1.3.6

[1.3.6] - 2025-05-09

🚀 Features

• Upgrade Cosmian KMS from v4.24.0 to v5.0.0 (#178)

⚙️ Miscellaneous Tasks

• Make GH workflows xxx_image.yml callable individually
• Fix use packer SSH key for EC2 AWS instance (#177)

1.3.5

[1.3.5] - 2025-04-28

🚀 Features

• Upgrade Cosmian AI runner v1.0.0 (#174)
• Upgrade Cosmian KMS v4.24.0 (#174)
• Snapshot integrity verification issue on AI runner:
  • Fetch IMA again when PCRs hash digest does not match the one in TPM quote

🐛 Bug Fixes

• Fix attestation verification on AWS with AMD SEV-SNP via tee-tools (#44)
• AI Runner fixes
  • Only check health endpoint for AI runner
  • Increase timeout for AI runner HTTPS test connection
  • RHEL:
    • Upgrade sqlite3>=3.35.0 for chromadb requirement
    • Make Python 3.12 default
    • Use absolute path for python3.12
• Update tokio and openssl due to RUSTSEC-2025-0023 and RUSTSEC-2025-0022

📚 Documentation

• Add playbook example

🧪 Testing

• Run app wo config

⚙️ Miscellaneous Tasks

• Bump KMS to 4.24
  • Update KMS configuration path du to new KMS packaging

1.3.4

[1.3.4] - 2025-03-20

🐛 Bug Fixes

• Fix failure in systemd unit mount_luks.service when using restart on failure

⚙️ Miscellaneous Tasks

• Bump tee-tools to 1.5.0
• Bump Rust crates of cosmian_vm as up-to-date as possible

1.3.3

[1.3.3] - 2025-01-27

🚀 Features

• Upgrade the Cosmian base image v0.1.11 to upgrade Azure Ubuntu 22.04 to 24.04 (#168)
• Regenerate all images with the new base image v0.1.11 (#168)
• Bump KMS version from 4.21.1 to 4.21.2
• AWS RHEL: Bump version to 9.4 (RHEL-9.4.0_HVM-20241210-x86_64-0-Hourly2-GP3)

🐛 Bug Fixes

• Revert changes on AI runner systemd service file (#168)
• GCP RHEL: Do not upgrade all RHEL packages - just refresh cache (#168)
• For releases, clean Github cache before anything

1.3.2

[1.3.2] - 2025-01-18

🚀 Features

• Bump KMS from 4.19.3 to 4.21.1 (#167)

🐛 Bug Fixes

• List of bug fixes in (#167):
  • About KMS systemd service:
    • service must wait for mount_luks service but using Requires argument
    • Also StandardOutput to syslog+console to display stdout
  • Make 9998 the default local Nginx port for KMS. No extra conf to do anymore on cosmian CLI side
  • Fix CVE of idna crate by upgrading it from 0.5.0 to 1.0.3.

🧪 Testing

• Test in Ansible if KMS service is up:
  • after first boot, first reboot and after a cosmian_vm app init configuration
• Display TPM PCR-7 before and after first reboot

⚙️ Miscellaneous Tasks

• Add dev-container files for VSCode

1.3.1

[1.3.1] - 2024-10-30

🚀 Features

• Add TDX GCP license (#164)
• Bump KMS version to 4.19.3 (#165)

1.3.0

[1.3.0] - 2024-10-18

🚀 Features

• RHEL: Add cosmiand SELinux module on RHEL to protect scripts and configuration through IMA measurements (#151)
  • Bump Base Image to 0.1.10
  • Add SELinux documentation on #96
• RHEL TDX on GCP (#158)
  • Note: Ubuntu and RedHat GCP images upgraded -> using now Cosmian Base Image version 0.1.10 for all images
• Bump KMS version to 4.19.1 (#160)

🧪 CI

• Make products testable individually in Github CI (#159)
• Simplify versions bump (#157)
• Remove symbolic links from libtdx_attest.so (#156)

1.2.9

[1.2.9] - 2024-10-09

🚀 Features

• RHEL:
  • Build AI Runner images also on RHEL (#155)

🧪 CI

• Bump Cosmian Base image to 0.1.9:
  • Azure: RHEL: update 9_3_cvm_sev_snp à 9_4_cvm (#155)
• Make CI non-blocking a tags even if tests fail (#155)
• Display kernel version (#155)
• Bump KMS version to 4.19.0

⚙️ Miscellaneous Tasks

• AI Runner: Change installation folder from /src/ to /opt/ where SELinux label are usr_t

1.2.8

[1.2.8] - 2024-09-30

🧪 CI

• Du to Azure certification process, use the last RedHat kernel on Redhat images (#154)
  • Cosmian VM, KMS and AI runner images are now based on Cosmian Base Image version 0.1.8

⚙️ Miscellaneous Tasks

• Bump libtdx_attest.so from 1.21.100.3 to 1.22.100.3 (#154)

1.2.7

[1.2.7] - 2024-09-12

🐛 Bug Fixes

• Cleanup old RedHat kernels for Azure certification process (#150)

🧪 CI

• Bump KMS version to 4.18.0
• Small fix about tags detection in Bash (#152)