You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+12-10Lines changed: 12 additions & 10 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -4,17 +4,11 @@ All notable changes to `script-development/kendo-error-tracker` are documented i
4
4
5
5
The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and the project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
6
6
7
-
## [Unreleased]
7
+
## [0.1.0] — 2026-06-08
8
8
9
-
### Fixed
10
-
11
-
-**BSN scrub gaps (KD-0885, C-1):** the bare 9-digit pattern missed grouped forms (`123.456.782`, `123 456 782`, `123-456-782`) and BSNs embedded in a longer digit run (`0612345678`). The pattern now matches grouped separators and any run of 9-or-more digits. Tradeoff: increased over-redaction of legit 9+-digit IDs until the elfproef (11-proef) validator lands (v1.5).
12
-
-**Email IDN / unicode leak (KD-0885, H-1):** the ASCII-only email pattern leaked IDN domains (`jan@müller.nl`) and unicode local parts. The pattern now uses the `u` flag and `\p{L}\p{N}` classes. Quoted local parts with an internal space remain out of scope (documented).
13
-
-**Bearer credential reuse leak (KD-0885, H-2):** a credential redacted in a `Bearer <token>` value leaked again where the same value reappeared unprefixed (`token=<same>`). The Bearer scrub now captures the credential and redacts every bare reuse across the string. The `eyJ`-header requirement for JWT detection is documented as an explicit scope boundary.
14
-
-**Timeout disabled by zero/negative config (KD-0885, H-3):**`ErrorTracker::configFloat()` accepted `0`/negative numeric timeouts (Guzzle-infinite), so a hung kendo host could block the caller in sync mode. A non-positive numeric now floors to the default for both `connect_timeout` and `timeout`.
15
-
-**Bearer over-redaction (KD-0885, M-4):** the Bearer credential class included `/` and matched across newlines, so `Bearer /api/v1/users/123` ate the whole path. The class now drops `/` and bounds whitespace to horizontal characters.
16
-
17
-
## [0.1.0] — 2026-06-06
9
+
Inaugural public release. The KD-0885 scrubber hardening below landed before
10
+
first publish, so `0.1.0` is the first version available on packagist and the
11
+
pre-hardening code was never distributed.
18
12
19
13
### Added
20
14
@@ -26,3 +20,11 @@ The format follows [Keep a Changelog](https://keepachangelog.com/en/1.1.0/), and
26
20
- Scrubbing layer redacting JWT, `Bearer` tokens, BSN, and email addresses from the message and stack trace before send.
27
21
- Exact `base_path()` path normalization of each stack frame (mirrors `laravel/nightwatch`'s `Location::normalizeFile()`) for host-stable fingerprints.
28
22
- POST to `{kendo_url}/api/projects/{project}/error-events` with Bearer auth and the `{environment, release?, exception_class, message, stack_trace}` body; treats `202` as success and swallows every failure (timeout, `401`/`403`/`422`, `5xx`, unreachable host).
23
+
24
+
### Fixed
25
+
26
+
-**BSN scrub gaps (KD-0885, C-1):** the bare 9-digit pattern missed grouped forms (`123.456.782`, `123 456 782`, `123-456-782`) and BSNs embedded in a longer digit run (`0612345678`). The pattern now matches grouped separators and any run of 9-or-more digits. Tradeoff: increased over-redaction of legit 9+-digit IDs until the elfproef (11-proef) validator lands (v1.5).
27
+
-**Email IDN / unicode leak (KD-0885, H-1):** the ASCII-only email pattern leaked IDN domains (`jan@müller.nl`) and unicode local parts. The pattern now uses the `u` flag and `\p{L}\p{N}` classes. Quoted local parts with an internal space remain out of scope (documented).
28
+
-**Bearer credential reuse leak (KD-0885, H-2):** a credential redacted in a `Bearer <token>` value leaked again where the same value reappeared unprefixed (`token=<same>`). The Bearer scrub now captures the credential and redacts every bare reuse across the string. The `eyJ`-header requirement for JWT detection is documented as an explicit scope boundary.
29
+
-**Timeout disabled by zero/negative config (KD-0885, H-3):**`ErrorTracker::configFloat()` accepted `0`/negative numeric timeouts (Guzzle-infinite), so a hung kendo host could block the caller in sync mode. A non-positive numeric now floors to the default for both `connect_timeout` and `timeout`.
30
+
-**Bearer over-redaction (KD-0885, M-4):** the Bearer credential class included `/` and matched across newlines, so `Bearer /api/v1/users/123` ate the whole path. The class now drops `/` and bounds whitespace to horizontal characters.
0 commit comments