Skip to content

base64-ng 0.10.0

Choose a tag to compare

@eldryoth eldryoth released this 17 May 16:11
Immutable release. Only release title and notes can be modified.
v0.10.0
3ef629b

base64-ng v0.10.0

Highlights

  • Completed the v0.10 public API audit for the pre-v1.0 release-candidate series.
  • Added release-gated API audit validation so stable releases cannot ship with unresolved review pending API rows.
  • Classified core APIs, profiles, validation APIs, in-place APIs, stream adapters, error types, stack-backed buffers, SecretBuffer, and custom alphabet helpers with explicit stability or documented-boundary decisions.
  • Tightened security documentation around:
    • public constant-time-oriented success/failure and length boundaries
    • volatile best-effort cleanup limits
    • const-array panic policy
    • optional downstream zeroize layering for applications that already admit that dependency
  • Confirmed 0.10.0 remains scalar-only; SIMD stays behind admission evidence and release gates.

Security Posture

  • Zero external runtime dependencies.
  • Strict canonical decoding remains the default.
  • ct APIs remain constant-time-oriented, not a formal cryptographic constant-time guarantee.
  • Cleanup APIs remain best-effort retention reduction, with volatile wipe helpers documented and audited.
  • Async/Tokio, serde, bytes, zeroize, subtle, active SIMD, and other integrations remain deferred unless admitted by policy.

Validation

Local release gate passed before tagging, including standard checks, nextest, Miri, cross-target checks, SBOM generation, package verification, and reproducible build checks.

Kani remains policy-skipped because the installed Kani compiler is older than the crate Rust version.