Release v0.4.2
This release provides critical security fixes, cache stability improvements, and enhanced CI/CD integration. It addresses issues identified by CodeQL and optimizes the W-TinyLFU cache implementation for long-term stability.
🚀 Key Highlights
🛡️ Security Fixes
- LSM/FID Boundary Check: Fixed a high-severity integer overflow vulnerability in SSTable file ID parsing (utils.FID). This prevents potential memory corruption or logical errors when processing large file IDs. (Addressed CodeQL scan alert).
⚡ Cache Optimization (W-TinyLFU)
- Automatic Freshness (Reset Mechanism): Fixed a bug where the threshold for Frequency Sketch and Bloom Filter resets was uninitialized. Resets now trigger every 10 * size operations, preventing historical data from polluting the frequency estimates.
- Improved Entry Validation: Added explicit bounds checks in the Set path for the internal cache. Key hashes exceeding uint32 are now handled safely without silent truncation, ensuring consistency with the Get logic.
🛠 Infrastructure & CI/CD
- AI-Powered Code Review: Integrated CodeRabbit for automated PR reviews, configured specifically for the Go toolchain (go-vet, golangci-lint).
- Dependency Updates: Bumped github.com/panjf2000/ants/v2 to v2.11.4 for improved concurrency pooling stability.
📈 What's Changed
- fix(cache): initialize reset threshold for TinyLFU by @feichai0017
- fix(security): prevent integer overflow in FID parsing by @feichai0017
- chore: add .coderabbit.yaml for intelligent PR analysis
- deps: upgrade ants/v2 pool manager
🔗 Full Changelog
For a detailed list of all 100 commits since v0.4.1, please refer to the commit history
(feichai0017/NoKV@v0.4.1...v0.4.2).