This release refactors and hardens the streaming encoder by adding stricter checks for encoding CBOR indefinite-length data. Other changes include minor bugfixes, defensive checks, and more tests.
Projects that don't use CBOR indefinite-length data may also want to upgrade (summary of prior releases).
The stricter checks in the encoder prevent improper use of the library and bad inputs from producing malformed CBOR indefinite-length data that would be rejected by the decoder.
This release passed fuzz tests (billions of execs) and it is production quality.
What's Changed
- Reject encoding indefinite-length map with odd item count by @fxamacker in #764
- Reject encoding indefinite-length data item as a chunk inside indefinite-length byte string or text string by @fxamacker in #765
- Make TagSet.Remove a no-op when contentType is nil by @fxamacker in #766
- Refactor indefinite-length encoding and improve chunk validation during encoding by @fxamacker in #767
- Add more tests, fix a nit in unreachable panic message, update docs & ci by @fxamacker in #768
CI / GitHub Actions and Docs
🔎 Details...
- Bump actions/setup-go from 6.3.0 to 6.4.0 by @dependabot[bot] in #760
- Bump github/codeql-action from 4.34.1 to 4.35.1 by @dependabot[bot] in #761
- Bump github/codeql-action from 4.35.1 to 4.35.2 by @dependabot[bot] in #763
- Update README for v2.9.2 release by @fxamacker in #769
Full Changelog: v2.9.1...v2.9.2
Contributors
dependabot and fxamacker