Releases: sse-secure-systems/connaisseur
Releases · sse-secure-systems/connaisseur
Version 2.4.0
v2.4.0
Ci
- allowlisting for GMS-2021-101 #495
- test compatibility with Kubernetes v1.23 #429
- ci: fix release pipeline #497
Update
- update pytest-asyncio requirement from ~=0.17.0 to ~=0.17.2 #490
- update mkdocs-material requirement from ~=8.1.6 to ~=8.1.7 #489
- version bump #494
- update mkdocs-material requirement from ~=8.1.4 to ~=8.1.6 #482
- update jsonschema requirement from ~=4.3.3 to ~=4.4.0 #483
- update pytest-asyncio requirement from ~=0.16.0 to ~=0.17.0 #484
- update aioresponses requirement from ~=0.7.2 to ~=0.7.3 #480
- update setuptools requirement from ~=60.3.1 to ~=60.5.0 #478
- update setuptools requirement from ~=60.2.0 to ~=60.3.1 #475
- update requests requirement from ~=2.27.0 to ~=2.27.1 #473
- update cheroot requirement from ~=8.5.2 to ~=8.6.0 #472
- update requests requirement from ~=2.26.0 to ~=2.27.0 #471
- update jsonschema requirement from ~=4.3.1 to ~=4.3.3 #470
- update mkdocs-material requirement from ~=8.1.2 to ~=8.1.4 #469
- update setuptools requirement from ~=59.6.0 to ~=60.2.0 #467
Feat
- support extra configuration in helm chart #491
- implement imagePullSecrets for private container registries #468
Test
- Remove integration test namespaces during cleanup #487
- Allow local execution of integration test #486
- Remove unusable 'all' integration test #486
- Split stress test #486
- Remove superfluous comment
#487
Refactor
Docs
New Contributors
- @lpercetti made their first contribution in #468
Full Changelog: v2.3.0...v2.4.0
Contributors
lpercetti
Assets 2
Version 2.3.0
v2.3.0
Major Scope
The release includes important updates to fix vulnerabilities in dependencies and several usability improvements and extensions:
- allow localhost for notary server (#446)
- using cosign with private registries with self-signed certs (#437)
- ECS alert template to use alerting with e.g. Elastic SIEM (#427)
Changelog
Feat
Fix
Refactor
- Refactor imports, comments, docstrings and some types (#421)
Ci
- Rework integration tests (#381)
Update
- version bump (#457)
- update jsonschema requirement from ~=4.2.1 to ~=4.3.1 (#455)
- update mkdocs-material requirement from ~=8.0.5 to ~=8.1.2 (#454)
- update setuptools requirement from ~=59.5.0 to ~=59.6.0 (#450)
- cosign v1.4.0 to v1.4.1 (#449)
- update mkdocs-material requirement from ~=8.0.4 to ~=8.0.5 (#443)
- update aiohttp requirement from ~=3.8.0 to ~=3.8.1 (#441)
- update pylint requirement from ~=2.12.1 to ~=2.12.2 (#442)
- cosign v1.3.1 to v1.4.0 (#444)
- update setuptools requirement from ~=59.4.0 to ~=59.5.0 (#440)
- update mkdocs-material requirement from ~=7.3.6 to ~=8.0.4 (#439)
- update setuptools requirement from ~=59.2.0 to ~=59.4.0 (#432)
- update pylint requirement from ~=2.11.1 to ~=2.12.1 (#425)
New contributors
Thanks to our new contributors @operatorequals and @sf-jmarcou !
Full Changelog: v2.2.1...v2.3.0
Contributors
operatorequals and sf-jmarcou
Assets 2
Version 2.2.1
v2.2.1
Major Scope
The release contains the following central improvements:
The focus is aimed to improve compatibility and validation speed.
