Skip to content

Releases: theupdateframework/python-tuf

v7.0.0

Choose a tag to compare

@github-actions github-actions released this 18 May 08:24
353bdb7

This is a major release only because of a minor ngclient API tweak: there
are no large functional changes.

Fixed

Changed

  • ngclient: Updater() now requires the named bootstrap argument to make it
    clearer that providing one is strongly recommended: previous default
    functionality can be reproduced with bootstrap=None (#2903)
  • Prepare for removal of securesystemslib.hash (#2815)

v6.0.0

Choose a tag to compare

@github-actions github-actions released this 11 Mar 10:41
bb6d459

This release is not strictly speaking an API break from 5.1 but it does contain some
major internal changes that users should be aware of when upgrading.

Changed

  • ngclient: urllib3 is used as the HTTP library by default instead of requests (#2762,
    #2773, #2789)
    • This removes dependencies on requests, idna, charset-normalizer and certifi
    • The deprecated RequestsFetcher implementation is available but requires selecting
      the fetcher at Updater initialization and explicitly depending on requests
  • ngclient: TLS certificate source was changed. Certificates now come from operating
    system certificate store instead of certifi (#2762)
  • ngclient: The updater can now initialize from embedded initial root metadata every
    time. Users are recommended to provide the bootstrap argument to Updater (#2767)
  • Test infrastructure has improved and should now be more usable externally, e.g. in
    distro test suites (#2749)

v5.1.0

Choose a tag to compare

@github-actions github-actions released this 07 Oct 13:17
dd4caf4

Changed

  • ngclient: default user-agent was updated from "tuf/x.y.z" to "python-tuf/x.y.z" (#2632)
  • ngclient: max_root_rotations default value was bumped to 256 to prevent a too small value
    from creating issues in actual deployments were the embedded root is not easily
    updateable (#2675)
  • repository: do_snapshot() and do_timestamp() now always create new versions if current version
    is not correctly signed (#2650)
  • Various infrastructure and documentation improvements

v5.0.0

Choose a tag to compare

@github-actions github-actions released this 14 May 08:46
1b0c9f7

This release, most notably, marks stable securesystemslib v1.0.0 as minimum
requirement. The update causes a minor break in the new DSSE API (see below)
and affects users who also directly depend on securesystemslib. See the securesystemslib release
notes

and the updated python-tuf examples (#2617) for details. ngclient API remains
backwards-compatible.

Changed

  • DSSE API: change SimpleEnvelope.signatures type to dict, remove
    SimpleEnvelope.signatures_dict (#2617)
  • ngclient: support app-specific user-agents (#2612)
  • Various build, test and lint improvements

v4.0.0

Choose a tag to compare

@github-actions github-actions released this 04 Apr 08:31
2d6fc74

This release is a small API change for Metadata API users (see below).
ngclient API is compatible but optional DSSE support has been added.

Added

  • Added optional DSSE support to Metadata API and ngclient (#2436)

Changed

  • Metadata API: Improved verification functionality for repository users (#2551):
    • This is an API change for Metadata API users (
      Root.get_verification_result() and Targets.get_verification_result()
      specifically)
    • Root.get_root_verification_result() has been added to handle the special
      case of root verification
  • Started using UTC datetimes instead of naive datetimes internally (#2573)
  • Constrain securesystemslib dependency to <0.32.0 in preparation for future
    securesystemslib API changes
  • Various build, test and lint improvements

v3.1.1

Choose a tag to compare

@github-actions github-actions released this 16 Feb 09:37
e8410e1

This is a security fix release to address advisory GHSA-77hh-43cm-v8j6. The issue does not affect tuf.ngclient users, but could affect tuf.api.metadata users.

Changed

  • Added additional input validation to tuf.api.metadata.Targets.get_delegated_role()

v3.1.0

Choose a tag to compare

@github-actions github-actions released this 16 Oct 07:22
f04dc71

See CHANGELOG.md for details.

v3.0.0

Choose a tag to compare

@github-actions github-actions released this 09 May 12:38
eff8422

See CHANGELOG.md for details.

v2.1.0

Choose a tag to compare

@github-actions github-actions released this 30 Jan 09:43
daa41a9

See CHANGELOG.md for details.

v2.0.0

Choose a tag to compare

@github-actions github-actions released this 16 Aug 07:57
7ada2af

See CHANGELOG.md for details.