Skip to content

Release v0.7.0
Compare
Choose a tag to compare
@TristonianJones TristonianJones released this 12 Oct 04:40
· 1288 commits to master since this release
v0.7.0
89d81b2
This commit was created on GitHub.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

This release is primarily focused on security hardening and dead code elimination.

Fixes

  • Limit the number of characters that may be read when attempting error recovery (635951c)
  • Set the default comprehension iteration limit to 10000 (83fb851)
  • Check all arithmetic operations and type conversions for overflow (99ebd43)
  • Reject Timestamp values outside the string-expressible range
  • Reject Duration values which cannot be expressed within an int64 value
  • Heap buffer overrun for specialized binary and ternary operators (dfe31a4)
  • Ensure only valid map keys are supported in CreateStruct (3261a58)

Cleanups

This release also removes dependencies on the v1beta1 protos and deletes a lot of
related code which was otherwise used within CEL.

Assets 2
Loading