From 0d10cecea56d936b4a3d8e7a660d7466092330a0 Mon Sep 17 00:00:00 2001 From: Max Lambrecht Date: Tue, 24 Feb 2026 08:31:15 -0600 Subject: [PATCH 1/3] chore(release): prepare release 0.8.16 Signed-off-by: Max Lambrecht --- CHANGELOG.md | 19 +++++++++++++++++++ gradle.properties | 2 +- 2 files changed, 20 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 6fc81b33..144d9af6 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,5 +1,24 @@ # Changelog +## [0.8.16] - 2026-02-24 + +### Fixed + +* Require `spiffe://` prefix when parsing SPIFFE IDs, tightening scheme validation (#398) +* Ensure atomic snapshot of X.509 SVID and bundles in `DefaultX509Source`, preventing torn reads under concurrency (#397) +* Reject null bundles and empty cached SVID lists in core parsing/cache paths (#399) +* Validate presence of JWT audience claim during parsing (#399) + +### Dependency updates + +* Bump grpcVersion from 1.77.0 to 1.79.0 (#392, #402) +* Bump com.nimbusds:nimbus-jose-jwt from 10.6 to 10.7 (#395) +* Bump gradle-wrapper from 9.2.1 to 9.3.1 (#400, #401) + +### Build + +* Simplify Dependabot config and group coupled Gradle dependencies (#403) + ## [0.8.15] - 2025-12-23 ### Fixed diff --git a/gradle.properties b/gradle.properties index 383022d0..ec643c0b 100644 --- a/gradle.properties +++ b/gradle.properties @@ -1 +1 @@ -version=0.8.15 +version=0.8.16 From b70e498e6dd001aaeb23010d995c7b168be5bf25 Mon Sep 17 00:00:00 2001 From: Max Lambrecht Date: Wed, 25 Feb 2026 08:53:06 -0600 Subject: [PATCH 2/3] Amend relase date and versions in README Signed-off-by: Max Lambrecht --- CHANGELOG.md | 2 +- README.md | 20 ++++++++++---------- java-spiffe-helper/README.md | 4 ++-- 3 files changed, 13 insertions(+), 13 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 144d9af6..b5b8a398 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -1,6 +1,6 @@ # Changelog -## [0.8.16] - 2026-02-24 +## [0.8.16] - 2026-02-25 ### Fixed diff --git a/README.md b/README.md index 6af8e919..b2466927 100644 --- a/README.md +++ b/README.md @@ -26,7 +26,7 @@ X.509 and JWT SVIDs and bundles. Download -------- -The JARs can be downloaded from [Maven Central](https://search.maven.org/search?q=g:io.spiffe%20AND%20v:0.8.15). +The JARs can be downloaded from [Maven Central](https://search.maven.org/search?q=g:io.spiffe%20AND%20v:0.8.16). The dependencies can be added to `pom.xml` @@ -35,7 +35,7 @@ To import the `java-spiffe-provider` component: io.spiffe java-spiffe-provider - 0.8.15 + 0.8.16 ``` The `java-spiffe-provider` component imports the `java-spiffe-core` component. @@ -45,7 +45,7 @@ To just import the `java-spiffe-core` component: io.spiffe java-spiffe-core - 0.8.15 + 0.8.16 ``` @@ -53,12 +53,12 @@ Using Gradle: Import `java-spiffe-provider`: ```gradle -implementation group: 'io.spiffe', name: 'java-spiffe-provider', version: '0.8.15' +implementation group: 'io.spiffe', name: 'java-spiffe-provider', version: '0.8.16' ``` Import `java-spiffe-core`: ```gradle -implementation group: 'io.spiffe', name: 'java-spiffe-core', version: '0.8.15' +implementation group: 'io.spiffe', name: 'java-spiffe-core', version: '0.8.16' ``` ### MacOS Support @@ -72,14 +72,14 @@ In case run on a osx-x86 architecture, add to your `pom.xml`: io.spiffe grpc-netty-macos - 0.8.15 + 0.8.16 runtime ``` Using Gradle: ```gradle -runtimeOnly group: 'io.spiffe', name: 'grpc-netty-macos', version: '0.8.15' +runtimeOnly group: 'io.spiffe', name: 'grpc-netty-macos', version: '0.8.16' ``` #### Aarch64 (M1) Architecture @@ -91,7 +91,7 @@ If you are running the aarch64 architecture (M1 CPUs), add to your `pom.xml`: io.spiffe grpc-netty-macos-aarch64 - 0.8.15 + 0.8.16 runtime ``` @@ -99,7 +99,7 @@ If you are running the aarch64 architecture (M1 CPUs), add to your `pom.xml`: Using Gradle: ```gradle -runtimeOnly group: 'io.spiffe', name: 'grpc-netty-macos-aarch64', version: '0.8.15' +runtimeOnly group: 'io.spiffe', name: 'grpc-netty-macos-aarch64', version: '0.8.16' ``` *Caveat: not all OpenJDK distributions are aarch64 native, make sure your JDK is also running @@ -112,7 +112,7 @@ The `java-spiffe-helper` module manages X.509 SVIDs and Bundles in Java Keystore ### Docker Image -Pull the `java-spiffe-helper` image from `ghcr.io/spiffe/java-spiffe-helper:0.8.15`. +Pull the `java-spiffe-helper` image from `ghcr.io/spiffe/java-spiffe-helper:0.8.16`. For more details, see [java-spiffe-helper/README.md](java-spiffe-helper/README.md). diff --git a/java-spiffe-helper/README.md b/java-spiffe-helper/README.md index e5e9dfd1..3aae96f9 100644 --- a/java-spiffe-helper/README.md +++ b/java-spiffe-helper/README.md @@ -10,11 +10,11 @@ The Helper automatically gets the SVID updates and stores them in the KeyStore a On Linux: -`java -jar java-spiffe-helper-0.8.15-linux-x86_64.jar` +`java -jar java-spiffe-helper-0.8.16-linux-x86_64.jar` On Mac OS: -`java -jar java-spiffe-helper-0.8.15-osx-x86_64.jar` +`java -jar java-spiffe-helper-0.8.16-osx-x86_64.jar` You can run the utility with the `-c` or `--config` option to specify the path to the configuration file. By default, it will look for a configuration file named `conf/java-spiffe-helper.properties` in the current working directory. From e09de0b265d946938e0363830ccae6f3083bf01f Mon Sep 17 00:00:00 2001 From: Max Lambrecht Date: Wed, 25 Feb 2026 08:58:21 -0600 Subject: [PATCH 3/3] Update changelog entry Signed-off-by: Max Lambrecht --- CHANGELOG.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index b5b8a398..e4056585 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,7 +12,7 @@ ### Dependency updates * Bump grpcVersion from 1.77.0 to 1.79.0 (#392, #402) -* Bump com.nimbusds:nimbus-jose-jwt from 10.6 to 10.7 (#395) +* Bump com.nimbusds:nimbus-jose-jwt from 10.6 to 10.8 (#395, #409) * Bump gradle-wrapper from 9.2.1 to 9.3.1 (#400, #401) ### Build