Skip to content

v0.3.3 — Security Hardening & Validation

Latest
Latest

Choose a tag to compare

View all tags
@cardotrejos cardotrejos released this 29 Mar 21:56
· 1 commit to main since this release
v0.3.3
b5f8295

What's Changed

Security & Validation Fixes

  • TLS peer verification enabled by default on all facilitator HTTP connections (#32)
  • HTTPS enforcement on facilitator base_url — prevents plaintext credential leakage (#35)
  • 8KB payload size cap on PaymentRequired and PaymentResponse (#34)
  • PAYMENT-SIGNATURE header size cap to prevent oversized header attacks (#32)
  • SIWX ETS size cap to bound memory usage (#39)
  • Payment signature format validation tightened (#39)
  • Solana address validation strengthened with proper Base58 checks (#36)
  • Idempotency cache warning when cache is missing (#36)

Improvements

  • Optimized decimal parsing and centralized utility functions (#37)
  • Bumped minimum Elixir to ~> 1.19 (#33)

Testing

  • Added unit test for HTTP.secure_pool_opts/0 (#38)

Full Changelog: v0.3.2...v0.3.3

Assets 2
Loading