v1.1.0-rc3 — pre-ship hardening + exhaustive download-exec sink coverage
Pre-release
Pre-release
·
30 commits
to main
since this release
v1.1.0-rc3
HxHippy
HxHippy
This tag was signed with the committer’s verified signature.
HxHippy
HxHippy
Release candidate. Security-hardening release: an adversarial pre-ship review closed six real defects across the gate, parser, and detection layers, plus exhaustive shell/interpreter download-exec coverage (24 shells + 20+ interpreters), EXEC-006 (sqlite3 dot-commands) and EXEC-007 (make from stdin), and quote-aware printed-message filtering. The pacman hook's privilege-drop decision logic is now test-covered.
See CHANGELOG.md for the full [1.1.0-rc3] entry. Detection-weakness reports: please use a private GitHub Security Advisory (SECURITY.md), not a public issue.