Changelog
Feat
Fix
- only load required delegations + bug fix #318
- add api version batch/v1 support for CronJob resource #396
- Handle invalid admission requests #363
- allow CAPS in image tag #393
Docs
Update
- bump chart version #423
- update setuptools requirement from ~=58.5.3 to ~=59.2.0 #419
- cosign v1.3.0 to v1.3.1 #414
- update pytest-subprocess requirement from ~=1.3.1 to ~=1.3.2 #409
- update jsonschema requirement from ~=4.2.0 to ~=4.2.1 #408
- update jinja2 requirement from ~=3.0.2 to ~=3.0.3 #410
- cosign v1.2.1 to v1.3.0 #404
- update setuptools requirement from ~=58.2.0 to ~=58.5.3 #403
- update jsonschema requirement from ~=4.1.2 to ~=4.2.0 #402
- update pytest-subprocess requirement from ~=1.2.0 to ~=1.3.1 #400
- update mkdocs-material requirement from ~=7.3.4 to ~=7.3.6 #398
- update jsonschema requirement from ~=4.1.1 to ~=4.1.2 #377
- update jsonschema requirement from ~=4.1.0 to ~=4.1.1 #376
- update pytest-asyncio requirement from ~=0.15.1 to ~=0.16.0 #374
- update mkdocs-material requirement from ~=7.3.3 to ~=7.3.4 #373
Refactor
- properly handle different cosign key types #415
Ci
- speedup upgrade integration test #405
- Add loadtest to GitHub pipeline #299
- upgrade test #298
- integration test for workload objects and api versions #396
- use custom k3s cluster #397
Test
Commits
- update: update mkdocs-material requirement from ~=7.3.3 to ~=7.3.4 by @dependabot in #373
- update: update pytest-asyncio requirement from ~=0.15.1 to ~=0.16.0 by @dependabot in #374
- update: update jsonschema requirement from ~=4.1.0 to ~=4.1.1 by @dependabot in #376
- update: update jsonschema requirement from ~=4.1.1 to ~=4.1.2 by @dependabot in #377
- feat: async image validation by @phbelitz in #334
- Allow CAPS in image tag by @hsuchan in #393
- fix: Handle invalid admission requests by @Starkteetje in #363
- docs: add pull request template by @xopham in #395
- ci: use custom k3s cluster by @xopham in #397
- fix: support api versions for k8s workloadobjects, add tests by @xopham in #396
- update: update mkdocs-material requirement from ~=7.3.4 to ~=7.3.6 by @dependabot in #398
- update: update pytest-subprocess requirement from ~=1.2.0 to ~=1.3.1 by @dependabot in #400
- update: update jsonschema requirement from ~=4.1.2 to ~=4.2.0 by @dependabot in #402
- update: update setuptools requirement from ~=58.2.0 to ~=58.5.3 by @dependabot in #403
- ci: connaisseur upgrade integration test by @xopham in #298
- fix: only load required delegantions by @phbelitz in #318
- Production WSGI server by @Starkteetje in #299
- docs: add ADR-7 by @xopham in #406
- update: cosign v1.2.1 to v1.3.0 by @xopham in #404
- ci: speedup upgrade integration test by @xopham in #405
- update: update jinja2 requirement from ~=3.0.2 to ~=3.0.3 by @dependabot in #410
- update: update jsonschema requirement from ~=4.2.0 to ~=4.2.1 by @dependabot in #408
- update: update pytest-subprocess requirement from ~=1.3.1 to ~=1.3.2 by @dependabot in #409
- update: cosign v1.3.0 to v1.3.1 by @xopham in #414
- Refactor: cosign key types by @xopham in #415
- update: update setuptools requirement from ~=58.5.3 to ~=59.2.0 by @dependabot in #419
- Fix/bump app version by @phbelitz in #423
- v2.2.1 release by @xopham in #380
New Contributors
Full Changelog: v2.2.0...v2.2.1
Contributors
hsuchan, Starkteetje, and 3 other contributors
Assets 2
Version 2.2.0
v2.2.0
Major Scope
The release contains central improvements to usability and compatibility of Connaisseur:
- More native Helm integration
- Charts published in public Connaisseur Artifact Hub repository
