Added
- Enabled policy-based access control.
- The root key that SPIKE Nexus generates is now split into several Shamir
shards and distribute to SPIKE Keepers. - New additions and improvements to SPIKE Go SDK.
- Various minor bugfixes.
- Code cleanup.
- Implemented several recovery scenarios.
- SPIKE now has static analysis, CI integration, linting, and automated tests.
- Documentation updates. Documentation is still lagging behind, but we are
updating and improving it along the way. - Created a makefile to group related scripts into make targets.
- Made the start script more robust.
- Ensured that the policies and the demo app work as expected.
- Implemented a Secret Metadata API.
- Implemented exponential retries across several API-consuming methods.
Changed
- BREAKING: changed the CLI usage. Instead of
spike get, for example, we
now usespike secret get. The reason for this change is that we introduced
apolicycommand (i.e.spike policy get).
Security
- Fixed
CVE-2024-45337: Misuse of ServerConfig.PublicKeyCallback may cause
authorization bypass in golang.org/x/crypto - Fixed
CVE-2024-45338: Non-linear parsing of case-insensitive content in
golang.org/x/net/htm
Below are the generated release notes of every commit since the last release cut:
What's Changed
- Introuducing policies by @v0lkan in #50
- ability to enforce policies by @v0lkan in #52
- demo app to show policies by @v0lkan in #53
- working demo by @v0lkan in #54
- Feat/17-retry mechanism by @gurkanguray in #49
- Using the new SPIKE Go SDK by @v0lkan in #55
- Fix build errors in
mainby @v0lkan in #56 - Fix SPIFFE link by @sadikkuzu in #57
- Spike 46 by @sahinakyol in #51
- update sdk usage by @v0lkan in #58
- add makefiles and minor refactoring by @v0lkan in #59
- Add input parameter sanitization by @v0lkan in #60
- Implemented some pending internal TODO items by @v0lkan in #61
- Implement Backing Store Caching for Policies by @v0lkan in #62
- Shamir Secrets Sharing for the Root Key by @v0lkan in #63
- Added a production setup guide by @v0lkan in #75
- Add basic lint, build and unit-test CI by @strideynet in #73
- feat: add test for list, put and undelete under pkg/store by @yasinterol in #66
- Adding unit tests for internal/auth and app/keeper/env packages by @abhishek44sharma in #65
- Add GolangCI Lint by @strideynet in #77
- WIP: Invert Keeper Flow by @v0lkan in #78
- Nexus Recovery by @v0lkan in #82
- Bump golang.org/x/crypto from 0.26.0 to 0.31.0 by @dependabot in #84
- Bump golang.org/x/net from 0.28.0 to 0.33.0 by @dependabot in #85
- Mostly code cleanup by @v0lkan in #86
- using new sdk by @v0lkan in #87
- v0.2.1 by @v0lkan in #88
New Contributors
- @gurkanguray made their first contribution in #49
- @sadikkuzu made their first contribution in #57
- @strideynet made their first contribution in #73
- @yasinterol made their first contribution in #66
- @abhishek44sharma made their first contribution in #65
Full Changelog: v0.2.0...v0.2.1
Contributors
v0lkan, sahinakyol, and 6 other contributors