Add CHANGELOG.md entry for 1.5.0

Signed-off-by: Ryan Turner <turner@uber.com>

.github/workflows/pr_build.yaml

@@ -3,7 +3,7 @@ on:
   pull_request: {}
   workflow_dispatch: {}
 env:
-  GO_VERSION: 1.19.2
+  GO_VERSION: 1.19.3
 permissions:
   contents: read
 

.github/workflows/release_build.yaml

@@ -4,7 +4,7 @@ on:
     tags:
       - 'v[0-9].[0-9]+.[0-9]+'
 env:
-  GO_VERSION: 1.19.2
+  GO_VERSION: 1.19.3
 jobs:
   cache-deps:
     name: cache-deps (linux)

.go-version

@@ -1 +1 @@
-1.19.2
+1.19.3

CHANGELOG.md

@@ -1,5 +1,45 @@
 # Changelog
 
+## [1.5.0] - 2022-11-02
+
+### Added
+- X.509-SVID and JWT-SVID TTLs can now be configured separately at both the entry-level and Server default level (#3445)
+- Entry protobuf type in `/v1/entry` API includes new `jwt_svid_ttl` field (#3445)
+- `k8s-workload-registrar` and `oidc-discovery-provider` CLIs now print their version when the `-version` flag is set (#3475)
+- Support for customizing SPIFFE ID paths of SPIRE Agents attested with the `azure_msi` NodeAttestor plugin (#3488)
+
+###  Changed
+- Entry `ttl` protobuf field in `/v1/entry` API is renamed to `x509_ttl` (#3445)
+- External plugins can no longer be named `join_token` to avoid conflicts with the builtin plugin (#3469)
+- `spire-server run` command now supports DNS names for the configured bind address (#3421)
+- Documentation improvements (#3468, #3472, #3473, #3474, #3515)
+
+### Deprecated
+- `k8s-workload-registrar` is deprecated in favor of [SPIRE Controller Manager](https://github.com/spiffe/spire-controller-manager) (#3526)
+- Server `default_svid_ttl` configuration field is deprecated in favor of `default_x509_svid_ttl` and `default_jwt_svid_ttl` fields (#3445)
+- `-ttl` flag in `spire-server entry create` and `spire-server entry update` commands is deprecated in favor of `-x509SVIDTTL` and `-jwtSVIDTTL` flags (#3445)
+- `-format` flag in `spire-agent fetch jwt` CLI command is deprecated in favor of `-output` flag (#3528)
+- `InMem` telemetry collector is deprecated and no longer enabled by default (#3492)
+
+### Removed
+- NodeResolver plugin type and `azure_msi` builtin NodeResolver plugin (#3470)
+
+## [1.4.5] - 2022-11-01
+
+### Security
+- Updated to Go 1.19.3 to address CVE-2022-41716. This vulnerability only affects users configuring external Server or Agent plugins on Windows.
+
+## [1.4.4] - 2022-10-05
+
+### Added
+- Experimental support for limiting the number of SVIDs in the agent's cache (#3181)
+- Support for attesting Envoy proxy workloads when Istio is configured with holdApplicationUntilProxyStarts (#3460)
+
+### Changed
+- Improved bundle endpoint misconfiguration diagnostics (#3395)
+- OIDC Discovery Provider endpoint now has a timeout to read request headers (#3435)
+- Small documentation improvements (#3443)
+
 ## [1.4.3] - 2022-10-04
 
 ### Security
@@ -46,6 +86,11 @@
 - The deprecated webhook mode from the k8s-workload-registrar (#3235)
 - Support for the configmap leader election lock type from the k8s-workload-registrar (#3241)
 
+## [1.3.6] - 2022-11-01
+
+### Security
+- Updated to Go 1.18.8 to address CVE-2022-41716. This vulnerability only affects users configuring external Server or Agent plugins on Windows.
+
 ## [1.3.5] - 2022-10-04
 
 ### Security

test/integration/suites/upgrade/versions.txt

@@ -3,3 +3,4 @@
 1.4.2
 1.4.3
 1.4.4
+1.4.5