Releases: bug-ops/exarch
Releases · bug-ops/exarch
Release v0.2.9
- release: v0.2.9 (#139) (0892a36)
- fix: skip duplicate archive entries instead of aborting extraction (#129) (#137) (4eae1d3)
- test: add CVE-2025-29787 regression test (ZIP symlink zip-slip) (#138) (dc1a4af)
- test: add CVE-2026-24842 regression test for hardlink root-anchor validation (#136) (3f3bf1f)
- test: add regression fixture for RUSTSEC-2026-0067 symlink+dir chmod (#132) (#135) (a33c2a8)
- fix: copy hardlink content instead of creating OS hardlinks in TAR extraction (#130) (#134) (8f7b246)
- fix: expose allow_solid_archives in Python and Node.js bindings (#127) (#128) (1e153bd)
- fix: propagate --allow-solid-archives to conflict-detection list step (#126) (11d85ac)
- fix: handle empty 7z archives and solid archive false positives (#117, #118, #119) (#123) (deba326)
- fix: add --max-files and --max-total-size flags to list and verify commands (#125) (7876816)
- test: expand 7z list/verify coverage (path traversal, quota, entry types) (#120) (3613bb9)
- fix: close two-hop symlink chain bypass in SafeSymlink/SafeHardlink (#116) (#121) (a5562b9)
- feat: implement list and verify for 7z archives (#79) (#115) (0f2c28c)
- fix: upgrade tar to 0.4.45 and accept ./ root entries in TAR archives (#114) (faf3ad7)
- chore(deps): bump zip from 8.2.0 to 8.3.1 in the minor-and-patch group (#111) (f67ffd7)
- chore(deps): bump tar from 0.4.44 to 0.4.45 (#110) (96efd64)
- chore: bump dorny/paths-filter from 3 to 4 (#109) (c7deec3)
Installation
Rust
[dependencies]
exarch-core = "0.2.9"Python
pip install exarch==0.2.9Node.js
npm install exarch-rs@0.2.9Artifacts
Release v0.2.8
- release: v0.2.8 (#107) (4cda496)
- fix: reject path traversal entries in TAR list command (#104) (#108) (8199757)
- feat: partial extraction reporting and --atomic flag (#89) (#105) (83a96fd)
- test: add CVE regression tests for CVE-2024-12718, CVE-2024-12905, CVE-2025-48387 (#106) (9f56808)
- test: increase formats/zip.rs and formats/traits.rs coverage to >=85% (#103) (0c091e9)
- feat: auto-create destination directory on extract (#102) (6af588d)
- fix: enforce exact sanitized permissions after extraction, bypassing umask (#101) (c1ce147)
- chore: update yanked transitive crates (js-sys, wasm-bindgen, web-sys) (#100) (e4ff4fd)
- chore: remove stale RUSTSEC-2025-0119 entry from deny.toml (#99) (3bde41b)
- fix: list command returns SecurityViolation for encrypted ZIP (#96) (#98) (e1f37d0)
- fix: emit JSON error on --json flag when extraction fails (#95) (b4efb33)
- fix: strip world-writable bit; add --allow-world-writable flag (#84) (#94) (7721953)
- fix: report correct file count in list quota error message (#93) (7acdc66)
- fix: encrypted ZIP reports SecurityViolation instead of misleading corruption hint (#92) (d4c7930)
- fix: strip file-type bits from ZIP external_attributes in list -l output (#90) (2f0b3c3)
- fix: honor --force flag in extract subcommand (#88) (0295699)
- fix: use entry.size() for TAR quota enforcement to prevent PAX size bypass (#85) (27ce089)
- fix: add missing SecurityConfig properties to Python type stubs (#81) (cdaf338)
- chore(deps): bump the minor-and-patch group with 3 updates (#73) (282e9bd)
Installation
Rust
[dependencies]
exarch-core = "0.2.8"Python
pip install exarch==0.2.8Node.js
npm install exarch-rs@0.2.8Artifacts
Release v0.2.7
Release v0.2.6
- chore: release v0.2.6 (#68) (9590a30)
- fix: statically link lzma on macOS to avoid missing Homebrew dylib (#67) (749fe91)
- chore: bump actions/download-artifact from 7 to 8 (#64) (06f352a)
- chore: bump actions/upload-artifact from 6 to 7 (#63) (cf642bf)
- chore(deps): bump the minor-and-patch group with 2 updates (#65) (01c4f0c)
Installation
Rust
[dependencies]
exarch-core = "0.2.6"Python
