Skip to content

v0.3.1 — security patch

Choose a tag to compare

View all tags
@santhsecurity santhsecurity released this 15 May 18:22
· 13 commits to main since this release
v0.3.1
a082dfc

0.3.1 — security patch

  • Embed 888 keyhog detectors directly in gossan-keyhog-lite (end users now get a working scanner instead of a silent no-op)
  • Bound 4 unbounded HTTP body reads (waf, sitemap, wasm, gitlab) — protects against OOM from hostile origins
  • Fix soft404::read_limited to use streaming bound (previous version still loaded full body before checking the cap)
  • Warn once when insecure_tls=true so degraded TLS posture is always visible
Assets 2
Loading