v1.21.5

Tool Improvements

• fix: improve JSON/YAML diff output; fix upgradeRisk edge case by @egibs in #1433

Full Changelog: v1.21.4...v1.21.5

v1.21.4

Rule Improvements

• Update third-party rules as of 2026-03-13 by @octo-sts[bot] in #1424
• Update third-party rules as of 2026-03-15 by @octo-sts-2[bot] in #1426
• Update third-party rules as of 2026-03-16 by @octo-sts[bot] in #1427
• chore: add rule for recent Trivy compromise by @egibs in #1431

Full Changelog: v1.21.3...v1.21.4

v1.21.3

Note

This is the 100th malcontent release!

Rule Improvements

• Update third-party rules as of 2026-03-09 by @octo-sts-2[bot] in #1417

Developer Improvements

• chore(yara-x): bump to 1.14.0; add update automation by @egibs in #1419

Full Changelog: v1.21.2...v1.21.3

v1.21.2

Rule Improvements

• Update third-party rules as of 2026-02-26 by @octo-sts[bot] in #1401
• Update third-party rules as of 2026-02-28 by @octo-sts[bot] in #1404
• Update third-party rules as of 2026-03-01 by @octo-sts[bot] in #1405
• Update third-party rules as of 2026-03-08 by @octo-sts-2[bot] in #1413

Developer Improvements

• chore(actions): swap to ARM Runners by @egibs in #1410

New Contributors

• @octo-sts-2[bot] made their first contribution in #1413

Full Changelog: v1.21.1...v1.21.2

v1.21.1

Tool Improvements

• feat: migrate from sync.Map to xsync.Map by @egibs in #1394

Developer Improvements

• fix: avoid deadlock in TestStringPoolRaceCondition by @egibs in #1395

Full Changelog: v1.21.0...v1.21.1

v1.21.0

Tool Improvements

• feat: add configurable file count, depth, and more link support by @egibs in #1350
• fix treewide: register more defers immediately by @stevebeattie in #1355
• fix: abstract out cpio operations to helper function by @stevebeattie in #1356
• fix: register defers immediately in scan.go by @egibs in #1354
• chore: update context in mal.go; use errors.Is; tweak update.sh by @egibs in #1359
• fix: one more deferred close adjustment by @stevebeattie in #1361
• fix: address fuzzing findings and other miscellaneous issues by @egibs in #1360
• fix: address more fuzzing errors; miscellaneous improvements by @egibs in #1364
• fix: address FuzzRecursiveCompile flakes by @egibs in #1365
• fix: preserve nested archives which fail to extract by @egibs in #1383
• chore: bump yara-x to 1.13.0; match upstream config; run Make targets consistently by @egibs in #1389

Rule Improvements

• Update third-party rules as of 2026-02-04 by @octo-sts[bot] in #1351
• Update third-party rules as of 2026-02-06 by @octo-sts[bot] in #1363
• Update third-party rules as of 2026-02-08 by @octo-sts[bot] in #1366
• Update third-party rules as of 2026-02-09 by @octo-sts[bot] in #1369
• Update third-party rules as of 2026-02-13 by @octo-sts[bot] in #1376
• Update third-party rules as of 2026-02-16 by @octo-sts[bot] in #1381
• Update third-party rules as of 2026-02-22 by @octo-sts[bot] in #1390

Developer Improvements

• chore: only run fuzz Workflow on a schedule; clone samples for programkind fuzzers by @egibs in #1353
• chore: add more tests, fuzzing, and a separate fuzz Workflow by @egibs in #1352
• chore: only run fuzz Workflow on a schedule; clone samples for programkind fuzzers by @egibs in #1353
• [StepSecurity] Apply security best practices by @stepsecurity-app[bot] in #1358
• chore: add t.Parallel() to more tests by @egibs in #1357
• chore: run fuzzers with -parallel=1; bump context timeouts to 30 seconds by @egibs in #1367
• chore: cache Go/Rust dependencies and sample files by @egibs in #1368
• chore: run FuzzExtractArchive on a larger runner by @egibs in #1373
• chore: add more tests and fuzzing by @egibs in #1372
• chore: bump golangci-lint to 2.10.1; address findings by @egibs in #1384
• fix: avoid collisions between FuzzRemoveRules fuzzers by @egibs in #1386
• chore: update version file string by @egibs in #1392

Full Changelog: v1.20.5...v1.21.0

v1.20.5

Tool Improvements

• fix: harden UPX exec calls and limit file name length by @egibs in #1342
• chore: simplify string interning using sync.Map; add tests by @egibs in #1343

Rule Improvements

• Update third-party rules as of 2026-01-30 by @octo-sts[bot] in #1341
• Update third-party rules as of 2026-02-01 by @octo-sts[bot] in #1344

Full Changelog: v1.20.4...v1.20.5

v1.20.4

Tool Improvements

• fix: add zlib path validation; tighten up remaining file/directory permissions by @egibs in #1337

Rule Improvements

• Update third-party rules as of 2026-01-28 by @octo-sts[bot] in #1338
• Update third-party rules as of 2026-01-29 by @octo-sts[bot] in #1339

Developer Improvements

• Update malcontent-samples references to chainguard-sandbox by @eslerm in #1336

New Contributors

• @eslerm made their first contribution in #1336

Full Changelog: v1.20.3...v1.20.4

v1.20.3

Tool Improvements

• chore: bump yara-x to 1.12.0 by @egibs in #1333

Rule Improvements

• Update third-party rules as of 2026-01-27 by @octo-sts[bot] in #1332

Full Changelog: v1.20.2...v1.20.3

v1.20.2

Tool Improvements

• chore: update deps, golangci-lint, and crane; address findings by @egibs in #1326

Rule Improvements

• Update third-party rules as of 2026-01-24 by @octo-sts[bot] in #1322
• Update third-party rules as of 2026-01-25 by @octo-sts[bot] in #1324
• chore: add false positive for duosecurity/duo_universal_php by @toabctl in #1327
• Update third-party rules as of 2026-01-26 by @octo-sts[bot] in #1329

New Contributors

• @toabctl made their first contribution in #1327

Full Changelog: v1.20.1...v1.20.2