Releases: smallstep/certificates
Release v0.22.2-rc6
[action] updates and first pass at goreleaser deb
Release v0.22.2-rc5
[action] updates and first pass at goreleaser deb
Release v0.22.2-rc4
[action] updates and first pass at goreleaser deb
Release v0.22.2-rc2
[action] updates and first pass at goreleaser deb
Step CA v0.22.2-rc12 (22-10-01)
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.22.2-rc12_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.22.2-rc12_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- 9d4b383 [action] updates and first pass at goreleaser deb
Thanks!
Those were the changes on v0.22.2-rc12!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Step CA v0.22.2-rc11 (22-10-01)
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.22.2-rc11_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.22.2-rc11_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- 4eb76c1 [action] updates and first pass at goreleaser deb
Thanks!
Those were the changes on v0.22.2-rc11!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Step CA v0.22.2-rc10 (22-10-01)
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.22.2-rc10_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.22.2-rc10_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- d60d74a [action] updates and first pass at goreleaser deb
Thanks!
Those were the changes on v0.22.2-rc10!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Step CA v0.23.0-rc.1 (22-09-13)
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.23.0-rc.1_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.23.0-rc.1_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- df97512 Upgrade linkedca and add entry to changelog
- 666f695 Merge pull request #1048 from smallstep/attest-platform
- bb0210e Fix typo in linkedca variable
- 1e098ae Fixes ACMEAttestationFormat comment
- 6640713 Add methods to convert attestation formats
- 0f65179 Reject not enabled attestation formats
- 53ad3a9 Add go workspaces files to gitignore
- ba42aaf Add attestationFormat property in the ACME provisioner
- b2119e9 Merge pull request #977 from smallstep/device-attestation
- fd4e96d Rename method to IsChallengeEnabled
- c77b4ff Fix linter errors
- 59c5219 Use a type for acme challenges
- a89bea7 Format comment
- 5df9434 Fix old comment, device-attest-01 uses the acme payload
- c5d3714 Fix acme error map
- 08815c5 Reneame attestation statement error
- 3cd72ac Remove debug statements
- 55318ef Merge pull request #1043 from unreality/oidc-missing-email
- 1b68a9f Merge pull request #1045 from smallstep/deprecation-notice
- bc61b23 Add deprecation notices to step-x-init binaries
- b89f210 remove fail-email test and add ok-empty-email test
- a2749ca Merge branch 'master' into device-attestation
- 7a03c43 allow missing Email claim in OIDC tokens, use subject when its missing
- e75e7e7 Fix linter warnings
- 54d9209 Validate proof of possession signature
- 45af68b Upgrade go.step.sm/crypto
- 59b7603 Use a clientAuth only cert for device-attest-01
- 6db631d Upgrade go.step.sm/crypto@attest
- ca412e7 Return error on attestation validation
- ab5f916 Define ErrorBadAttestationStatement
- 735c9d4 Add support for yubikey attestation
- ebce40e Add new method ACMEClient.ValidateWithPayload
- f1c63bc Fix challenge mapping
- 2a44972 Run go mod tidy
- df96b12 Add AuthorizeChallenge unit tests
- bca311b Add acme property to enable challenges
- ae8d4d8 Fix unit test
- 693dc39 Merge branch 'master' into device-attestation
- b1e9d5e Revert "Run on plaintext HTTP to support Cloud Run"
- 2f7cb92 Use go.step.sm/crypto to set the permanent identifier
- 21427d5 Replace instead of prepend provisioner extension
- 2ab1e66 Fix nonce validation
- e02a190 Merge branch 'master' into device-attestation
- 66356cf Add attestation certificate validation for Apple devices
- 9b9c555 Add changelog template
- 1d10491 Update README.md
- 274f6cc iOS 16 beta 2 support
- 7e1b0be iOS 16 beta 1 support
- 77c6d10 Verify key authorization is contained within the TPM quote extraData field
- e1ec31c Implement TPM attestation statement verification
- 2ac8b69 Add ACME permanent-identifier identifier type
- aacd6f4 Add device-attest-01 challenge type
- 09b9673 Run on plaintext HTTP to support Cloud Run
- 860baeb Verbose debug logging
Thanks!
Those were the changes on v0.23.0-rc.1!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Step CA v0.22.1 (22-08-31)
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.22.1_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.22.1_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- d718c69 Prepare changelog for release
- b8162d5 Merge pull request #1034 from smallstep/fix-1033
- a7fcfe0 Verify with roots and intermediates
- 30c54a5 Add entry in changelog
- ea8579f Fix bad signature algorithm on EC+RSA PKI
Thanks!
