alpine type by @jspeed-meyers in #697
• Add code coverage to pull requests. by @k4leung4 in #676
• Consistent parenthesis use in Makefile by @k4leung4 in #700
• Go update to 1.17.8 and cosign to 1.6.0 by @cpanato in #705
• Bump actions/upload-artifact from 2.3.1 to 3 by @dependabot in #704
• Use logRangesFlag in API, route reads based on TreeID by @lkatalin in #671
• Generate release yaml for non-CI builds. by @k4leung4 in #702
• Bump sigstore/cosign-installer from 2.0.1 to 2.1.0 by @dependabot in #708
• Bump github.com/go-openapi/runtime from 0.23.1 to 0.23.2 by @dependabot in #710
• Bump anchore/sbom-action from 0.6.0 to 0.7.0 by @dependabot in #709
• Mirror signed release images from GCR to GHCR as part of release by @k4leung4 in #701
• Bump golang from 0168c35 to ca70980 by @dependabot in #707
• build trillian container to existing release. by @k4leung4 in #715
• Bump github/codeql-action from 1.1.3 to 1.1.4 by @dependabot in #716
• Bump github.com/go-playground/validator/v10 from 10.10.0 to 10.10.1 by @dependabot in #717
• Make the loginfo command a bit more future/backwards proof. by @dlorenc in #718
• Switch to using the swag library for pointer manipulation. by @dlorenc in #719
• Change TreeID to be of type string instead of int64 by @priyawadhwa in #712
• Add sharding e2e test to Github Actions by @priyawadhwa in #714
• fix merge conflict by @priyawadhwa in #720
• Bump google.golang.org/grpc from 1.44.0 to 1.45.0 by @dependabot in #723
• Bump golang from ca70980 to c7c9458 by @dependabot in #722
• Clearer logging for createAndInitTree by @priyawadhwa in #724
• Bump github.com/spf13/cobra from 1.3.0 to 1.4.0 by @dependabot in #728
• Return virtual index when creating and getting a log entry by @priyawadhwa in #725
• Fix copy/paste mistake in repo name. by @k4leung4 in #730
• Use reusuable release workflow in sigstore/sigstore by @k4leung4 in #729
• Bump github/codeql-action from 1.1.4 to 1.1.5 by @dependabot in #736
• Get log proofs by Tree ID by @priyawadhwa in #733
• Refactor rekor-cli loginfo by @priyawadhwa in #734
• Bump github.com/go-openapi/runtime from 0.23.2 to 0.23.3 by @dependabot in #740
• Update loginfo API endpoint to return information about inactive shards by @priyawadhwa in #738
• Bump google.golang.org/protobuf from 1.27.1 to 1.28.0 by @dependabot in #744
• Replace trillian_log_server.log_id_ranges flag with a config file by @priyawadhwa in #742
• Bump anchore/sbom-action from 0.7.0 to 0.8.0 by @dependabot in #743
• fix build date format for version command by @cpanato in #745
• Require tlog_id when log_id_ranges is passed in by @lkatalin in #739
• Use active tree on server startup by @lkatalin in #727
• Bump github/codeql-action from 1.1.5 to 2.1.6 by @dependabot in #748
• Specify public key for inactive shards in shard config by @priyawadhwa in #746
• Add support for providing certificate chain for X509 signature types by @haydentherapper in #747
• Bump google-github-actions/auth from 0.6.0 to 0.7.0 by @dependabot in #751
• Bump github/codeql-action from 2.1.6 to 2.1.7 by @dependabot in #752
• Bump codecov/codecov-action from 2.1.0 to 3 by @dependabot in #753
• Bump anchore/sbom-action from 0.8.0 to 0.9.0 by @dependabot in #754
• Bump sigstore/cosign-installer from 2.1.0 to 2.2.0 by @dependabot in #757
• fix typo in filename by @bobcallaway in #758
• Update release jobs and trillian images by @cpanato in #756
• Bump github/codeql-action from 2.1.7 to 2.1.8 by @dependabot in #762
• Bump anchore/sbom-action from 0.9.0 to 0.10.0 by @dependabot in #763
• Add the SHA256 digest of the intoto payload into the rekor entry by @bobcallaway in #764
• Add index to hashed intoto envelope by @asraa in #761
• Fix link in types README by @eddiezane in #765
• set p.Block after parsing in helm provenance type by @bobcallaway in #759
• Bump github.com/go-openapi/spec from 0.20.4 to 0.20.5 by @dependabot in #768
• Fix search without sha prefix by @eddiezane in #767
• Add in configmap to release for sharding config by @priyawadhwa in https://github.com/s...