Added
- LDevID-based TPM attestation can now be performed via a new
tpm_devidNodeAttestor plugin (#2111, #2427) - Caller details are now logged for unauthorized Server API calls (#2399)
- The
aws_iidNodeAttestor plugin now supports attesting nodes across multiple AWS accounts via AWS IAM role assumption (#2387) - Added support for running the
k8s_satNodeAttestor plugin with Kubernetes v1.21 (#2423) - Call counter metrics are now emitted for SPIRE Server rate limiters (#2422)
- SPIRE Server now logs a message on startup when configured TTL values may result in SVIDs with a shorter lifetime than expected (#2284)
Changed
- Updated a trust domain validation error message to mention that underscores are valid trust domain characters (#2392)
Fixed
- Fixed bugs that broke the ACME bundle endpoint when using the
aws_kmsKeyManager plugin (#2390, #2397) - Fixed a bug that resulted in SPIRE Agent sending unnecessary updates over the Workload API (#2305)
- Fixed a bug in the
k8s_psatNodeAttestor plugin that prevented it from being configured with kubeconfig files (#2421)