Skip to content

v0.7.7

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 21 Dec 18:49
· 2 commits to main since this release
v0.7.7
This tag was signed with the committer’s verified signature.
greysquirr3l Nick Campbell
GPG key ID: 902DADBBDD5E203D
Verified
Learn about vigilant mode.
e779d68
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode. 
Release v0.7.7 - Security audit fixes

Security hardening release addressing audit findings:
- Fixed constant-time comparison test with realistic timing tolerance
- Added integer overflow validation for archive handlers
- Documented non-cryptographic RNG usage
- Verified all crypto operations use crypto/rand
- Validated zip-slip protection and race conditions
- All 109 tests passing with race detector clean

Security improvements:
- Enhanced documentation for security-critical code paths
- Safe integer conversion checks
- Comprehensive security audit report included
Assets 7
Loading