Releases
v0.9.0
Compare
Sorry, something went wrong.
No results found
Immutable
release. Only release title and notes can be modified.
hashavatar-api v0.9.0
Updated the service to hashavatar 0.9.0.
Updated documentation and security support notes for the 0.9.x release line.
Fixed demo-page console noise by disabling signed-link polling when S3 storage is not configured.
Hardened CSP behavior:
removed deterministic nonce fallback
fail closed with 503 if secure OS randomness is unavailable
kept nonce and hash support for inline demo scripts
disabled HTML caching for nonce-bearing pages
Hardened rate limiting by scoping limiter keys to route + resolved client IP, preventing attacker-controlled tenant/kind values from flushing limiter state.
Made generation-time metrics conversion saturating to avoid future integer truncation.
Added regression coverage for CSP behavior, signed-link UI gating, route/IP rate-limit keys, and metrics saturation.
Verified with formatting, release metadata checks, documentation checks, security invariant checks, clippy, unit tests, cargo-deny, cargo-audit, and local runtime smoke tests.
You can’t perform that action at this time.