v1.1.1 is out 🎉

Author: Víctor Cuadrado Juan



We are happy to announce the first minor release of v1.0: v1.1.1 is now available!

Apart from being a nice looking number, v1.1.1 includes:

  • Improved the policies API for Sigstore verification by adding new backwards-compatible WaPC host callback v2/verify functions to the API. Check them out here to add support for your language of choice.

    This has been used in the verify-image-signatures policy to simplify verification of GitHub Actions signatures and others. Read about it in this blog post.

  • Made policy-server and kwctl resilient to hiccups in the upstream Sigstore’s repository for Fulcio and Rekor by making it optional. With this change, Kubewarden tools will proceed forward instead of aborting, and will inform the user and fail safely by issuing false negatives of signature verifications if needed.

    This overcomes last weeks' metadata update in the upstream Sigstore repository, which sadly was non TUF spec compliant.

    This is also part of the groundwork for making air-gapped installations easier to use.

Try it out! It is just a helm upgrade away, and as usual, we look forward to your feedback :).