- Updating Connaisseur (configuration) via
helm upgrade
- Better compatibility with different flavors of Kubernetes (e.g. Openshift/OKD)
- Better compatibility with different versions of Kubernetes (automated tests for v1.16+)
- Improved KMS support for Cosign
Changelog
Full Changelog: v2.1.2...v2.2.0
Docs
- add instruction how to upgrade if added via helm (#365)
- notes on Kubernetes version compatibility (#356)
- add comments for automatic child approval feature (#356)
Fix
- bump helm app version (#364)
- changelogger (#361)
- remove alerting logs when alerting is not configured (#359)
- pod restart on config change (#358)
- k8s version minor parsing in helm (#342)
- admission webhook api version typo (#342)
- webhook api version (#345)
- increase timeout (#346)
- pod restart on config change (#280)
- changed bootstrapping, upgarding and deletion of Connaisseur (#255)
- use compliant/consistent validator names (#335)
- satisfy new pylint rule to enable pylint update (#314)
Ci
- expose helm chart on github pages (#307)
- k8s version test with v1.16 (#349)
- add k8s version compatibility tests (#342)
- fix release pipeline (#368)
Feat
- cosign kms support (#360)
- expose security context for e.g. compatibility with OKD/OpenShift 4 (#288)
- expose automatic child approval (#284)
- Add PodSecurityPolicy (#259)
Refactor
- fix minor issues and typos (#362)
Update
- update pyyaml requirement from ~=5.4.1 to ~=6.0 (#357)
- update mkdocs-material requirement from ~=7.3.2 to ~=7.3.3 (#355)
- update jsonschema requirement from ~=4.0.1 to ~=4.1.0 (#351)
- update pytest-subprocess requirement from ~=1.1.2 to ~=1.2.0 (#350)
- cosign built image package versions (#348)
- update mkdocs-material requirement from ~=7.3.1 to ~=7.3.2 (#343)
- cosign v1.0.0 to v1.2.1 (#289)
- update mike requirement from ~=1.1.1 to ~=1.1.2 (#340)
- update flask requirement from ~=2.0.1 to ~=2.0.2 (#341)
- bump stackrox/kube-linter-action from 1.0.3 to 1.0.4 (#339)
- update pytz requirement from ~=2021.1 to ~=2021.3 (#338)
- update mkdocs-material requirement from ~=7.3.0 to ~=7.3.1 (#337)
- update pytest-cov requirement from ~=2.12.1 to ~=3.0.0 (#336)
- update pylint requirement from ~=2.10.2 to ~=2.11.1 (#313)
- update jsonschema requirement from ~=3.2.0 to ~=4.0.1 (#330)
- bump stackrox/kube-linter-action from 1.0.2 to 1.0.3 (#319)
- update mkdocs-material requirement from ~=7.2.6 to ~=7.3.0 (#317)
- bump codecov/codecov-action from 2.0.3 to 2.1.0 (#309)
- update mike requirement from ~=1.1.0 to ~=1.1.1 (#310)
- update mike requirement from ~=1.0.1 to ~=1.1.0 (#303)
- update mkdocs-material requirement from ~=7.2.5 to ~=7.2.6 (#300)
Test
- k8s version test with v1.16 (#349)
New Contributors
- @youssefazrak made their first contribution in #259
- @pflaeging made their first contribution in #288
Thanks to all Contributors 🚀
Contributors
pflaeging and youssefazrak
Assets 2
Version 2.1.2
Version 2.1.1
v2.1.1
Docs
- minor rewording (#291)
- update cosign key type support (#282)
- remove outdated 2.0 announcement (#274)
- remove Helm purge flag from README.md (#277)
- update banner (#265)
- add namespace info for validator secrets (#263)
- add note on k8s version requirement for detection mode warnings (#236)
- add markdown footnotes (#236)
- update Chart.yaml (#146)
- Fix mistakes in documentation for integration test and health/ready endpoints (#232)
Update
- update mkdocs-material requirement in /docs (#286)
- bump codecov/codecov-action from 2.0.2 to 2.0.3 (#283)
- update pylint requirement from ~=2.9.6 to ~=2.10.2 (#281)
- bump stackrox/kube-linter-action from 1.0.0 to 1.0.2 (#271)
