v3.6.1

Fixed

• Relaxed the transitive dependency on cryptography to allow v43 and v44
  to be resolved
  (#1251)

v3.6.0

Added

• API: The DSSE Envelope class now performs automatic validation
  (#1211)

• API: Added signature property to Envelope class for accessing raw
  signature bytes (#1211)

• Signed timestamps embedded in bundles are now automatically verified
  against Timestamp Authorities provided within the Trusted Root ([#1206]
  (#1206))

• Bundles are now generated with signed timestamps when signing if the
  Trusted Root contains one or more Timestamp Authorities
  (#1216)

Removed

• Support for "detached" SCTs has been fully removed, aligning
  sigstore-python with other sigstore clients
  (#1236)

Fixed

• Fixed a CLI parsing bug introduced in 3.5.1 where a warning about
  verifying legacy bundles was never shown
  (#1198)

• Strengthened the requirement that an inclusion promise is present
  if no other source of signed time is present
  (#1247)

v3.5.3

Fixed

• Corrective release for [3.5.2]

v3.5.2

Fixed

• Pinned cryptography dependency strictly to prevent future breakage

v3.5.1

Fixed

• Fixed a CLI parsing bug introduced in 3.5.0 when attempting
  to suppress irrelevant warnings
  (#1192)

v3.5.0

Added

• CLI: The sigstore plumbing update-trust-root command has been added.
  Like other plumbing-level commands, this is considered unstable and
  changes are not subject to our semver policy until explicitly noted
  (#1174)

Fixed

• CLI: Fixed an incorrect warning when verifying detached .crt/.sig
  inputs (#1179)

v3.4.0

Changed

• CLI: When verifying, the --offline flag now fully disables all online
  operations, including routine local TUF repository refreshes
  (#1143)

• sigstore-python's minimum supported Python version is now 3.9

Fixed

• CLI: The sigstore verify subcommands now always check for a matching
  input file, rather than unconditionally falling back to matching on a
  valid sha256:... digest pattern
  (#1152)

v3.3.0

Added

• CLI: The sigstore verify command now outputs the inner in-toto statement
  when verifying DSSE envelopes. If verification is successful, the output
  will be the inner in-toto statement. This allows the user to see the
  statement's predicate, which sigstore-python does not verify and should be
  verified by the user.

• CLI: The sigstore attest subcommand has been added. This command is
  similar to cosign attest in that it signs over an artifact and a
  predicate using a DSSE envelope. This commands requires the user to pass
  a path to the file containing the predicate, and the predicate type.
  Currently only the SLSA Provenance v0.2 and v1.0 types are supported.

• CLI: The sigstore verify command now supports verifying digests. This means
  that the user can now pass a digest like sha256:aaaa.... instead of the
  path to an artifact, and sigstore-python will verify it as if it was the
  artifact with that digest.

v3.2.0

Added

• API: models.Bundle.BundleType is now a public API
  (#1089)

• CLI: The sigstore plumbing subcommand hierarchy has been added. This
  hierarchy is for developer-only interactions, such as fixing malformed
  Sigstore bundles. These subcommands are not considered stable until
  explicitly documented as such.
  (#1089)

Changed

• CLI: The default console logger now emits to stderr, rather than stdout
  (#1089)

v3.1.0

Added

• API: dsse.StatementBuilder has been added. It can be used to construct an
  in-toto Statement for subsequent enveloping and signing.
  This API is public but is not considered stable until the next major
  release.
  (#1077)

• API: dsse.Digest, dsse.DigestSet, and dsse.Subject have been added.
  These types can be used with the StatementBuilder API as part of in-toto
  Statement construction.
  These API are public but are not considered stable until the next major
  release.
  (#1078)

Changed

• API: verify_dsse now rejects bundles with DSSE envelopes that have more than
  one signature, rather than checking all signatures against the same key
  (#1062)