Those were the changes on v0.22.1!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.
Step CA v0.22.0 (22-08-26)
Official Release Artifacts
Linux
OSX Darwin
Windows
For more builds across platforms and architectures, see the Assets section below.
And for packaged versions (Docker, k8s, Homebrew), see our installation docs.
Don't see the artifact you need? Open an issue here.
Signatures and Checksums
step-ca uses sigstore/cosign for signing and verifying release artifacts.
Below is an example using cosign to verify a release artifact:
cosign verify-blob \
-key https://raw.githubusercontent.com/smallstep/certificates/master/cosign.pub \
-signature ~/Downloads/step-ca_darwin_0.22.0_amd64.tar.gz.sig
~/Downloads/step-ca_darwin_0.22.0_amd64.tar.gz
The checksums.txt file (in the Assets section below) contains a checksum for every artifact in the release.
Changelog
- a893d6e Upgrade go.step.sm/cli-utils
- 432477a Merge pull request #1030 from smallstep/herman/fix-template-validation
- 1938b1b Merge branch 'master' into herman/fix-template-validation
- 1d1e024 Upgrade to go.step.sm/crypto v0.18.0
- 6b7b989 Add provisioner template validation
- dd6f59b Merge pull request #1024 from smallstep/gosec
- 23b8f45 Address gosec warnings
- 713dfad Merge pull request #1019 from smallstep/head-middleware
- 8f88740 Merge pull request #1014 from smallstep/max/dns-id
- 6cab4d3 Add a middleware to automatically route HEAD requests to GET
- c040e4b Add unit tests
- 85fc837 Merge pull request #1018 from smallstep/ra-config
- 3c88a9c Fixed changelog
- 8e08f0d Add entries to changelog
- 0c7467c Allow to automatically configure and linked RA
- 5e0be92 Allow option to skip the validation of config
- b7c2f6c Check for DNS name validity
- ae76d94 Merge pull request #1009 from smallstep/code-ql
- 2db15e4 Remove unnecessary log entries
- 759aa26 Fix linter warning
- 90d2785 Sanitize log entries in logging package
- b62f4d1 Add lgtm comments on some security warnings
- a5439c4 Remove ciphersuites without Lucky13 countermeasures
- d6baad4 Merge pull request #1008 from smallstep/endpoint-id
- 8bd0174 Rename field to IsCAServerCert
- 5df1694 Add endpoint id for the RA certificate
- 20784c7 Merge pull request #1006 from smallstep/max/revoke-serial-validation
- 1dd0d7d Update bad serial error to be more specific
- 73ba411 [action] parameterize golangci-lint version
- eb091ae Simplify field names for ProvisionerInfo
- a65adc0 Merge pull request #1005 from smallstep/crypto-kms
- 7052a32 Validate revocation serial number
- 4985ab1 Remove kms package
- 369b8f8 Use go.step.sm/crypto/kms
- 3e2729e Merge pull request #989 from smallstep/max/disable-ssh-hosts
- 9f67a80 Merge pull request #1004 from smallstep/go-1.19
- f1aabaa Use functions from os instead of io/ioutil
- 8445c29 Change actions to build using Go 1.19
- 99c9155 disableSSHHostsListAPI -> disableGetSSHHosts
- 38fb924 Merge pull request #993 from smallstep/ra-ids
- 22337da Merge pull request #990 from qbit/master
- 821743f Upgrade newrelic to v3
- 135c481 Update deps to bring in support for OpenBSD
- a2f7766 Use released version of linkedca
- c5c7c30 Fix typo in ProvisionerInfo
- 6474456 Send RA provisioner to linkedca.
- 6b5d3dc Add provisioner name to RA info
- 9648fe6 Remove debug statement
- a1f5492 Rename internal field
- f9df8ac Remove unused interface
- 7a1e6a0 Fix and extend stepcas unit tests
- 9408d0f Send RA provisioner information to the CA
- a881937 Remove empty lines on debug information
- 87f28a7 Create codeql-analysis.yml
- 0efaf51 Create SECURITY.md
- fb7f57a Add attribute to disable SSH Hosts list API
- 01423e3 [action] combine label and triage project add in one workflow
Thanks!
Those were the changes on v0.22.0!
Come join us on Discord to ask questions, chat about PKI, or get a sneak peak at the freshest PKI memes.