- Adds hashed rekord type that can be used to upload signatures along with the hashed content signed (sigstore#501)
- Update the schema to match that of Trillian repo. The map specific (sigstore#528)
- allow setting the user-agent string sent from the client (sigstore#521)
- update key usage for ts cert (sigstore#504)
- api/index/retrieve: allow searching on indicies with sha1 hashes (sigstore#499)
- Only include Attestation data if attestation storage enabled (sigstore#494)
- Fuzzing RequestFromRekor API (sigstore#488)
- Included pprof for profiling the application. (sigstore#485)
- refactor release and add signing (sigstore#483)
- More verbose error message for redis connection failure (sigstore#479) (sigstore#480)
- Fixed modtime for reproducible goreleaser (sigstore#473)
- add goreleaser and cloudbuild for releases (sigstore#443)
- Add dynamic JS tree size counter (sigstore#468)
- check that entry UUID == leafHash of returned entry (sigstore#469)
- chore: upgrade cosign version (sigstore#465)
- Reproducible builds with trimpath (sigstore#464)
- correct links, add Table of Contents of sorts (sigstore#449)
- update go tuf for rsa key impl (sigstore#446)
- Canonicalize JSON before inserting into trillian (sigstore#445)
- Export search UUIDs field (sigstore#438)
- Add a flag to start specifying log index ranges for virtual indices. (sigstore#435)
- Cleanup some initialization/flag parsing in rekor-server. (sigstore#433)
- Drop 404 errors down to a warning. (sigstore#426)
- Cleanup the output of search (the text goes to stderr not stdout). (sigstore#421)
- remove extradata field from types (sigstore#418)
- Update usage of ./cmd/rekor-cli/ from
rekortorekor-cli(sigstore#417) - Add TUF type (sigstore#383)
- Updates to INSTALLATION.md notes (sigstore#415)
- Update snippets to use
consoletype for snippets (sigstore#410) - version: add way to display a version when using go get or go install (sigstore#405)
- Use an in memory timestamping key (sigstore#402)
- Links are case sensitive (sigstore#401)
- Installation guide (sigstore#400)
- Add a SignedTimestampNote (sigstore#397)
- Provide instructions on verifying releases (sigstore#399)
- rekor-server: add html page when humans reach the server via the browser (sigstore#394)
- use go modules to track tools (sigstore#395)
- fix timestamp addition and unmarshal (sigstore#525)
- Correct & parallelize tests (sigstore#522)
- Fix fuzz go.sum issue (sigstore#509)
- fix validation error (sigstore#503)
- Correct Helm index keys (sigstore#474)
- Fix a bug in x509 certificate handling. (sigstore#461)
- Fix a conflict from parallel dependabot merges. (sigstore#456)
- fix tuf metadata marshalling (sigstore#447)
- Switch DSSE provider to go-securesystemslib (sigstore#442)
- fix unmarshalling sth (sigstore#409)
- Fix port flag override (sigstore#396)
- makefile: small fix on the makefile for the rekor-server (sigstore#393)
- Bump github.com/spf13/viper from 1.9.0 to 1.10.0 (sigstore#531)
- Bump sigstore/cosign-installer from 1.3.1 to 1.4.1 (sigstore#530)
- Bump the DSSE signing library. (sigstore#529)
- Bump golang from 1.17.4 to 1.17.5 (sigstore#527)
- Bump golang from 1.17.3 to 1.17.4 (sigstore#523)
- Bump gopkg.in/ini.v1 from 1.66.0 to 1.66.2 (sigstore#520)
- Bump github.com/mitchellh/mapstructure from 1.4.2 to 1.4.3 (sigstore#517)
- Bump github.com/secure-systems-lab/go-securesystemslib (sigstore#516)
