base64-ng 0.10.0
base64-ng v0.10.0
Highlights
- Completed the
v0.10public API audit for the pre-v1.0release-candidate series. - Added release-gated API audit validation so stable releases cannot ship with unresolved
review pendingAPI rows. - Classified core APIs, profiles, validation APIs, in-place APIs, stream adapters, error types, stack-backed buffers,
SecretBuffer, and custom alphabet helpers with explicit stability or documented-boundary decisions. - Tightened security documentation around:
- public constant-time-oriented success/failure and length boundaries
- volatile best-effort cleanup limits
- const-array panic policy
- optional downstream
zeroizelayering for applications that already admit that dependency
- Confirmed
0.10.0remains scalar-only; SIMD stays behind admission evidence and release gates.
Security Posture
- Zero external runtime dependencies.
- Strict canonical decoding remains the default.
ctAPIs remain constant-time-oriented, not a formal cryptographic constant-time guarantee.- Cleanup APIs remain best-effort retention reduction, with volatile wipe helpers documented and audited.
- Async/Tokio, serde, bytes, zeroize, subtle, active SIMD, and other integrations remain deferred unless admitted by policy.
Validation
Local release gate passed before tagging, including standard checks, nextest, Miri, cross-target checks, SBOM generation, package verification, and reproducible build checks.
Kani remains policy-skipped because the installed Kani compiler is older than the crate Rust version.