From 9a17e6b86760e1d05f1ae366e00e6ad27225400c Mon Sep 17 00:00:00 2001 From: Aleksa Sarai Date: Mon, 13 Jan 2025 15:01:55 +1100 Subject: [PATCH] VERSION: release v0.4.0 Signed-off-by: Aleksa Sarai --- CHANGELOG.md | 8 +++++++- VERSION | 2 +- 2 files changed, 8 insertions(+), 2 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index e7b01ba..5bcd65c 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -6,6 +6,8 @@ and this project adheres to [Semantic Versioning](http://semver.org/). ## [Unreleased] ## +## [0.4.0] - 2025-01-13 ## + ### Breaking #### - `SecureJoin(VFS)` will now return an error if the provided `root` is not a `filepath.Clean`'d path. @@ -22,6 +24,9 @@ and this project adheres to [Semantic Versioning](http://semver.org/). necessarily a breaking API change (though we expect no real users to be affected by it). + Thanks to [Erik Sjölund](https://github.com/eriksjolund), who initially + reported this issue as a possible security issue. + - `MkdirAll` and `MkdirHandle` now take an `os.FileMode`-style mode argument instead of a raw `unix.S_*`-style mode argument, which may cause compile-time type errors depending on how you use `filepath-securejoin`. For most users, @@ -223,7 +228,8 @@ This is our first release of `github.com/cyphar/filepath-securejoin`, containing a full implementation with a coverage of 93.5% (the only missing cases are the error cases, which are hard to mocktest at the moment). -[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.6...HEAD +[Unreleased]: https://github.com/cyphar/filepath-securejoin/compare/v0.4.0...HEAD +[0.4.0]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.6...v0.4.0 [0.3.6]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.5...v0.3.6 [0.3.5]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.4...v0.3.5 [0.3.4]: https://github.com/cyphar/filepath-securejoin/compare/v0.3.3...v0.3.4 diff --git a/VERSION b/VERSION index 8b4b937..1d0ba9e 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -0.3.6+dev +0.4.0