Skip to content

Releases: paragonie/certainty

Version 2.9.0

08 May 16:09
@paragonie-security paragonie-security
v2.9.0
This tag was signed with the committer’s verified signature.
paragonie-security P.I.E. Security Team
GPG key ID: 6B97A1C2826404DA
Learn about vigilant mode.
852c1a7
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.9.0 Latest
Latest

The primary signing key was rotated!

The device that contained the signing key has been destroyed, so we have promoted our backup key to the primary one and generated a new backup keypair.

Assets 2

Version 2.8.3

19 Apr 23:48
@paragonie-security paragonie-security
v2.8.3
This tag was signed with the committer’s verified signature.
paragonie-security P.I.E. Security Team
GPG key ID: 6B97A1C2826404DA
Learn about vigilant mode.
d78508c
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.8.3

What's Changed

  • Fix CI
  • Prune old files

Full Changelog: v2.8.2...v2.8.3

Assets 2

Version 2.8.2

04 Oct 08:36
@paragonie-security paragonie-security
v2.8.2
This tag was signed with the committer’s verified signature.
paragonie-security P.I.E. Security Team
GPG key ID: 6B97A1C2826404DA
Learn about vigilant mode.
5a9c240
Compare
Choose a tag to compare
Version 2.8.2
  • No code changes, just includes the latest CACert bundles, including the bundle after LetsEncrypt's intermediate certificate expired.
  • Although Certainty will, by design, try to keep the bundles up-to-date, if you're in a Composer-based deployment situation where the Certainty update process isn't being used, pulling the latest version in a staging environment will tell you if the LetsEncrypt intermediate expiration breaks your app.
    • If necessary, rollback to 2.8.1 in your composer.json file until you've resolved the network issue.
Assets 2

Version 2.8.1

25 May 18:31
@paragonie-security paragonie-security
v2.8.1
This tag was signed with the committer’s verified signature.
paragonie-security P.I.E. Security Team
GPG key ID: 6B97A1C2826404DA
Learn about vigilant mode.
e2a1da5
Compare
Choose a tag to compare
Version 2.8.1
  • Block vulnerable versions of Composer.
Assets 2

Version 2.8.0

15 Oct 08:11
@paragonie-security paragonie-security
v2.8.0
This tag was signed with the committer’s verified signature.
paragonie-security P.I.E. Security Team
GPG key ID: 6B97A1C2826404DA
Learn about vigilant mode.
94fc99f
Compare
Choose a tag to compare
Version 2.8.0
Assets 2

Version 2.7.0

27 Jun 01:05
@paragonie-security paragonie-security
v2.7.0
This tag was signed with the committer’s verified signature.
paragonie-security P.I.E. Security Team
GPG key ID: 6B97A1C2826404DA
Learn about vigilant mode.
9f2a6c3
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.7.0
  • Fix compatibility with PHP 7.4
  • Updated Psalm in require-dev from ^1|^2 to ^1|^3.
Assets 2

Version 2.6.1

02 Jan 00:56
@paragonie-security paragonie-security
v2.6.1
This tag was signed with the committer’s verified signature.
paragonie-security P.I.E. Security Team
GPG key ID: 6B97A1C2826404DA
Learn about vigilant mode.
b0068bc
Compare
Choose a tag to compare
Version 2.6.1
  • Expand unit testing coverage to PHP 7.4
  • Updated composer.json to allow installing on PHP 8
Assets 2

Version 2.6.0

29 Sep 08:06
@paragonie-scott paragonie-scott
v2.6.0
This tag was signed with the committer’s verified signature.
paragonie-security P.I.E. Security Team
GPG key ID: 6B97A1C2826404DA
Learn about vigilant mode.
e323b06
Compare
Choose a tag to compare
Version 2.6.0

We had to reinstall the server. Bgcc1QfkP0UNgMZuHzi0hC1hA1SoVAyUrskmSkzRw3E= is the public key of the new default Chronicle server.

Assets 2

Version 2.5.0

27 Sep 22:30
@paragonie-scott paragonie-scott
v2.5.0
This tag was signed with the committer’s verified signature.
paragonie-security P.I.E. Security Team
GPG key ID: 6B97A1C2826404DA
Learn about vigilant mode.
cc39b91
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.
Compare
Choose a tag to compare
Version 2.5.0

Previously, the default behavior of RemoteFetch was to check a Chronicle instance (i.e. the one at php-chronicle.pie-hosted.com), regardless of whether or not the bundle was already fetched and verified.

This was wasteful, and led to an accidental stress test of the Chronicle instance for the PHP community.

Now, the default behavior of RemoteFetch is to only query Chronicle instances on freshly-downloaded bundles, rather than every time getLatestBundle() is invoked.

We've already done a lot of work to ensure our server is stable even under the tremendous load we were seeing previously, but we do ask everyone to update to the latest version to improve the performance of your code that uses Certainty.

Assets 2

Version 2.4.0

27 Sep 09:19
@paragonie-scott paragonie-scott
v2.4.0
This tag was signed with the committer’s verified signature.
paragonie-security P.I.E. Security Team
GPG key ID: 6B97A1C2826404DA
Learn about vigilant mode.
67c01d4
Compare
Choose a tag to compare
Version 2.4.0
  • You can now specify an HTTP connection timeout for Chronicle queries and Github fetches.
Assets 2