Skip to content

Commit 93c200c

Browse files
gvonness-apoliticalgvonness-apolitical
authored
Merge pull request #105 from Entrolution/fix/deferred-review-items
Fix deferred codebase review items
2 parents 9b9d7e2 + ed09d39 commit 93c200c

45 files changed

Lines changed: 4761 additions & 231 deletions

Some content is hidden

Large Commits have some content hidden by default. Use the searchbox below for content that may be hidden.

.github/workflows/ci.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -190,7 +190,7 @@ jobs:
190190
run: cargo install cargo-audit --locked || true
191191

192192
- name: Audit dependencies
193-
run: cargo audit --ignore RUSTSEC-2023-0071
193+
run: cargo audit --ignore RUSTSEC-2023-0071 --ignore RUSTSEC-2026-0037
194194

195195
- name: Install cargo-deny
196196
run: cargo install cargo-deny --locked || true

.github/workflows/publish.yml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -46,7 +46,7 @@ jobs:
4646
run: cargo install cargo-audit --locked || true
4747

4848
- name: Audit dependencies
49-
run: cargo audit --ignore RUSTSEC-2023-0071
49+
run: cargo audit --ignore RUSTSEC-2023-0071 --ignore RUSTSEC-2026-0037
5050

5151
- name: Install cargo-deny
5252
run: cargo install cargo-deny --locked || true

.gitignore

Lines changed: 0 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,6 +1,5 @@
11
# Generated by Cargo
22
/target/
3-
Cargo.lock
43

54
# IDE
65
.idea/

CHANGELOG.md

Lines changed: 49 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -7,6 +7,53 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
77

88
## [Unreleased]
99

10+
## [0.7.1] - 2026-03-13
11+
12+
### Fixed
13+
14+
#### Correctness
15+
- Clear stale `manifest.security` ref when writing a document with no signatures or encryption
16+
- Map ZIP `FileNotFound` errors to `MissingFile` and other ZIP errors to `InvalidArchive` (was mapping all to `MissingFile`)
17+
- Improve freeze error message to mention `set_lineage` for root documents
18+
19+
#### Document Mutation Consistency
20+
- Update `modified` timestamp in `define_extension_accessors!` macro (`set_*`, `clear_*`, `*_mut` methods)
21+
- Update `modified` timestamp in `set_encryption` and `clear_encryption`
22+
23+
#### Security
24+
- Add `zeroize` crate for key material cleanup on drop (`Aes256GcmEncryptor`, `ChaCha20Poly1305Encryptor`, `Pbes2KeyWrapper`, `Pbes2KeyUnwrapper`, `MlDsaSigner` seed)
25+
- Enforce PBKDF2 iteration bounds (10,000 - 10,000,000) in `Pbes2KeyWrapper::new` and `Pbes2KeyUnwrapper::unwrap`
26+
- Fix `permissions_for` to check specific User/Group/Role grants before `Everyone` wildcard
27+
- Correct error variants: 7 security modules switched from `invalid_manifest()` to `SignatureError`
28+
- Propagate OCSP/CRL errors in revocation checker instead of silently falling through
29+
30+
#### Validation
31+
- Validate subfigure blocks and IDs in `validate_figure`
32+
- Clamp heading level to 1-6 on deserialization (was accepting any u8)
33+
- Add `PartialDate` validation: month 1-12, day 1-31 (on deserialization and via `try_year_month`/`try_full`)
34+
35+
#### CLI
36+
- Add warning that content-level encrypt/decrypt is not yet implemented
37+
- Return non-zero exit code from `add-timestamp` (was `Ok(())` for unimplemented feature)
38+
- Replace `std::process::exit(1)` with `anyhow::bail!` in `prove` and `timestamp` commands
39+
- Return non-zero exit code from disabled-feature JSON paths in `decrypt`, `timestamp`
40+
- Fix `truncate_token` to use char-boundary-safe truncation (was byte-indexing)
41+
42+
#### API
43+
- Implement recursive `get_mut` for `CommentThread` (now finds nested replies, was top-level only)
44+
- Fix OTS `verify_timestamp` to return `valid: false` for unverified proofs (was `true`)
45+
- Fix Ethereum `verify_offline` to set `hash_matches: false` (offline cannot verify on-chain data)
46+
- Update `matches_document` doc to clarify it only checks token presence
47+
48+
### Added
49+
- `PartialDate::try_year_month` and `PartialDate::try_full` fallible constructors
50+
- `Pbes2KeyWrapper::MIN_ITERATIONS` and `MAX_ITERATIONS` constants
51+
- `merge_styles` regression test covering all 35 `Style` fields
52+
- Tests for stale security ref, lineage error, mutation timestamps, subfigure validation, heading clamping, PBKDF2 bounds, permissions specificity, recursive thread `get_mut`
53+
54+
### Changed
55+
- **Breaking:** `Pbes2KeyWrapper::new` now returns `Result` (validates iteration bounds)
56+
1057
## [0.7.0] - 2026-02-16
1158

1259
### Changed
@@ -310,7 +357,8 @@ Initial release implementing Codex Document Format Specification v0.1.
310357
- `sign_document` - Sign a document with ES256
311358
- `extract_content` - Extract text content from blocks
312359

313-
[Unreleased]: https://github.com/Entrolution/cdx-core/compare/v0.7.0...HEAD
360+
[Unreleased]: https://github.com/Entrolution/cdx-core/compare/v0.7.1...HEAD
361+
[0.7.1]: https://github.com/Entrolution/cdx-core/compare/v0.7.0...v0.7.1
314362
[0.7.0]: https://github.com/Entrolution/cdx-core/compare/v0.6.0...v0.7.0
315363
[0.6.0]: https://github.com/Entrolution/cdx-core/compare/v0.5.0...v0.6.0
316364
[0.5.0]: https://github.com/Entrolution/cdx-core/compare/v0.4.0...v0.5.0

0 commit comments

Comments
 (0)