Changelog
- 8b07f75 Bumped alpine to 3.21 (#747)
- 2479d88 INS-1149: Fix CVE-2025-22874 for goldilocks (#759)
- 0ef8ad2 remove packr in favor of embed (#761)
You can verify the signatures of both the checksums.txt file and the published docker images using cosign.
sha256sum -c goldilocks_v4.14.0_checksums.txt --ignore-missing
cosign verify-blob goldilocks_v4.14.0_checksums.txt --signature=goldilocks_v4.14.0_checksums.txt.sig --key https://artifacts.fairwinds.com/cosign.pub
cosign verify us-docker.pkg.dev/fairwinds-ops/oss/goldilocks:v4 --key https://artifacts.fairwinds.com/cosign.pub