mirror of
https://github.com/SSLMate/certspotter.git
synced 2025-07-03 10:47:17 +02:00
88 lines
3.3 KiB
Plaintext
88 lines
3.3 KiB
Plaintext
v0.11 (2021-08-17)
|
|
* Add support for contacting logs via HTTP proxies;
|
|
just set the appropriate environment variable as documented at
|
|
https://golang.org/pkg/net/http/#ProxyFromEnvironment
|
|
* Work around RFC 6962 ambiguity related to consistency proofs
|
|
for empty trees.
|
|
|
|
v0.10 (2020-04-29)
|
|
* Improve speed by processing logs in parallel
|
|
* Add -start_at_end option to begin monitoring new logs at the end,
|
|
which significantly speeds up Cert Spotter, at the cost of missing
|
|
certificates that were added to a log before Cert Spotter starts
|
|
monitoring it
|
|
* (Behavior change) Scan logs in their entirety the first time Cert
|
|
Spotter is run, unless -start_at_end specified (behavior change)
|
|
* The log list is now retrieved from certspotter.org at startup instead
|
|
of being embedded in the source. This will allow Cert Spotter to react
|
|
more quickly to the frequent changes in logs.
|
|
* (Behavior change) the -logs option now expects a JSON file in the v2
|
|
log list format. See <https://www.certificate-transparency.org/known-logs>
|
|
and <https://www.gstatic.com/ct/log_list/v2/log_list_schema.json>.
|
|
* -logs now accepts an HTTPS URL in addition to a file path.
|
|
* (Behavior change) the -underwater option has been removed. If you want
|
|
its behavior, specify https://loglist.certspotter.org/underwater.json to
|
|
the -logs option.
|
|
|
|
v0.9 (2018-04-19)
|
|
* Add Cloudflare Nimbus logs
|
|
* Remove Google Argon 2017 log
|
|
* Remove WoSign and StartCom logs due to disqualification by Chromium
|
|
and extended downtime
|
|
|
|
v0.8 (2017-12-08)
|
|
* Add Symantec Sirius log
|
|
* Add DigiCert 2 log
|
|
|
|
v0.7 (2017-11-13)
|
|
* Add Google Argon logs
|
|
* Fix bug that caused crash on 32 bit architectures
|
|
|
|
v0.6 (2017-10-19)
|
|
* Add Comodo Mammoth and Comodo Sabre logs
|
|
* Minor bug fixes and improvements
|
|
|
|
v0.5 (2017-05-18)
|
|
* Remove PuChuangSiDa 1 log due to excessive downtime and presumptive
|
|
disqualification from Chrome
|
|
* Add Venafi Gen2 log
|
|
* Improve monitoring robustness under certain pathological behavior
|
|
by logs
|
|
* Minor documentation improvements
|
|
|
|
v0.4 (2017-04-03)
|
|
* Add PuChuangSiDa 1 log
|
|
* Remove Venafi log due to fork and disqualification from Chrome
|
|
|
|
v0.3 (2017-02-20)
|
|
* Revise -all_time flag (behavior change):
|
|
- If -all_time is specified, scan the entirety of all logs, even
|
|
existing logs
|
|
- When a new log is added, scan it in its entirety even if -all_time
|
|
is not specified
|
|
* Add new logs:
|
|
- Google Icarus
|
|
- Google Skydiver
|
|
- StartCom
|
|
- WoSign
|
|
* Overhaul log processing and auditing logic:
|
|
- STHs are never deleted unless they can be verified
|
|
- Multiple unverified STHs can be queued per log, laying groundwork
|
|
for STH pollination support
|
|
- New state directory layout; current state directories will be
|
|
migrated, but migration will be removed in a future version
|
|
- Persist condensed Merkle Tree state between runs, instead of
|
|
reconstructing it from consistency proof every time
|
|
* Use a lock file to prevent multiple instances of Cert Spotter from
|
|
running concurrently (which could clobber the state directory).
|
|
* Minor bug fixes and improvements
|
|
|
|
v0.2 (2016-08-25)
|
|
* Suppress duplicate identifiers in output.
|
|
* Fix "EOF" error when running under Go 1.7.
|
|
* Fix bug where hook script could fail silently.
|
|
* Fix compilation under Go 1.5.
|
|
|
|
v0.1 (2016-07-27)
|
|
* Initial release.
|