v2.6.0

Changed

• Minimum Go version is now go1.24.0, following our support policy.
• Other dependency updates.

v2.5.0

Added

• workloadapi.TargetFromAddress function to parse out a gRPC target from a SPIFFE_ENDPOINT_SOCKET compatible address (#321)

Changed

• Minimum Go version is now go1.22.11, matching our downstream dependencies (#325)

v2.4.0

Added

• Support for using a custom backoff strategy in the Workload API client (#302)
• Support for a default JWT-SVID picker (#301)

v2.3.0

Changed

• Empty bundles are now supported, in alignment with the SPIFFE specification (#288)

v2.2.0

Changed

• Upgraded to go-jose v4 which has a stronger security posture than v3. Go-spiffe was not impacted by the security weaknesses of v3 due to stringing algorithm checking that is now handled by go-jose v4 (#276)

Fixed

• Makefile invocation for Apple Silicon-based Macs (#275)

Added

• Support Ed25519 keys for Workload SVIDs (#248)

v2.1.7

Fixed

• Panic if the Workload API returned a malformed JWT-SVID (#233)
• Race that causes WaitForUpdate to return immediately after watcher is initialized even if there is no update (#260)

v2.1.6

Added

• Name convenience method to the spiffeid.TrustDomain type (#228)

v2.1.5

Added

• PeerIDFromConnectionState method for extracting the peer ID from TLS connection state (#225)

Changed

• The tlsconfig to enforce a minimum TLS version of TLS1.2 (#226)

Fixed

• Panic when failing to parse raw SVID response returned from the Workload API (#223)

v2.1.4

Added

• Support for the SVID hints obtained from the Workload API (#220)

v2.1.3

Changed

• JoinPathSegments properly disallows dot segments (#221)

Added

• ValidatePathSegment function for validating an individual path segment (#221)