Skip to content

v0.3.0

Choose a tag to compare

View all tags
@rfaulhaber rfaulhaber released this 11 Jun 19:05
· 4 commits to main since this release
v0.3.0
This tag was signed with the committer’s verified signature.
rfaulhaber Ryan Faulhaber
GPG key ID: 0058496CD0320AF2
Verified
Learn about vigilant mode.
4c80b6b
This commit was signed with the committer’s verified signature.
rfaulhaber Ryan Faulhaber
GPG key ID: 0058496CD0320AF2
Verified
Learn about vigilant mode.

cirrus-auth-v0.2.4

Security

  • WebServerFlow's Debug implementation now redacts consumer_key and consumer_secret. Previously the derived impl printed both verbatim, so any code logging the flow with {:?} (e.g. tracing::debug!(?flow)) wrote the connected app's client secret to its logs. If your application may have logged a WebServerFlow value, consider rotating that connected app's consumer secret.

All other secret-bearing types (PendingExchange, CompletedSession, the builders) already redacted correctly; this closes the one gap.

v0.3.0 (cirrus)

Breaking

  • BulkIngestJob::api_version and BulkQueryJob::api_version are now f64 (previously f32). The wire shape is unchanged — Salesforce sends a JSON number — so this only affects code that names the field's type.

Fixed

  • After a 401-triggered token refresh, the retried request now gets a fresh transient-retry budget. Previously, retries spent on 429/503 responses before the 401 carried over, so the post-refresh request could run with no retries at all — exactly when the server had just proven flaky.
  • Path segments you supply (sObject name and record ID in create_with_blob/update_with_blob, deploy IDs in the Metadata REST handler) are now percent-encoded instead of interpolated raw.

Changed

  • Connect-phase network failures (DNS errors, connection refused, TLS handshake failures) are now retried for all HTTP methods, including POST and PATCH. The request never reached the server in these cases, so a retry cannot duplicate an effect. Mid-request failures still retry only on idempotent methods. This matches cirrus-metadata's existing policy.
  • A 2xx response with an empty body deserialized into a non-nullable type now produces a clear error suggesting () or Option<T>, instead of serde's opaque "invalid type: null".

cirrus-metadata-v0.1.1

Fixed

  • list_metadata now rejects an empty query list client-side with MetadataError::InvalidArgument, instead of sending a zero-query envelope that surfaces as an opaque server-side SOAP fault.
  • wait_for_deploy / wait_for_deploy_with: if the deploy completes but the final include_details: true fetch fails, the helpers now return the terminal result (with details: None) and log a warning, instead of discarding a finished deploy's outcome behind an error.

Documentation

  • MetadataClient::call and request_builder now carry a security note: the session token travels inside the SOAP envelope (the request body), so redacting the Authorization header is not sufficient — body-logging middleware or proxies will capture the token in plaintext.
Assets 2
Loading