What's Changed
The following security advisories are fixed by this release:
- GHSA-2m39-75g9-ff5r
- GHSA-wj36-qcfg-5j52
- GHSA-87gh-qc28-j9mm
- GHSA-9r9r-f8xc-m875
- GHSA-6xx7-m45w-76m2
- GHSA-fchm-5w2v-qfm8
Other Changes
- agent: drop openstack uuid option by @THS-on in #799
- config: private_key must set to -private.pem not -public.pem by @THS-on in #806
- config, tpm_main: explicitly handle YAML load errors by @THS-on in #807
- Remove the SHA1 requirement for IMA by @THS-on in #803
- ima_emulator: specify sys.argv as the named parameter argv in main() by @sergio-correia in #809
- Enable functional testing with Packit CI by @kkaarreell in #811
- json: do not make sqlalchemy a hard requirement by @sergio-correia in #813
- Add generator for measured boot refence state for example policy by @THS-on in #808
- db: only set length on Text type if supported by @THS-on in #815
- Various code improvements for mostly the agent by @THS-on in #818
- Remove leftovers of TPM 1.2 support by @axelsimon in #819
- ima_ast: fix handling ToMToU errors by @THS-on in #822
- ima_emulator: fix IMA hash validation and add more options by @THS-on in #823
- Allow graceful shutdown of the verifier by @THS-on in #825
- Drop dataclasses module usage by @aplanas in #827
- tests: fix stdout formatting for agent and verifier by @THS-on in #828
- Mitigations against event type manipulation in UEFI eventlog by @THS-on in #816
- Support multiple configuration files by @aplanas in #829
- tenant: fix reactivate command by @THS-on in #833
- Enable new test in Packit CI by @kkaarreell in #834
- ci: disable DeprecationWarning from pylint in tox by @THS-on in #836
- Fix test branch reference in packit.yaml by @kkaarreell in #838
- ca: support back old cyptography API by @aplanas in #839
- Various fixes and improvements to the web components by @THS-on in #837
- verifier: do not call finish() twice by @THS-on in #842
- tpm_main: close file descriptor for aik handle by @THS-on in #843
- Explicitly set permissions on new keylime.conf files installed by @mpeters in #844
- tenant, web_util: ensure that the content type is actually application/json by @THS-on in #845
- Improve revocation notifier IP description in keylime.conf by @kkaarreell in #847
- Adding Nuvoton certificate for a new post 2020 TPM device. by @galmasi in #850
- verifier: use json.loads(..) instead of ast.literal_eval(..) by @THS-on in #846
- Fix #849 - SHA256 for IMA allowlist v1 by @maugustosilva in #851
- Security improvements to Keylime by @THS-on in #854
New Contributors
- @kkaarreell made their first contribution in #811
Full Changelog: v6.2.1...v6.3.0