v0.11.3

Added

• Port security and edge-case tests:
  • SSRF: redirect chain to metadata endpoint, scheme rejection (ftp/file/data), userinfo rejection, private IP/port blocking in strict mode.
  • Path traversal: E2E coverage for ../../etc/passwd, mid-path dotdot, .git file content leak prevention.
  • Remote errors: upstream 4xx/5xx/403 mapped to 502, Content-Length exceeding limit returns 413, unsupported Content-Encoding (deflate, zstd) returns 502.
  • Image edge cases: corrupted/empty/truncated images return 415, ETag stability and divergence across processing options, ETag mismatch returns 200.
  • IP deny-list boundary tests: CGNAT, TEST-NET 198.18/15, broadcast, multicast, documentation ranges, IPv6 mapped/compatible/6to4/Teredo variants.
  • Path resolution: null byte injection, backslash literal on Unix, unicode filenames, very long components, multiple leading slashes, trailing dotdot.
  • Content-Encoding: multiple known encodings, mixed with unknown, whitespace handling.
  • Cloud metadata: GCP/AWS path variants, non-metadata IP allowed.

Fixed

• Align crate, npm package, OpenAPI, example lockfile, and changelog release metadata for the v0.11.3 release.

v0.11.2

Added

• Publish a production-oriented Next.js example that signs public truss URLs with @nao1215/truss-url-signer.

Changed

• Verify Homebrew installs against nao1215/tap/truss during tagged releases and keep the formula layout aligned with nao1215/homebrew-tap.

Fixed

• Align crate, npm package, OpenAPI, example lockfile, and changelog release metadata for the v0.11.2 release.

v0.11.1

Added

• Publish truss Homebrew formulas from tagged releases to nao1215/homebrew-tap and verify installation on macOS.

Changed

• Publish @nao1215/truss-url-signer from tagged releases via npm trusted publishing.
• Add README and deployment guide install paths for Homebrew and clarify the release prerequisites for the tap automation.

Fixed

• Align crate, npm package, OpenAPI, example lockfile, and changelog release metadata for the v0.11.1 release.

v0.10.4

Fixed

• Align crate, package, OpenAPI, and changelog release metadata for the v0.10.4 tag after bootstrapping the npm package and trusted publisher settings.

v0.10.2

Fixed

• Fix GitHub release workflow validation so the npm publish job no longer references secrets directly in an if: expression.
• Align crate, package, OpenAPI, and changelog release metadata for the v0.10.2 tag.

v0.9.0

Added

• Format-aware image optimization across the CLI, HTTP API, signed URLs, presets, and WASM with optimize=auto|lossless|lossy plus perceptual targetQuality controls.
• Optional Bearer token authentication for /health via TRUSS_HEALTH_TOKEN, while keeping /health/live and /health/ready unauthenticated for orchestrator probes (#73).
• Readiness probe hysteresis via TRUSS_HEALTH_HYSTERESIS_MARGIN to reduce flapping near disk and memory thresholds (#72).
• Additional fast coverage for lifecycle signal handling, public HEAD endpoints, and CLI runtime error paths.

Fixed

• Gate AVIF/WebP native dependencies behind feature flags so the WASM build no longer imports unavailable C-backed components.
• Skip serializing transformed image bytes into WASM response JSON to avoid OOM on large outputs.
• Reject truncated JPEG input during lossless optimization.
• Stabilize HEAD and optimization-related tests after the runtime-target optimization work.

Changed

• Consolidate project documentation under docs/ and expand CLI examples for piping, stdin/stdout usage, and optimization workflows.
• Deduplicate cloud integration test helpers and parameterize HEAD request tests with rstest.
• Update the OpenAPI and configuration docs to cover optimization controls, /health authentication, and readiness hysteresis behavior.

v0.8.0

Added

• Lock-free syscall caching for health check endpoints (disk_free_bytes, process_rss_bytes) with configurable TTL via TRUSS_HEALTH_CACHE_TTL_SECS (default: 5s, range: 0–300). Eliminates redundant kernel context switches under high-frequency polling (#74).
• ServerConfig::with_health_cache_ttl_secs() builder method for programmatic TTL override.
• Per-IP rate limiting with sharded buckets to reduce mutex contention (#127).
• Reverse proxy support: resolve real client IP behind trusted proxies for rate limiting via TRUSS_TRUSTED_PROXIES (#117).
• #[must_use] annotations on key public types and functions (#130).
• #[non_exhaustive] on public enums for semver safety (#122).
• Integration tests for HEAD requests (#123).
• Unit tests for routing, signing, and inspect modules (#124).
• Non-ASCII input tests for Rgba8::from_hex (#131).
• Security audit CI on pull requests (#128).
• PR template and updated stale bug report placeholder (#126).

