Skip to content

v0.41.0

Latest
Latest

Choose a tag to compare

View all tags
@github-actions github-actions released this 08 Jun 11:35
v0.41.0
9e8010b
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

Note

This release was brought to you by the Shipyard team.

What's Changed

Added

  • ipld/merkledag/traverse: added the Visited interface and Options.Visited field, so callers can plug in their own set for skipping duplicates when SkipDuplicates is on. *go-cid.Set already works as one; a bounded or disk-backed set keeps memory low on very large DAGs.

Changed

Fixed

  • routing/http/server: GET /routing/v1/ipns/{name} no longer gives a cache a window that outlasts the record. It caps max-age to the record's remaining validity and sizes the stale window (stale-while-revalidate/stale-if-error) to the time left after it, so the two never cross the record's EOL. An expired record, or one whose ValidityType is not EOL (unknown expiration), returns Cache-Control: no-store, and a negative TTL no longer yields a negative max-age. #1166
  • gateway: serving a raw IPNS record (GET /ipns/{name}?format=ipns-record) now caps max-age to the record's remaining validity and never lets it go negative, so a cache cannot reuse the record past its EOL. #1166
  • namesys: the IPNS resolver now floors a negative record TTL at zero, so a malformed record can no longer surface a negative TTL through Result.TTL. #1166
  • namesys: a cache hit now reports the TTL remaining in the cache entry rather than the record's original TTL, so a late hit near a record's EOL can no longer advertise a freshness lifetime that outlives the record. #1166
  • ipns: NewRecord floors a negative TTL at zero and Validate rejects records carrying one. #1166
  • bitswap/network/bsnet: stop marking a peer unresponsive on a single failed send attempt. send() is retried by multiAttempt(), which already marks the peer once all retries are exhausted; marking on the first failure could permanently sideline a peer that had just reconnected (the disconnect notification being suppressed), hanging fetches from it until it fully disconnected. #1164

Security

  • tracing: bumped OpenTelemetry OTLP exporters to v1.43.0, which caps the HTTP exporter's response body at 4 MiB. A hostile or man-in-the-middle collector could otherwise exhaust its memory (CVE-2026-39882). The gRPC exporter is unaffected.

Full Changelog: v0.40.0...v0.41.0

Assets 2
Loading