- update mkdocs-material requirement in /docs (#256)
- update mkdocs-material requirement from ~=7.2.2 to ~=7.2.3 (#247)
- update rfc3339-validator requirement from ~=0.1.2 to ~=0.1.4 (#241)
- update python-dateutil requirement from ~=2.8.1 to ~=2.8.2 (#240)
- update pytest-subprocess requirement from ~=1.0.1 to ~=1.1.2 (#239)
- update pytest-cov requirement from ~=2.10.0 to ~=2.12.1 (#227)
- update pytest-mock requirement from ~=3.3.1 to ~=3.6.1 (#229)
- update mkdocs-material requirement from ~=7.2.1 to ~=7.2.2 (#231)
- bump codecov/codecov-action from 1 to 2.0.2 (#214)
- update requests requirement from ~=2.24.0 to ~=2.26.0 (#230)
- update flask requirement from ~=1.1.2 to ~=2.0.1 (#228)
- update pylint requirement from ~=2.7.2 to ~=2.9.6 (#217)
- update pytz requirement from ~=2020.1 to ~=2021.1 (#219)
- update ecdsa requirement from ~=0.15 to ~=0.17 (#216)
- update requests-mock requirement from ~=1.8.0 to ~=1.9.3 (#218)
Fix
- bump helm hook version (#293)
- specify encoding in file reads (#281)
- IaC security configuration (#273)
- Fix variable namespace in make uninstall definition (#234)
- Fix order of webhook and sentinel probes during readiness probe (#235)
Test
Ci
- add trivy IaC scan (#273)
- fix pylint to scan connaisseur dir (#269)
- drop redundant dependabot configuration (#268)
- add kube-linter (#146)
Refactor
- fix linting errors (#269)
Build
- expose webhook failurePolicy (#267)
- add namespaces to makefile commands (#266)
- get signed cosign binary (#204)
Feat
- helm security/resource configs (#146)
Version 2.1.0
Version 2.0.0
v2.0.0
Docs
- rewrite documentation (#158)
- fix get-root utility (#183)
- add setup guide for local integration test (#149)
- added ADR4 (#156)
- Document delegation feature (#144)
- code documentation for config.py (#90)
- ADR for multi notary configuraiton (#90)
- updated for multi notary support (#90)
Feat
- github pages documentation (#158)
- add cosign authentication via k8s dockerconfigjson (#179)
- update-cosign-v0.6.0 (#173)
- new ignore/validate label namespacebased validation (#164)
- concise and functional preconfiguration (#164)
- modular validation (#156)
- prepared helm chart (#156)
- added multi notary support (#90)
- added get_root_key utility (#90)
- parallel trust data request (#169)
- use helm to create certs (#104)
Fix
- make annihilate deletes everything (#185)
- fix get-root utility by (#183)
- multi validator authentication (#179)
- auth config schema (#174)
- wrong image path (#157)
- Set side effect to None so server-side dry run is possible (#170)
- health probe fails after some time (#166)
- pin Python major version (#162)
- do not check alert config on hook image to ensure
make uninstallis working (#161) - use precise IP for alerting endpoint during integration test (#159)
- broken authentication (#156)
- link in README.md (#190)
- image loading for release workflow (#192)
Ci
- added valid initContainer IT (#157)
- add timer (#169)
- adjusted pipeline for modular validation (#156)
- Add integration tests for delegation feature and edge case of multiple defined digests for a tag (#144)
- fail slow on integration tests (#150)
- refactor workflows to reduce code duplication (#145)
- fix release workflow (#189)
Refactor
- switch to helm install (#172)
- rename detection mode in config (#164)
- adjusted tests for modular validation (#156)
- configure cluster name in values.yaml; add namespace to alert messages (#147)
- refactored alerting (#155)
- refactored cosign extension (#101)
- refactored all tests (#101)
- updated helm chart (#101)
- More object orientation (#101)