Firefly Releases¶

Learn about current and past releases of the Firefly distributed component.

Supported Releases¶

Release 1.5.2¶

Firefly 1.5.2 was released on February 14, 2025.

Key changes¶

• Firefly version 1.5.2 addresses an issue that prevented it from running on operating systems with GNU libc versions earlier than 2.32. This issue affected systems such as Red Hat Enterprise Linux (RHEL) 8 and Ubuntu 20.04.
• The Go version has been updated to 1.23.6.

Downloads¶

docker pull registry.venafi.cloud/public/venafi-images/firefly:v1.5.2

helm pull oci://registry.venafi.cloud/public/venafi-images/helm/firefly \
    --version v1.5.2

PKCS#11 Binary

Releases of firefly-pkcs11 are signed and the detached signature file is included with the binary in the downloadable zip file. The SHA-256 checksum of the zip file for this release is listed below for additional verification:

• 1.5.2 (February 14, 2025) 736fb2d7f03afba4c18a4c106a9f4e861ba897a59f62c7938d9fa55ca937eb5f

Release 1.5.1¶

Firefly 1.5.1 was released on January 28, 2025.

Key features¶

• Firefly 1.5.1 improves how Firefly manages keypairs and fixes an issue where keypairs were not removed when Hardware Security Modules (HSM) were used to protect the sub-CA keys.
• Connection recovery in case of HSM connectivity failures was also improved in release v1.5.1.
• A user-agent header to HTTP requests made by Firefly was also added in this release.

Downloads¶

docker pull registry.venafi.cloud/public/venafi-images/firefly:v1.5.1

helm pull oci://registry.venafi.cloud/public/venafi-images/helm/firefly \
    --version v1.5.1

PKCS#11 Binary

Releases of firefly-pkcs11 are signed and the detached signature file is included with the binary in the downloadable zip file. The SHA-256 checksum of the zip file for this release is listed below for additional verification:

• 1.5.1 (January 28, 2025) fc6ce52c714caf5e8c33a74234335f66cdd10d6dbb79b0a4f073eace6f5d528d

Release 1.5.0¶

Firefly 1.5.0 was released on September 9, 2024.

Key features¶

• Automatic CA chain population

  A new Helm option, deployment.config.controller.certManager.caRootChainPopulation, was added, automatically populating the CA certificate chain when using the cert-manager controller.

• Simplified installation on Red Hat OpenShift

  The Helm chart now includes SecurityContextConstraints, simplifying installation on Red Hat OpenShift clusters.

Downloads¶

docker pull registry.venafi.cloud/public/venafi-images/firefly:v1.5.0

helm pull oci://registry.venafi.cloud/public/venafi-images/helm/firefly \ 
    --version v1.5.0

Release 1.4.3¶

Firefly 1.4.3 was released on August 29, 2024.

Key features¶

• Firefly connection to HSM for signing using an HSM-protected key

  You can now connect an HSM to the Firefly server (or container) to allow Firefly to sign certificates using a private key protected by an HSM. Learn more.

• Option to specify alternative names for Firefly authorization claims

  Firefly can now be configured to use alternative names for the venafi-firefly.configuration, venafi-firefly.allowedPolicies, and venafi-firefly.allowAllPolicies claims in JWTs presented by API clients.

• Option to allow Firefly API clients to connect using TLS 1.2

  Firefly can now be configured to allow legacy API clients that do not support TLS 1.3 to connect using TLS 1.2 instead.

• Resilience to transient HSM availability issues

  Firefly will now automatically recover from the HSM protecting its signing key becoming temporarily unavailable.

• Make Firefly trust anchor certificate more accessible for Kubernetes use cases

  You can now specify caRootChainPopulation: true in the config.yaml and Firefly will include its root CA certificate in the status.ca field of cert-manager CertificateRequest resources.

Downloads¶

docker pull registry.venafi.cloud/public/venafi-images/firefly:v1.4.3

helm pull oci://registry.venafi.cloud/public/venafi-images/helm/firefly \ 
    --version v1.4.3

PKCS#11 Binaries

Releases of firefly-pkcs11 are signed and the detached signature file is included with the binary in the downloadable zip file. SHA-256 checksums of the zip files each release are listed below for additional verification.

• 1.4.3 (August 29, 2024) 23fb9f0e8275d07b3b45c96892bd855b3257cb05062046121126395065f22e6c
• 1.4.2 (July 22, 2024) 92a35e5a77bd84639bbb4839dcf316696e3ae30ed8a430bbcd3daad778791ad3
• 1.4.1 (July 12, 2024) 32fb025d7d8587a78525882bdcd501d3bdaa877d3db7a9704604a027531054ee
• 1.4.0 (June 28, 2024) 86fab9bff47c202d871ff177f2989ace3ed9e94e7f15639199767954d94e0a95

Release 1.3.4¶

Firefly 1.3.4 was released on April 16, 2024.

Key features¶

• Firefly now supports requesting certificates using Unix Domain Sockets

  gRPC and REST clients can now request certificates from Firefly using a Unix Domain Socket (UDS) to forgo the overhead of TLS and authentication for use cases where clients are co-hosted with Firefly.

• Firefly now has a method specifically for downloading trust chain CA certificates

  Trust Manager clients can obtain the CA certificates applicable to Firefly trust without having to request a certificate.

• Helm charts for Firefly now support configuring API servers

  Support for configuring gRPC, GraphQL, and REST servers has been added to Helm charts.

• Firefly image now includes OCI annotions

  Introduced standard OCI annotations (labels) to the Firefly container image.

• Firefly instances may now derive parts of their name from environment variables

  Environment variable substitution is now supported for Firefly instance names when using Venafi Control Plane.

Downloads¶

docker pull registry.venafi.cloud/public/venafi-images/firefly:v1.3.4

helm pull oci://registry.venafi.cloud/public/venafi-images/helm/firefly \
    --version v1.3.4

Release 1.2.1¶

Firefly 1.2.1 was released on November 1, 2023.

Key features¶

• Firefly now supports requesting certificates using a public key

  gRPC clients can now request certificates from Firefly using a public key and Subject/SAN values for use cases where workloads generate keypairs but orchestrators request certificates for them.

• Firefly now supports Instance Identity Documents from Azure and Google (in addition to AWS)

  Clients can now authenticate and get signed certificates from Firefly using Instance Identity Documents from Azure and Google. This builds on the AWS IID support in Firefly 1.1 and means that Firefly now supports all three major cloud providers.

• Updated Terms of Use / EULA

  The Firefly Terms of Use have been updated and are now available at a new URL. Please read the Venafi End User License Agreement before upgrading.

Release 1.1¶

Firefly 1.1 was released on August 9, 2023. Key features include:

• New AWS authentication endpoint: A new API endpoint for AWS authentication allows clients to authentication using AWS workload identity documents
• Helm Chart: The addition of a new Helm chart makes it easy to install Firefly in a Kubernetes cluster, and to integrate it with cert-manager.

Release 1.0¶

Firefly 1.0 was released on April 19, 2023. Key features include:

• Versatility: Firefly has multiple, flexible deployment options including cloud, cloud-native, DevOps, and federated PKI.
• Performance: Firefly can generate keys and issue certificates at speeds and volumes well beyond service mesh requirements.
• Autonomy: Firefly operation is decentralized making it attractive to software architects and developers.
• Security: Firefly is managed and governed by the Venafi Control Plane and supports modern authentication mechanisms.
• Leanness: Firefly requires minimal infrastructure to deploy in production to achieve high availability and fault tolerance.