Skip to content

v0.5.0

Choose a tag to compare

View all tags
@github-actions github-actions released this 21 Apr 23:15
· 243 commits to main since this release
v0.5.0
This tag was signed with the committer’s verified signature.
CybotTM Sebastian Mendel
SSH Key Fingerprint: NOxv8dcZlMFz3wrLdHILVNSnF6xskqAjN3bnn0i7K30
Verified
Learn about vigilant mode.
9683d76
This commit was created on GitHub.com and signed with GitHub’s verified signature.
GPG key ID: B5690EEEBB952194
Verified
Learn about vigilant mode.

v0.5.0 — Testing Pyramid + Security Hardening

Major release: three production security bug-fixes, a new OAuth feature, and a
comprehensive test-pyramid overhaul. 93 commits since v0.4.6.

🔒 Security fixes

  1. AccessControlService granted disabled BE users vault access. Any user with a non-zero be_users.disable flag is now denied at the vault layer regardless of session state.
  2. AccessControlService accepted stale group IDs from sessions. Session userGroupsUID entries are now filtered against the live be_groups table before being intersected with a secret's allowedGroups. Deleted-group UIDs can no longer grant access.
  3. verifyHashChain() missed delete+patch-successor attacks. An attacker who deletes audit row N and patches row N+1's previous_hash would previously go undetected. The verifier now detects UID gaps; results expose missingUids (capped at 1000) + missingUidCount.

✨ Features

  • OAuth refresh-token fallbackOAuthTokenManager::fetchTokenWithFallback() falls back to client_credentials on HTTP 400/401 + invalid_grant/invalid_token. Outages (5xx / 429 / invalid_client) re-throw so real failures are not masked. Both events are audit-logged.
  • vault:migrate-field --uid-field='' is rejected up-front with a clear error instead of crashing mid-batch.

🧪 Testing pyramid

Metric Before After
Unit tests 1 298 1 705
Unit assertions 3 045 6 949
Fuzz test files 1 10 (1 514 methods)
Functional test files 12 24
E2E specs 8 14 + pathway audit
Coverage driver PCOV Xdebug (branch + path)
Mutation MSI N/A 72.35 % baseline
PHPUnit notices 70 0

Infection mutation testing is now wired end-to-end with a documented ratchet
plan toward 85 / 95 MSI by Q4 — see
Documentation/Developer/mutation-baseline.md.

🛠️ Tooling

  • Dev dependencies consolidated: 14 direct require-dev entries reduced to 4 via the new netresearch/typo3-ci-workflows meta-package. Adds phpstan-deprecation-rules, saschaegerer/phpstan-typo3, nikic/php-fuzzer, overtrue/phplint, and dg/bypass-finals as side benefits.
  • CI pipeline: all 16 reusable workflows pinned to commit SHAs, concurrency block for PRs, on-demand mutation testing via the run-mutation PR label.
  • PHPStan: strict-rules + deprecation-rules + phpunit + saschaegerer/phpstan-typo3 extensions (auto-registered via phpstan/extension-installer).
  • runTests.sh hardened: dual SIGINT/SIGTERM/EXIT trap, collision-resistant container suffix, Alpine 3.8 → 3.20.
  • Test infrastructure: AbstractVaultFunctionalTestCase + 3 traits + SecretFixtureBuilder deduplicate ~441 LOC of boilerplate; architecture-check script enforces the project base on new unit tests.

📦 Assets

  • nr-vault-0.5.0.tar.gz / .zip — release archives
  • *.sbom.cdx.json / .spdx.json — CycloneDX + SPDX SBOMs
  • checksums.txt — SHA-256 digests for every asset
  • *.bundle — cosign keyless signature bundles (verify with cosign verify-blob --bundle …)

Full changelog: v0.4.6...v0.5.0

Assets 12
Loading