base64-ng 1.0.10
base64-ng v1.0.10
Highlights
- Continued the post-1.0 source-layout cleanup by splitting oversized internal modules into smaller, reviewable files.
- Added a production source line-budget guard to keep Rust source files within the project’s 500-line maintainability target.
- Refreshed
base64-ng-serdeto1.0.10with drop-time cleanup for wrapper byte buffers and explicit comparison behavior. - Added a high-assurance deployment checklist covering memory locking, runtime backend policy checks, CT staged decoding, fixed-size secret derives, dependency review, input caps, and redacted error logging.
- Added a crate version matrix documenting which crate-family packages are published for this release.
- Improved release tooling so dependent crate dry-runs happen after upstream crates are published and visible on crates.io.
Security And Hardening
DecodeErrorDebugoutput is now redacted to the error kind, avoiding accidental input-byte disclosure in debug logs.wipe_tailnow clamps after a debug-only invariant check instead of panicking in cleanup paths.- Custom alphabet documentation now more clearly distinguishes strict-path behavior from the
ctmodule’s constant-time-oriented scanner. - AArch64 CSDB attestation guidance was tightened for high-assurance deployments.
Published Crates
base64-ng 1.0.10base64-ng-serde 1.0.10
The other companion crates remain at 1.0.9 and continue to resolve with base64-ng 1.0.10 through normal compatible Cargo version ranges.