Release v1.12.1 · sigstore/cosign

Highlights

fix: Pulls Fulcio root and intermediate when --certificate-chain is not passed into verify-blob command. The v1.12.0 release introduced a regression: when COSIGN_EXPERIMENTAL was not set, cosign verify-blob would check a --certificate (without a --certificate-chain provided) against the operating system root CA bundle. In this release, Cosign checks the certificate against Fulcio's CA root instead (restoring the earlier behavior).

What's Changed

fix: fix cert chain validation for verify-blob in non-experimental mode by @asraa in #2256
fix: add COSIGN_EXPERIMENTAL=1 for verify-bloba by @developer-guy in #2254
Fix BYO-root with intermediate to fetch intermediates from annotation by @haydentherapper in #2244
fix: fixing breaking changes in rekor v1.12.0 upgrade by @developer-guy in #2260

New Contributors

@n3k0m4 made their first contribution in #2263

Full Changelog: v1.12.0...v1.12.1

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

v1.12.1

Highlights

What's Changed

New Contributors

Contributors