diff --git a/README.md b/README.md index 175507c72..570d92ef5 100644 --- a/README.md +++ b/README.md @@ -120,7 +120,7 @@ You have two options to install the verifier. #### Option 1: Install via go ``` -$ go install github.com/slsa-framework/slsa-verifier/cli/slsa-verifier@v1.3.2 +$ go install github.com/slsa-framework/slsa-verifier/v2/cli/slsa-verifier@v2.0.1 $ slsa-verifier ``` @@ -128,13 +128,13 @@ $ slsa-verifier ``` $ git clone git@github.com:slsa-framework/slsa-verifier.git -$ cd slsa-verifier && git checkout v2.0.0 +$ cd slsa-verifier && git checkout v2.0.1 $ go run ./cli/slsa-verifier ``` ### Download the binary -Download the binary from the latest release at [https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.0.0](https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.0.0) +Download the binary from the latest release at [https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.0.1](https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.0.1) Download the [SHA256SUM.md](https://github.com/slsa-framework/slsa-verifier/blob/main/SHA256SUM.md). @@ -268,6 +268,20 @@ FAILED: SLSA verification failed: could not find a matching valid signature entr This issue is tracked by [issue #325](https://github.com/slsa-framework/slsa-verifier/issues/325). You _must_ update to the newest patch versions of each minor release to fix this issue. +### panic: assignment to entry in nil map + +This will occur only when verifying provenance against workflow inputs. + +**Affected versions:** v2.0.0 + +`slsa-verifier` will fail with the following error: + +``` +panic: assignment to entry in nil map +``` + +This is fixed by [PR #379](https://github.com/slsa-framework/slsa-verifier/pull/379). You _must_ update to the newest patch versions of each minor release to fix this issue. + ## Technical design ### Blog post diff --git a/SHA256SUM.md b/SHA256SUM.md index a20881383..4d37ead17 100644 --- a/SHA256SUM.md +++ b/SHA256SUM.md @@ -1,3 +1,6 @@ +### [v2.0.1](https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.0.1) +ad4b408c43504d439827998c27ab4be1c44ff467ccb39b78da01568f8542b10e slsa-verifier-linux-amd64 + ### [v2.0.0](https://github.com/slsa-framework/slsa-verifier/releases/tag/v2.0.0) 8d2e93a9ea0126d5daec22f2778b42fea79192605d16955f0c91847c3a6a8921 slsa-verifier-linux-amd64