forked from SSLMate/certspotter
-
Notifications
You must be signed in to change notification settings - Fork 0
/
NEWS
102 lines (89 loc) · 3.77 KB
/
NEWS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
v0.14.0 (2022-06-13)
* Switch to Go module versioning conventions.
v0.13 (2022-06-13)
* Reduce minimum Go version to 1.17.
* Update install instructions.
v0.12 (2022-06-07)
* Retry failed log requests. This should make certspotter resilient
to rate limiting by logs.
* Add -version flag.
* Eliminate unnecessary dependency. certspotter now depends only on
golang.org/x packages.
* Switch to Go modules.
v0.11 (2021-08-17)
* Add support for contacting logs via HTTP proxies;
just set the appropriate environment variable as documented at
https://golang.org/pkg/net/http/#ProxyFromEnvironment
* Work around RFC 6962 ambiguity related to consistency proofs
for empty trees.
v0.10 (2020-04-29)
* Improve speed by processing logs in parallel
* Add -start_at_end option to begin monitoring new logs at the end,
which significantly speeds up Cert Spotter, at the cost of missing
certificates that were added to a log before Cert Spotter starts
monitoring it
* (Behavior change) Scan logs in their entirety the first time Cert
Spotter is run, unless -start_at_end specified (behavior change)
* The log list is now retrieved from certspotter.org at startup instead
of being embedded in the source. This will allow Cert Spotter to react
more quickly to the frequent changes in logs.
* (Behavior change) the -logs option now expects a JSON file in the v2
log list format. See <https://www.certificate-transparency.org/known-logs>
and <https://www.gstatic.com/ct/log_list/v2/log_list_schema.json>.
* -logs now accepts an HTTPS URL in addition to a file path.
* (Behavior change) the -underwater option has been removed. If you want
its behavior, specify https://loglist.certspotter.org/underwater.json to
the -logs option.
v0.9 (2018-04-19)
* Add Cloudflare Nimbus logs
* Remove Google Argon 2017 log
* Remove WoSign and StartCom logs due to disqualification by Chromium
and extended downtime
v0.8 (2017-12-08)
* Add Symantec Sirius log
* Add DigiCert 2 log
v0.7 (2017-11-13)
* Add Google Argon logs
* Fix bug that caused crash on 32 bit architectures
v0.6 (2017-10-19)
* Add Comodo Mammoth and Comodo Sabre logs
* Minor bug fixes and improvements
v0.5 (2017-05-18)
* Remove PuChuangSiDa 1 log due to excessive downtime and presumptive
disqualification from Chrome
* Add Venafi Gen2 log
* Improve monitoring robustness under certain pathological behavior
by logs
* Minor documentation improvements
v0.4 (2017-04-03)
* Add PuChuangSiDa 1 log
* Remove Venafi log due to fork and disqualification from Chrome
v0.3 (2017-02-20)
* Revise -all_time flag (behavior change):
- If -all_time is specified, scan the entirety of all logs, even
existing logs
- When a new log is added, scan it in its entirety even if -all_time
is not specified
* Add new logs:
- Google Icarus
- Google Skydiver
- StartCom
- WoSign
* Overhaul log processing and auditing logic:
- STHs are never deleted unless they can be verified
- Multiple unverified STHs can be queued per log, laying groundwork
for STH pollination support
- New state directory layout; current state directories will be
migrated, but migration will be removed in a future version
- Persist condensed Merkle Tree state between runs, instead of
reconstructing it from consistency proof every time
* Use a lock file to prevent multiple instances of Cert Spotter from
running concurrently (which could clobber the state directory).
* Minor bug fixes and improvements
v0.2 (2016-08-25)
* Suppress duplicate identifiers in output.
* Fix "EOF" error when running under Go 1.7.
* Fix bug where hook script could fail silently.
* Fix compilation under Go 1.5.
v0.1 (2016-07-27)
* Initial release.