Skip to content

base64-ng 1.0.10

Choose a tag to compare

@eldryoth eldryoth released this 20 Jun 12:35
Immutable release. Only release title and notes can be modified.
v1.0.10
a3a576c

base64-ng v1.0.10

Highlights

  • Continued the post-1.0 source-layout cleanup by splitting oversized internal modules into smaller, reviewable files.
  • Added a production source line-budget guard to keep Rust source files within the project’s 500-line maintainability target.
  • Refreshed base64-ng-serde to 1.0.10 with drop-time cleanup for wrapper byte buffers and explicit comparison behavior.
  • Added a high-assurance deployment checklist covering memory locking, runtime backend policy checks, CT staged decoding, fixed-size secret derives, dependency review, input caps, and redacted error logging.
  • Added a crate version matrix documenting which crate-family packages are published for this release.
  • Improved release tooling so dependent crate dry-runs happen after upstream crates are published and visible on crates.io.

Security And Hardening

  • DecodeError Debug output is now redacted to the error kind, avoiding accidental input-byte disclosure in debug logs.
  • wipe_tail now clamps after a debug-only invariant check instead of panicking in cleanup paths.
  • Custom alphabet documentation now more clearly distinguishes strict-path behavior from the ct module’s constant-time-oriented scanner.
  • AArch64 CSDB attestation guidance was tightened for high-assurance deployments.

Published Crates

  • base64-ng 1.0.10
  • base64-ng-serde 1.0.10

The other companion crates remain at 1.0.9 and continue to resolve with base64-ng 1.0.10 through normal compatible Cargo version ranges.