Skip to content

v1.7.1

Latest
Latest
Compare
Choose a tag to compare
@sigstore-bot sigstore-bot released this 24 Apr 14:55
· 54 commits to main since this release
v1.7.1
This tag was signed with the committer’s verified signature.
haydentherapper Hayden B
SSH Key Fingerprint: 6/0oHTP4fxv/vPNr+1uBw4QqCd+1xm9QTOEUXtpKGvs
Verified
Learn about vigilant mode.
f7a3a87
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

v1.7.1 contains a bug fix for extensions for CI providers where the OIDC claims
include HTML escape characters. If a client attempted to verify an extension value,
verification would fail unless an HTML-escaped string was used in the comparison.
Extension values will no longer be escaped.

Bug Fixes:

  • Do not HTML-escape extension values (#2023)
Assets 31
Loading