Skip to content

v0.17.1

Choose a tag to compare

View all tags
@github-actions github-actions released this 14 Jun 10:27
· 15 commits to main since this release
v0.17.1
537d89b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

A patch release: the session-key cache on macOS and Windows could store an entry that read back
already expired.

Fixed

  • The session-key cache on macOS (Keychain) and Windows (DPAPI) no longer expires an entry the
    instant it is stored.     Both recorded the expiry deadline at one-second resolution, so an entry
    written just before a second boundary rounded its deadline down and could read back as already
    expired: the first Get after Store missed, forcing an unnecessary re-prompt (and a flaky cache
    test). The deadline is now nanosecond-resolution, so a TTL lasts its full duration. Linux was
    unaffected (the kernel keyring enforces the timeout natively). A cache entry written by an earlier
    version is treated as expired and re-fetched once.

Built reproducibly with GoReleaser. Artifacts are signed with cosign (keyless) and carry SLSA build provenance.

Assets 10
Loading