v1.5.1

1.5.1 (2026-04-03)

Bug Fixes

• Suppress healthz probe logging after the first 3 requests to reduce log noise (342c198)
• Add flame favicon to prevent browser 400 errors on /favicon.ico (53d37d3)

v1.5.0

1.5.0 (2026-04-03)

Bug Fixes

• Fix embedded documentation page not displaying the hero image (2bf4d95)

v1.4.1

1.4.1 (2026-04-03)

Bug Fixes

• Fix Helm chart version sync with release-please (e9527eb)
• Fix Helm chart cosign signing to use digest instead of tag (30bf9cf)
• Add cosign registry auth for chart signature push (5b71f8f)

v1.4.0

Highlights

Helm Chart

cooked now ships a production-ready Helm chart, published to GHCR as a signed
OCI artifact alongside each release. Install with:

helm install cooked oci://ghcr.io/air-gapped/charts/cooked

Includes CA certificate injection, PSS restricted security context, HPA, PDB,
NetworkPolicy, and full configuration via cooked.* values.

Image Proxying

Images in rendered documents are now proxied through /_cooked/raw/ automatically,
fixing CORS failures when the upstream origin differs from cooked's domain.

Iframe Embedding

The new --frame-ancestors flag controls CSP frame-ancestors, enabling cooked
to be embedded in Gitea, cgit, or other tools via iframe.

---

1.4.0 (2026-04-03)

Features

• Add Helm chart for Kubernetes deployment (eae7614)
• Proxy images and assets through /_cooked/raw/ to fix CORS (0a7c38e)
• Add --frame-ancestors flag for iframe embedding (8c9536f)
• Add --trusted-proxies for X-Forwarded-For client IP extraction (e50437a)

v1.3.2

Highlights

Supply Chain Security

Container images are now signed with cosign (keyless via Sigstore) and include
an SPDX SBOM attestation. Verify with:

cosign verify ghcr.io/air-gapped/cooked:v1.3.2 \
  --certificate-oidc-issuer https://token.actions.githubusercontent.com \
  --certificate-identity-regexp github.com/air-gapped/cooked

---

1.3.2 (2026-04-03)

Security

• Sign container images with cosign keyless signing (4b5eec0)
• Generate SPDX SBOM and attach as signed in-toto attestation (9c6db7c)
• Pin CI runners to ubuntu-24.04 for reproducible builds (4b5eec0)
• Enable branch protection and harden workflow permissions (fc75449)

v1.3.1

1.3.1 (2026-03-31)

Bug Fixes

• Replace test that only checked log output format with real Setup() validation (e57b850)

v1.3.0

Highlights

Runtime CA Certificate Injection

The container now runs update-ca-certificates at startup, picking up any .crt
files mounted into /usr/local/share/ca-certificates/. This enables air-gapped
deployments with internal CAs — mount your CA bundle via ConfigMap or
trust-manager and cooked handles the rest.

---

1.3.0 (2026-03-31)

Features

• Run update-ca-certificates at container startup for runtime CA injection (0b460bb)
• Add dependency review workflow with CVE check and AI security analysis (a5df1fd)

v1.2.3

1.2.3 (2026-03-26)

Dependencies

• Update goldmark to v1.8.2 (#48)

v1.2.2

1.2.2 (2026-03-26)

Dependencies

• Update goldmark to v1.8.1 (#40)
• Update logrus to v1.9.4 (#39)

v1.2.1

1.2.1 (2026-02-10)

Bug Fixes

• Resolve hostnames against CIDR allowlist entries (e22c596)
• Proxy raw content for the copy-to-clipboard button (e22c596)
• Suppress noisy .well-known path lookups from logs (e22c596)