Spire - v1.9.0


Added

  • uniqueid CredentialComposer plugin that adds the x509UniqueIdentifier attribute to workload X509-SVIDs (#4862)
  • Agent's Admin API has now a default location defined (#4856)
  • Partial selectors from workload attestation are now logged when attestation is interrupted (#4846)
  • X509-SVIDs minted by SPIRE can now include wildcards in the DNS names (#4814)

Changed

  • CA journal data is now stored in the datastore, removing the on-disk dependency of the server (#4690)
  • aws_kms, azure_key_vault, and gcp_kms KeyManager plugins no longer require storing metadata files on disk (#4700)
  • Bundle endpoint refresh hint now defaults to 5 minutes (#4847, #4888)
  • Graceful shutdown is now blocked while built-in plugin RPCs drain (#4820)
  • Entry cache hydration is now done with paginated requests to the datastore (#4721, #4826)
  • Agents renew SVIDs through re-attestation by default when using a supporting Node Attestor (#4791)
  • The SPIRE Agent LRU SVID cache is no longer experimental and is enabled by default (#4773)
  • Small documentation improvements (#4764, #4787)
  • Read-replicas are no longer used when hydrating the experimental events-based entry cache (#4868)
  • Workload gRPC connections are now terminated when the peertracker liveness check fails instead of just failing the RPC calls (#4611)

Fixed

  • Missing creation of events in the experimental events-based cache entry when an entry was pruned (#4860)
  • Bug in SPIRE Agent LRU SVID cache that caused health checks to fail (#4852)
  • Refreshing of selectors of attested agents when using the experimental events-based entry cache (#4803)

Deprecated

  • k8s_sat NodeAttestor plugin (#4841)

Removed

  • X509-SVIDs issued by the server no longer have the x509UniqueIdentifier attribute as part of the subject (#4862)

Details

date
Feb. 22, 2024, 10:40 p.m.
name
v1.9.0
type
Minor
👇
Register or login to:
  • 🔍View and search all Spire releases.
  • 🛠️Create and share lists to track your tools.
  • 🚨Setup notifications for major, security, feature or patch updates.
  • 🚀Much more coming soon!
Continue with GitHub
Continue with Google
or