Skip to content

Release v0.3.0

Choose a tag to compare

@github-actions github-actions released this 12 Jul 19:15
67772ee

Fixed

  • Binary payloads are no longer corrupted by mirror and replay. Both paths
    converted payloads through a lossy UTF-8 string, mangling non-UTF-8 data
    (protobuf, compressed payloads) before republishing and recording. Payloads
    now stay raw bytes end-to-end.
  • Long gaps between recorded messages no longer block Ctrl+C, MQTT keepalives,
    or TUI toggles during mirror playback; replay shutdown mid-delay now
    disconnects from the broker gracefully.
  • --tls-insecure now actually skips certificate verification (it previously
    fell through to full verification against system roots — a documented no-op).
  • Every multi-word CLI flag in the README was documented in snake_case that the
    binary rejects; all corrected to the real kebab-case spellings.
  • Replay connection failures are logged instead of silently retried forever.

Added

  • --bind-addr for the embedded broker (binds 127.0.0.1 by default — see
    Security below), --no-mirror, --no-audit, --completions <shell>, and
    MQTT_USERNAME/MQTT_PASSWORD environment variables for credentials.
  • --version now includes the git commit hash.
  • CI: cargo audit job with monthly scheduled run, Dependabot (monthly,
    grouped), all GitHub Actions pinned to commit SHAs.
  • Test coverage for binary payload round-trips (property + integration) and
    --speed wall-clock timing.

Changed

  • Security: the embedded broker now binds to loopback by default instead
    of 0.0.0.0. The broker has no authentication; exposing it on a network
    interface requires an explicit --bind-addr and logs a warning.
  • Recorded CSVs and audit log files are created with mode 0600 on Unix.
  • --csv-field-size-limit now bounds memory during parsing instead of
    checking after the full record is buffered.
  • Dependencies: rumqttc 0.25, rumqttd 0.20, ratatui 0.30, crossterm 0.29,
    thiserror 2. The MQTT client TLS path now runs on a patched rustls-webpki.
  • Minimum supported Rust version is 1.88 (the previous 1.70 claim was stale).

Pull Requests

  • Audit fixes: binary payload corruption, security hardening, dep upgrades, UX (#6)
  • docs: open-source standards — changelog, security policy, issue/PR templates (#7)
  • ci: auto-merge Dependabot PRs after CI passes (#9)
  • test: fix shutdown race flake in combined verify test (#10)
  • chore(deps): bump the actions group with 4 updates (#8, first @dependabot contribution)
  • chore: release v0.3.0 — docs freshness pass and version bump (#11)

Full Changelog: v0.2.1...v0.3.0