Skip to content

Release history

cosign releases

Code signing and transparency for containers and binaries

Back to tool Latest release

All releases

5 shown

v3.0.6 Mixed
Security fixes
  • Fix DSSE predicate check (GHSA-w6c6-c85g-mmv6)
Notable features
  • Add support for GCE metadata server env var
  • support managed keys in conformance testing
  • support key creation in GitLab group
View release on GitHub
v3.0.5 Mixed
Security fixes
  • Low-severity advisory for private PKIs (GHSA-wfqv-66vq-46rm)
Notable features
  • Automatically require signed timestamp with Rekor v2 entries
  • Allow --local-image with --new-bundle-format for v2 and v3 signatures
  • Add mTLS support for TSA client connections
View release on GitHub
v3.0.4 Security relevant
Security fixes
  • Fix bundle verify path for old bundle/trusted root (GHSA-whqx-f9j3-ch6m)
Notable features
  • Optimize cosign tree performance by caching digest resolution
  • Don't require a trusted root to verify offline with a key
  • Support default services for trusted-root and signing-config creation
View release on GitHub
v2.6.2 Security relevant
Security fixes
  • Fix bundle verify path for old bundle/trusted root (GHSA-whqx-f9j3-ch6m)
View release on GitHub

Beta — feedback welcome: [email protected]