Fixed

• Block SSRF bypass via IPv4-compatible, 6to4, and Teredo IPv6 addresses (#118).
• Add element count and nesting depth limits to SVG sanitizer; fix CSS url() search performance (#119).
• Disambiguate NUL escape to avoid clippy octal_escapes lint (#124).
• Guard Rgba8::from_hex against non-ASCII input (#131).
• Add #[serial] to cloud integration tests that use env::set_var (#116).
• Prevent flaky redirect-limit test on Windows (WSAECONNABORTED).
• Use acquire/release memory ordering in HealthCache for correctness on weakly-ordered architectures.

Changed

• Extract collect_resource_checks() to deduplicate ~70 lines of identical logic between handle_health() and handle_health_ready().
• Introduce unified transform dispatch to eliminate SVG/raster routing duplication (#115).
• Remove ~2400 lines of duplicated code from server/mod.rs (#114).
• Replace relay imports with direct submodule references in auth.rs and metrics.rs.
• Consolidate duplicated test helpers in CLI integration tests (#121).
• Replace manual JSON construction with serde_json in inspect command (#129).
• Throttle cache eviction scans and remove unnecessary fsync (#120).
• Hide HealthCache from public API; expose TTL via builder method.
• Document TRUSS_HEALTH_CACHE_TTL_SECS, TRUSS_HEALTH_CACHE_MIN_FREE_BYTES, and TRUSS_HEALTH_MAX_MEMORY_BYTES in from_env rustdoc.
• Update pipeline and Prometheus docs with crop/sharpen stages and watermark metric (#125).
• Bump clap 4.5→4.6, clap_complete 4.5→4.6, aws-sdk-s3 1.125→1.126.

v0.7.2

Fixed

• Fix aarch64 cross-compilation failure by using newer cross-rs base image with OpenSSL 3.x support.

v0.7.0

Added

• Configurable max input pixel limit (TRUSS_MAX_INPUT_PIXELS) with 422 response for oversized images.
• Configurable max upload body size (TRUSS_MAX_UPLOAD_BYTES) with 413 response for oversized uploads.
• Optional Bearer token protection for /metrics endpoint (TRUSS_METRICS_TOKEN) and disable flag (TRUSS_DISABLE_METRICS).
• Configurable keep-alive max requests (TRUSS_KEEP_ALIVE_MAX_REQUESTS).
• Config validation subcommand (truss validate) for CI/CD pre-flight checks.
• Enhanced health checks: cache disk free space (TRUSS_HEALTH_CACHE_MIN_FREE_BYTES), transform capacity, and process memory usage (TRUSS_HEALTH_MAX_MEMORY_BYTES).
• Graceful shutdown with configurable drain period (TRUSS_SHUTDOWN_DRAIN_SECS); /health/ready returns 503 immediately on SIGTERM/SIGINT.
• Custom response headers via TRUSS_RESPONSE_HEADERS JSON env var with security-critical header rejection.
• Gzip response compression for non-image responses with configurable level (TRUSS_COMPRESSION_LEVEL) and disable flag (TRUSS_DISABLE_COMPRESSION).
• Crop control in the WASM demo page UI.
• SVG and lossy WebP features enabled in the WASM demo build.

Fixed

• Box::leak per-request memory leak in custom response headers.
• Reject security-critical headers (framing, hop-by-hop) in TRUSS_RESPONSE_HEADERS at startup.
• Merge Vary headers into a single line to avoid duplication.
• Reduce worker drain timeout to 15 s for Kubernetes compatibility.
• Replace busy-wait accept loop with poll(2) on Unix.
• Windows graceful shutdown via SIGINT handler and draining check.
• Use sigaction, AtomicI32, cast_mut, and O_NONBLOCK on write fd for signal safety.
• Pixel-cap check moved before cache lookup to prevent unnecessary cache reads.
• Early-reject /metrics before body read.
• README: --bearer-token CLI flag corrected to TRUSS_BEARER_TOKEN env var.
• README: POST /images:transform curl example corrected to POST /images for multipart uploads.

Changed

• OpenAPI spec documents HEAD method support on all GET endpoints.
• UnprocessableEntity response includes example in OpenAPI spec.
• maxInputPixels marked as required in HealthDiagnosticResponse schema.
• Extracted parse_env_u64_ranged helper for env var parsing.

v0.6.2

Fixed

• aarch64 cross-compilation failure: Cross.toml pre-build now installs libssl-dev:arm64 instead of the host-architecture package, so openssl-sys finds the correct headers.

Changed

• Release profile: enable thin LTO, single codegen unit, and binary stripping for smaller, faster binaries.
• Unified stderr_write usage across S3, GCS, and Azure backends to avoid Rust 2024 ReentrantLock issues with eprintln!.
• Cache key computation uses streaming Sha256 hasher and inline parameter builder, eliminating intermediate allocations and sort.
• Watermark margin capped at 9999 with explicit validation on both JSON and multipart endpoints.
• Docker Compose healthcheck added for the truss service.

Added

• Unit tests for auth, http_parse, multipart, negotiate, and response modules (314 new tests).