v0.3.1: Security Hardening, 191 New Tests, Landing Page
Highlights
This release focuses on security hardening, data integrity, and release infrastructure. Test count jumps from 365 to 556.
Security Fixes
- Idempotent WAL replay via LSN-tagged pages — pages carry monotonic Log Sequence Numbers; replay skips already-applied records, eliminating data duplication on crash recovery
- Plaintext password warning — server logs a loud warning when password auth is enabled without TLS
- Pre-auth payload limit — CONNECT messages capped at 4KB (was 64MB), blocking memory exhaustion DoS before authentication
- CRC32 checksums on catalog.bin — the last persistence file without integrity checking now has checksums
- Bounds validation on page slots — corrupt pages return
Noneinstead of panicking
Code Quality
- StorageError enum with typed variants (replaces raw
io::Resultin storage crate) - Bounds checks on unsafe executor macros — guards
agg_int_loop!/agg_float_loop!against corrupt row data // SAFETY:comments on all unsafe blocks in storage and query crates- Crate-level
//!docs on query and server crates - MSRV declared —
rust-version = "1.75"
191 New Tests (365 → 556)
| Category | Tests | Covers |
|---|---|---|
| B+ tree edge cases | 27 | splits, merges, range scans, duplicates, extreme values |
| Buffer pool | 12 | eviction, pin/unpin, dirty page persistence |
| Catalog corruption | 10 | truncation, garbage bytes, bad magic, inflated counts |
| WAL CRC rejection | 14 | bit-flips, truncation, partial writes |
| TLS connections | 4 | full lifecycle, plaintext-to-TLS rejection |
| Flaky test fix | — | connection_management race condition eliminated |
Infrastructure
- Landing page — static docs site in
site/(deploy to GitHub Pages) - Docker image CI — release workflow pushes to
ghcr.io/zvndev/powdbon tag - Crates.io publish workflow —
workflow_dispatchfor automated cargo publish - Dependabot — weekly checks for cargo, npm, and GitHub Actions dependencies
- Updated SECURITY.md — TLS docs, supported versions, auth mechanisms
- GitHub repo topics for discoverability
Benchmark: PowDB vs SQLite (100K rows, M1)
| Workload | PowDB | SQLite | Speedup |
|---|---|---|---|
| Aggregate MIN | 236μs | 2.34ms | 9.9x |
| Aggregate MAX | 236μs | 2.10ms | 8.9x |
| Aggregate SUM | 231μs | 1.87ms | 8.1x |
| Update by PK | 55ns | 412ns | 7.5x |
| Aggregate AVG | 401μs | 2.30ms | 5.7x |
| Scan+filter+count | 381μs | 1.95ms | 5.1x |
| Scan+sort+limit | 2.66ms | 9.77ms | 3.7x |
| Update by filter | 2.16ms | 6.77ms | 3.1x |
| Indexed lookup | 93ns | 282ns | 3.0x |
Full Changelog: v0.3.0...v0.3.1