Skip to content

Release v0.4.2

Choose a tag to compare

@feichai0017 feichai0017 released this 22 Jan 14:04

This release provides critical security fixes, cache stability improvements, and enhanced CI/CD integration. It addresses issues identified by CodeQL and optimizes the W-TinyLFU cache implementation for long-term stability.

🚀 Key Highlights

🛡️ Security Fixes

  • LSM/FID Boundary Check: Fixed a high-severity integer overflow vulnerability in SSTable file ID parsing (utils.FID). This prevents potential memory corruption or logical errors when processing large file IDs. (Addressed CodeQL scan alert).

⚡ Cache Optimization (W-TinyLFU)

  • Automatic Freshness (Reset Mechanism): Fixed a bug where the threshold for Frequency Sketch and Bloom Filter resets was uninitialized. Resets now trigger every 10 * size operations, preventing historical data from polluting the frequency estimates.
  • Improved Entry Validation: Added explicit bounds checks in the Set path for the internal cache. Key hashes exceeding uint32 are now handled safely without silent truncation, ensuring consistency with the Get logic.

🛠 Infrastructure & CI/CD

  • AI-Powered Code Review: Integrated CodeRabbit for automated PR reviews, configured specifically for the Go toolchain (go-vet, golangci-lint).
  • Dependency Updates: Bumped github.com/panjf2000/ants/v2 to v2.11.4 for improved concurrency pooling stability.

📈 What's Changed

  • fix(cache): initialize reset threshold for TinyLFU by @feichai0017
  • fix(security): prevent integer overflow in FID parsing by @feichai0017
  • chore: add .coderabbit.yaml for intelligent PR analysis
  • deps: upgrade ants/v2 pool manager

🔗 Full Changelog
For a detailed list of all 100 commits since v0.4.1, please refer to the commit history
(feichai0017/NoKV@v0.4.1...v0.4.2).