Fixed

• Fixed issue where a trust root with multiple rekor keys was not considered valid: Now any rekor key listed in the trust root is considered good to verify entries #1350

Changed

• Upgraded python-tuf dependency to 6.0: Connections to TUF repository now use system certificates (instead of certifi) and have automatic retries
• Updated the embedded TUF root to version 12

Full Changelog: v3.6.1...v3.6.2

Fixed

• Relaxed the transitive dependency on cryptography to allow v43 and v44
  to be resolved
  (#1251)

Added

• API: The DSSE Envelope class now performs automatic validation
  (#1211)

• API: Added signature property to Envelope class for accessing raw
  signature bytes (#1211)

• Signed timestamps embedded in bundles are now automatically verified
  against Timestamp Authorities provided within the Trusted Root ([#1206]
  (#1206))

• Bundles are now generated with signed timestamps when signing if the
  Trusted Root contains one or more Timestamp Authorities
  (#1216)

Removed

• Support for "detached" SCTs has been fully removed, aligning
  sigstore-python with other sigstore clients
  (#1236)

Fixed

• Fixed a CLI parsing bug introduced in 3.5.1 where a warning about
  verifying legacy bundles was never shown
  (#1198)

• Strengthened the requirement that an inclusion promise is present
  if no other source of signed time is present
  (#1247)

Fixed

• Corrective release for [3.5.2]

Fixed

• Pinned cryptography dependency strictly to prevent future breakage

Fixed

• Fixed a CLI parsing bug introduced in 3.5.0 when attempting
  to suppress irrelevant warnings
  (#1192)

Added

• CLI: The sigstore plumbing update-trust-root command has been added.
  Like other plumbing-level commands, this is considered unstable and
  changes are not subject to our semver policy until explicitly noted
  (#1174)

Fixed

• CLI: Fixed an incorrect warning when verifying detached .crt/.sig
  inputs (#1179)

Changed

• CLI: When verifying, the --offline flag now fully disables all online
  operations, including routine local TUF repository refreshes
  (#1143)

• sigstore-python's minimum supported Python version is now 3.9

Fixed

• CLI: The sigstore verify subcommands now always check for a matching
  input file, rather than unconditionally falling back to matching on a
  valid sha256:... digest pattern
  (#1152)

Added

• CLI: The sigstore verify command now outputs the inner in-toto statement
  when verifying DSSE envelopes. If verification is successful, the output
  will be the inner in-toto statement. This allows the user to see the
  statement's predicate, which sigstore-python does not verify and should be
  verified by the user.

• CLI: The sigstore attest subcommand has been added. This command is
  similar to cosign attest in that it signs over an artifact and a
  predicate using a DSSE envelope. This commands requires the user to pass
  a path to the file containing the predicate, and the predicate type.
  Currently only the SLSA Provenance v0.2 and v1.0 types are supported.

• CLI: The sigstore verify command now supports verifying digests. This means
  that the user can now pass a digest like sha256:aaaa.... instead of the
  path to an artifact, and sigstore-python will verify it as if it was the
  artifact with that digest.

Added

• API: models.Bundle.BundleType is now a public API
  (#1089)

• CLI: The sigstore plumbing subcommand hierarchy has been added. This
  hierarchy is for developer-only interactions, such as fixing malformed
  Sigstore bundles. These subcommands are not considered stable until
  explicitly documented as such.
  (#1089)

Changed

• CLI: The default console logger now emits to stderr, rather than stdout
  (#1089)