0.0.14

jinzhongjia released this 23 Oct 11:47

· 33 commits to main since this release

9093519

Version 0.0.14

Key Changes

Security and Stability

Converted recursive parser to iterative implementation with configurable safety limits to prevent stack overflow attacks
Added ParseLimits struct with controls for max_depth, max_array_length, max_map_size, max_string_length, and max_ext_length
Introduced PackWithLimits() function for custom limit configuration with backward-compatible Pack() wrapper
Refactored Payload.free() to iterative stack-based implementation
Added new error types for limit violations (MaxDepthExceeded, ArrayTooLarge, MapTooLarge, StringTooLong, ExtDataTooLong)
Comprehensive test suite for deep nesting, malicious payloads, and corrupted data

Performance

Added complete performance benchmarking suite (bench.zig)
Benchmarks cover all MessagePack operations in both debug and optimized builds
Detailed throughput and latency metrics available

Documentation

Updated README with security features and parsing limits
Added security architecture section explaining iterative parsing and memory safety
Documented PackWithLimits and ParseLimits API
Fixed error naming from MsGPackError to MsgPackError for consistency

Breaking Changes

None. The new PackWithLimits() function is an addition, and Pack() maintains backward compatibility.

Assets 2