- Bump gopkg.in/ini.v1 from 1.64.0 to 1.66.0 (sigstore#513)
- Upgraded go-playground/validator module to v10 (sigstore#507)
- Bump gopkg.in/ini.v1 from 1.63.2 to 1.64.0 (sigstore#495)
- Bump github.com/go-openapi/strfmt from 0.21.0 to 0.21.1 (sigstore#510)
- Bump the trillian import to v1.4.0. (sigstore#502)
- Bump the trillian versions to v1.4.0 in our docker-compose setup. (sigstore#500)
- update go.mod for go-fuzz (sigstore#496)
- Bump sigstore/cosign-installer from 1.3.0 to 1.3.1 (sigstore#491)
- Bump golang from 1.17.2 to 1.17.3 (sigstore#482)
- Bump google.golang.org/grpc from 1.41.0 to 1.42.0 (sigstore#478)
- Bump actions/checkout from 2.3.5 to 2.4.0 (sigstore#477)
- Bump github.com/go-openapi/runtime from 0.20.0 to 0.21.0 (sigstore#470)
- bump go-swagger to v0.28.0 (sigstore#463)
- Bump github.com/in-toto/in-toto-golang from 0.3.2 to 0.3.3 (sigstore#459)
- Bump actions/checkout from 2.3.4 to 2.3.5 (sigstore#458)
- Bump github.com/mediocregopher/radix/v4 from 4.0.0-beta.1 to 4.0.0 (sigstore#460)
- Bump github.com/go-openapi/runtime from 0.19.31 to 0.20.0 (sigstore#451)
- Bump github.com/go-openapi/spec from 0.20.3 to 0.20.4 (sigstore#454)
- Bump github.com/go-openapi/validate from 0.20.2 to 0.20.3 (sigstore#453)
- Bump github.com/go-openapi/strfmt from 0.20.2 to 0.20.3 (sigstore#452)
- Bump github.com/go-openapi/loads from 0.20.2 to 0.20.3 (sigstore#450)
- Bump golang from 1.17.1 to 1.17.2 (sigstore#448)
- Bump google.golang.org/grpc from 1.40.0 to 1.41.0 (sigstore#441)
- Bump golang.org/x/mod from 0.5.0 to 0.5.1 (sigstore#440)
- Bump github.com/spf13/viper from 1.8.1 to 1.9.0 (sigstore#439)
- Bump gopkg.in/ini.v1 from 1.63.0 to 1.63.2 (sigstore#437)
- Bump github.com/mitchellh/mapstructure from 1.4.1 to 1.4.2 (sigstore#436)
- Bump gocloud to v0.24.0. (sigstore#434)
- Bump golang from 1.17.0 to 1.17.1 (sigstore#432)
- Bump go.uber.org/zap from 1.19.0 to 1.19.1 (sigstore#431)
- Bump gopkg.in/ini.v1 from 1.62.0 to 1.63.0 (sigstore#429)
- Bump github.com/go-openapi/runtime from 0.19.30 to 0.19.31 (sigstore#425)
- Bump github.com/go-openapi/errors from 0.20.0 to 0.20.1 (sigstore#423)
- Bump github.com/go-openapi/strfmt from 0.20.1 to 0.20.2 (sigstore#422)
- Bump golang from 1.16.7 to 1.17.0 (sigstore#413)
- Bump golang.org/x/mod from 0.4.2 to 0.5.0 (sigstore#412)
- Bump google.golang.org/grpc from 1.39.1 to 1.40.0 (sigstore#411)
- Bump github.com/go-openapi/runtime from 0.19.29 to 0.19.30 (sigstore#408)
- Bump go.uber.org/zap from 1.18.1 to 1.19.0 (sigstore#407)
- Bump golang from 1.16.6 to 1.16.7 (sigstore#403)
- Bump google.golang.org/grpc from 1.39.0 to 1.39.1 (sigstore#404)
- Aditya Sirish (@adityasaky)
- Andrew Block (@sabre1041)
- Asra Ali (@asraa)
- Axel Simon (@axelsimon)
- Batuhan Apaydın (@developer-guy)
- Bob Callaway (@bobcallaway)
- Carlos Panato (@cpanato)
- Dan Lorenc (@dlorenc)
- Dan Luhring (@luhring)
- Harry Fallows (@harryfallows)
- Hector Fernandez (@hectorj2f)
- Jake Sanders (@dekkagaijin)
- Jason Hall (@imjasonh)
- Lily Sturmann (@lkatalin)
- Luke Hinds (@lukehinds)
- Marina Moore (@mnm678)
- Mikhail Swift (@mikhailswift)
- Naveen Srinivasan (@naveensrinivasan)
- Robert James Hernandez (@sarcasticadmin)
- Santiago Torres (@SantiagoTorres)
- Tiziano Santoro (@tiziano88)
- Trishank Karthik Kuppusamy (@trishankatdatadog)
- Ville Aikas (@vaikas)
- kpcyrd (@kpcyrd)