Skip to content

Kingfisher v1.107.0

Latest

Choose a tag to compare

@github-actions github-actions released this 15 Jul 23:12
1e07d53

[v1.107.0]

  • Security: fixed validation redaction bypasses, redacted webhook report metadata, and bounded TAR extraction.
  • Added detection and validation rules for 25+ new provider families: Anthropic, Airtable, Browserbase, Cartesia, Cielo, Civo, Exoscale, Greptile, Infomaniak, Kimi (Moonshot AI), LightOn, Mailgun, MessageBird, Nango, New Relic, Novu, OVHcloud, PlanetScale, Polymarket, Silicon Flow, Twitter/X, Turso, Upstage, Yandex — plus expanded Slack, Volcengine, JWT, Linear, and Pinecone coverage. Built-in coverage is now 1,006 rules (876 standalone detectors + 130 dependent rules), with 511 standalone detectors supporting live validation.
  • Migrated the TLS and JWT-signing crypto backend from ring to aws-lc-rs across all validators (GCP, Postgres, raw), the main binary's default provider installation, the MongoDB driver, and gcloud-storage, consolidating on a single FIPS-eligible crypto provider.
  • Reduced dependency footprint and binary size: removed include_dir and color-backtrace; trimmed clap to default-features = false and tokio from "full" to specific features; added per-package opt-level = "z" for cold crates in the release profile. Viewer assets and builtin rules are now gzip-compressed at build time via build.rs and lazily decompressed at runtime, replacing include_dir directory embedding.
  • Improved Docker builds in the Makefile: added SKIP_TESTS=1 to skip tests, a separate CARGO_TARGET_DIR=target-docker to avoid clobbering host build artifacts, and bash to the Alpine package list.
  • Reworked --access-map provider parsing from clap ValueEnum to a custom FromStr parser with flexible aliases (mongo, hf, wandb, msteams, brevo, do, ibm, tfc, etc.) and clearer error messages.