Skip to content

Hashavatar API 0.13.0

Choose a tag to compare

View all tags
@eldryoth eldryoth released this 18 May 12:43
· 6 commits to main since this release
Immutable release. Only release title and notes can be modified.
v0.13.0
ff95836
This commit was signed with the committer’s verified signature.
eldryoth
SSH Key Fingerprint: EoLRQ5k4J5pYz3UMFmkrV798gYFNkToGS2xEPvebqB4
Verified
Learn about vigilant mode.

hashavatar-api v0.13.0

This release updates the API and demo site for hashavatar 0.13.0.

Changed

  • Uses the published hashavatar 0.13.0 crate.
  • Adds demo/API support for the new background modes:
    • polka-dot
    • striped
    • checkerboard
    • grid
    • sunrise
    • ocean
    • starry
  • Keeps the demo/API on SHA-512 identity hashing and WebP avatar responses.
  • Updates README, security docs, OpenAPI-driven options, and smoke tests for the new background set.

Security and Reliability

  • Applies origin-side rate limiting to /og.png.
  • Raises the in-memory rate limiter capacity to 65,536 buckets.
  • Avoids CSP nonce generation on non-HTML routes.
  • Stops exposing signed S3 URL/object-key metadata on standard avatar responses; signed metadata is returned only through /v1/avatar/link.
  • Adds regression tests and smoke coverage for the new hardening.

Validation

  • Local test suite, clippy, smoke tests, dependency policy, RustSec audit, GitHub CI, and CodeQL passed before tagging.
Assets 3
Loading
0 Join discussion