sigstore/cosign v3.0.4
on GitHub

one day ago

v3.0.4

v3.0.4 resolves GHSA-whqx-f9j3-ch6m.

Changes

Fix bundle verify path for old bundle/trusted root (GHSA-whqx-f9j3-ch6m) (#4623)
Optimize cosign tree performance by caching digest resolution (#4612)
Don't require a trusted root to verify offline with a key (#4613)
Support default services for trusted-root and signing-config creation (#4592)

Full Changelog: v3.0.3...v3.0.4

Check out latest releases or
releases around sigstore/cosign v3.0.4

Don't miss a new cosign release

NewReleases is sending notifications on new releases.

Get notifications