This release contains fixes for CVE-2022-23649, affecting signature validations with Rekor. Only validation is affected, it is not necessary to re-sign any artifacts.
See: GHSA-ccxc-vr6p-4858
Changelog
- 8ffcd12 Cherry-pick release notes for 1.5.1 and 1.5.2 (#1487)
- c09e04a Cherry pick vulnerability PRs to release-1.5 (#1486)
- 52164f2 cherry picks to release-1.5 branch (#1482)