Releases: cyphar/filepath-securejoin
v0.2.4
This release fixes a potential security issue in filepath-securejoin
when used on Windows (GHSA-6xv5-86q9-7xr8, which could be used to
generate paths outside of the provided rootfs in certain cases), as well
as improving the overall behaviour of filepath-securejoin when dealing
with Windows paths that contain volume names. Thanks to Paulo Gomes for
discovering and fixing these issues.
In addition, we've switched (at long last) to GitHub Actions and have
continuous integration testing on Linux, MacOS, and Windows.
Thanks to the following contributors for making this release possible:
- Aleksa Sarai [email protected]
- Paulo Gomes [email protected]
Signed-off-by: Aleksa Sarai [email protected]
v0.2.3
cyphar
Aleksa Sarai
8f267f5
cyphar
Aleksa Sarai
This release removes the dependency on github.com/pkg/errors in favour
of Go's built-in %w error wrapping support (available since Go 1.13).
Thanks to the following contributors for making this release possible:
- Aleksa Sarai [email protected]
- Jakub Wilk [email protected]
- Kir Kolyshkin [email protected]
Signed-off-by: Aleksa Sarai [email protected]
v0.2.2
This release just has a minor change to how symlink loops are indicated
to users (as a wrapped syscall.ELOOP rather than our own special error
message) so that users can just use errors.Cause and not care about our
error variable.
Signed-off-by: Aleksa Sarai [email protected]
v0.2.1
This version adds our own IsNotExist implementation, which is necessary
for handling ENOTDIR properly with SecureJoin.
Signed-off-by: Aleksa Sarai [email protected]
v0.2.0
This now has 100% test coverage, as well as providing a mockable
SecureJoinVFS API that can be used by end-users.
Signed-off-by: Aleksa Sarai [email protected]
v0.1.0
First release of filepath-securejoin, containing a full implementation
with a coverage of 93.5% (the only missing cases are the error cases,
which are hard to mocktest).
Signed-off-by: Aleksa Sarai [email protected]