1.17.0-rc.1 / 2026-05-17
This release contains a larger than usual amount of changes and few which might be considered breaking, thus bumping to 1.17 already. Please help us test this release before we publish 1.17.0 proper.
- [BUGFIX] Update fish completion to remove warning (#3339)
- [chore] Follow up to PR 3383 (#3410)
- [feat] Add --safe flag to set safecontent on demand (#3318)
- [fix] Support HW Age identities (#3389)
- age: fix YubiKey identity persistence via raw-append (ADR-0002) (#3399)
- bug: reload identities on unlock command (#3430)
- chore(deps): bump actions/cache from 4.3.0 to 5.0.3 (#3324)
- chore(deps): bump actions/cache from 5.0.3 to 5.0.4 (#3374)
- chore(deps): bump actions/cache from 5.0.4 to 5.0.5 (#3404)
- chore(deps): bump actions/checkout from 6.0.0 to 6.0.2 (#3326)
- chore(deps): bump actions/setup-go from 6.1.0 to 6.2.0 (#3329)
- chore(deps): bump actions/setup-go from 6.2.0 to 6.3.0 (#3349)
- chore(deps): bump actions/setup-go from 6.3.0 to 6.4.0 (#3367)
- chore(deps): bump actions/upload-artifact from 5.0.0 to 7.0.0 (#3347)
- chore(deps): bump actions/upload-artifact from 7.0.0 to 7.0.1 (#3403)
- chore(deps): bump anchore/sbom-action from 0.20.10 to 0.23.0 (#3348)
- chore(deps): bump anchore/sbom-action from 0.23.0 to 0.24.0 (#3376)
- chore(deps): bump anchore/scan-action from 7.2.1 to 7.3.2 (#3346)
- chore(deps): bump anchore/scan-action from 7.3.2 to 7.4.0 (#3372)
- chore(deps): bump crazy-max/ghaction-import-gpg from 6.3.0 to 7.0.0 (#3368)
- chore(deps): bump dependabot/fetch-metadata from 2 to 3 (#3406)
- chore(deps): bump docker/build-push-action from 6.18.0 to 6.19.2 (#3342)
- chore(deps): bump docker/build-push-action from 6.19.2 to 7.0.0 (#3377)
- chore(deps): bump docker/build-push-action from 7.0.0 to 7.1.0 (#3407)
- chore(deps): bump docker/login-action from 3.6.0 to 3.7.0 (#3330)
- chore(deps): bump docker/login-action from 3.7.0 to 4.0.0 (#3378)
- chore(deps): bump docker/login-action from 4.0.0 to 4.1.0 (#3400)
- chore(deps): bump docker/metadata-action from 5.10.0 to 6.0.0 (#3375)
- chore(deps): bump github.com/cloudflare/circl from 1.6.1 to 1.6.3 (#3341)
- chore(deps): bump github/codeql-action from 4.31.6 to 4.32.4 (#3345)
- chore(deps): bump github/codeql-action from 4.32.4 to 4.35.1 (#3369)
- chore(deps): bump github/codeql-action from 4.35.1 to 4.35.3 (#3401)
- chore(deps): bump goreleaser/goreleaser-action from 6.4.0 to 7.0.0 (#3343)
- chore(deps): bump goreleaser/goreleaser-action from 7.0.0 to 7.2.1 (#3402)
- chore(deps): bump msys2/setup-msys2 from 2.29.0 to 2.31.0 (#3370)
- chore(deps): bump msys2/setup-msys2 from 2.31.0 to 2.31.1 (#3408)
- chore(deps): bump sigstore/cosign-installer from 4.0.0 to 4.1.1 (#3373)
- chore(deps): bump step-security/harden-runner from 2.13.2 to 2.15.0 (#3344)
- chore(deps): bump step-security/harden-runner from 2.15.0 to 2.16.1 (#3371)
- chore(deps): bump step-security/harden-runner from 2.16.1 to 2.19.0 (#3405)
- chore(deps): migrate from urfave/cli v2 to v3 (#3428)
- chore(deps): switch from gopkg.in/yaml.v3 to go.yaml.in/yaml/v3 (#3362)
- docs(appdir): explain GOPASS_HOMEDIR override in UserHome comment (#3421)
- docs(architecture): add API Stability section clarifying module semver policy (#3422)
- docs(otp): document the various supported ways of adding OTP (#3323)
- docs: add gopass-secret-service to integrations list (#3356)
- docs: fix all documentation vs. implementation mismatches from code quality report
- docs: fully document wizard template format (I-7)
- feat(env): add --stdin, --file, and --exec modes to gopass env
- feat: add configurable show.hidden-keys for safecontent redaction
- feat: add gopass doctor diagnostic command (I-4)
- feat: machine-readable JSON output (I-3)
- feat: structured exit codes (I-2)
- feat: support -c=N to copy specific line to clipboard (#3386)
- fix(CI): moving to go 1.25 (#3322)
- fix(age-agent): handle AGE-PLUGIN-* identities to fix 'malformed secret key: mixed case' error (#3397)
- fix(backend): add storage.backend config key to lock backend selection (#3332) (#3398)
- fix(config): restore sub-store fallback for core.exportkeys (#3379)
- fix(copy): preserve directory structure when copying with trailing slash (#3396)
- fix(docs): removing reference to invalid 'gopass binary' command, and adding docs for 'fsmove' and 'fscopy' (#3321)
- fix(queue): fix Idle() TOCTOU race and Add() post-Close() panic
- fix(secparse): replace panic in MustParse with testing.TB.Fatalf (#3420)
- fix(setup): suppress auto-commit in gitfs when setup remote is specified (#2901) (#3391)
- fix(todos): resolve all stale TODOs from S-5
- fix: Configure .gitattributes based on the backend (#3427)
- fix: Correctly honor show.safecontent overrides in substores (#3337)
- fix: REPL tab-completion for entries with spaces (#3360)
- fix: Support strict character class enforcement in create templates (#3352)
- fix: add case-insensitive secret name normalization (#3390)
- fix: add thread safety to SSH identity cache (M-3)
- fix: address A-5, S-1, S-2, S-3, S-4, S-6 and I-1 from code quality audit
- fix: address CLI/UX issues from code quality audit
- fix: address all confirmed bugs from code quality report
- fix: fix lint issues and update tests for removed show -f/--force alias
- fix: recover from panic during shell completion with unknown flags (#3388)
- openbsd: allow unix sockets in pledge (#3381)
- refactor(action): split Action god object into focused handler types (A-1)
- refactor(ctxutil): replace context-key config system with typed structs (A-2)
- security: bound symlink walk to store root (H-2)
- security: document and warn on env command secret exposure (C-2)
- security: fix path traversal in fs storage layer (C-1)
- security: restrict template engine secret access and fix error leakage (H-1)
- security: validate editor binary exists before invocation (H-3)