pip install exarch==0.2.6Node.js
npm install exarch-rs@0.2.6Artifacts
Release v0.2.5
Release v0.2.4
- chore: release v0.2.4 (#59) (f69abad)
- fix: include test-python and test-node in ci-success gate (#58) (63f505f)
- fix: add Python 3.9-3.13 CI testing and abi3 wheels (#57) (182df9c)
- perf: eliminate duplicate by_index() call in ZIP extraction (#54) (928d14a)
- perf: optimize SafePath::validate canonicalization (50% faster) (#53) (3d5243b)
- feat(bench): add dhat heap profiling examples (#49) (a9d2767)
Installation
Rust
[dependencies]
exarch-core = "0.2.4"Python
pip install exarch==0.2.4Node.js
npm install exarch-rs@0.2.4Artifacts
Release v0.2.3
- chore: release v0.2.3 (#48) (32582d2)
- fix(deps): update zip 7.4.0 to resolve CVE-2026-25727 in time (#47) (355d2e4)
- feat(ci): add Python musllinux wheel builds (#46) (696a162)
- chore(deps): update dependencies and migrate biome config (#44) (8e34b85)
- chore(deps): bump pyo3 from 0.27.2 to 0.28.0 (#43) (f021c9c)
- chore(deps): bump clap in the minor-and-patch group (#42) (3c64e35)
- chore: bump lewagon/wait-on-check-action from 1.3.4 to 1.5.0 (#41) (3d957dd)
- chore(deps): bump zip from 7.1.0 to 7.2.0 in the minor-and-patch group (#40) (aae3653)
- ci: add dependabot auto-merge workflow (638f237)
- chore(deps): bump the minor-and-patch group with 2 updates (#39) (5df6cea)
- chore: update Cargo.lock (377a6f2)
- chore(deps): bump the minor-and-patch group with 3 updates (3044182)
- chore: bump softprops/action-gh-release from 1 to 2 (ccd2b6b)
- chore: bump actions/upload-artifact from 4 to 6 (b23a017)
- chore: bump astral-sh/setup-uv from 4 to 7 (0ecb978)
- chore: bump codecov/codecov-action from 4 to 5 (33f46e3)
- chore: bump actions/download-artifact from 4 to 7 (b8f7387)
- docs: add contributing guidelines and GitHub templates (f8cc3ca)
Installation
Rust
[dependencies]
exarch-core = "0.2.3"Python
pip install exarch==0.2.3Node.js
npm install exarch-rs@0.2.3Artifacts
Release v0.2.2
- chore: bump Node.js and Python package versions to 0.2.2 (06cd33e)
- chore: update Cargo.lock (7ab907e)
- fix(core): mark internal DirCache as pub(crate) and ignore doc examples (d4763cc)
- chore: release 0.2.2 (5bb10c8)
- docs: update benchmarks and READMEs with v0.2.1 results (f40b142)
- perf(core): add atomic permission setting for file creation (10febe9)
- perf(core): add directory caching for extraction optimization (bf0a3a0)
- docs: add benchmark results and performance section (d370148)
- feat: add comprehensive benchmark suite (fb75ffc)
Installation
Rust
[dependencies]
exarch-core = "0.2.2"Python
pip install exarch==0.2.2Node.js
npm install exarch-rs@0.2.2Artifacts
Release v0.2.1
- chore: release 0.2.1 (9f4fd48)
- chore: remove outdated TODO comment from Cargo.toml (ef6533d)
- refactor(core): remove verbose comments (ae25ff5)
- refactor(core): remove unused zip creation function (2cb2bdc)
- refactor(core): remove unused extraction module (7f8c8d8)
Installation
Rust
[dependencies]
exarch-core = "0.2.1"Python
pip install exarch==0.2.1Node.js
npm install exarch-rs@0.2.1Artifacts
Release v0.2.0
- chore: release 0.2.0 (4c77324)
- feat(core): enhance encrypted archive error message (Phase 10.6) (5c9ecc1)
- feat(core): add symlink and hardlink detection for 7z archives (Phase 10.5) (348ed04)
- feat(core): add solid archive support with memory limits (Phase 10.4) (47714b1)
- fix(docs): change doctest to no_run to skip file-dependent test (b7c999a)
- fix(core): resolve 8 blocker issues in 7z extraction (Phase 10.3) (6b25880)
- feat: implement 7z extraction with security validation (Phase 10.3) (bb04d66)
- fix(docs): add backticks around format_name in doc comment (c7b6924)
- feat(core): implement 7z validation and entry processing (Phase 10.2) (81386e4)
- refactor: consolidate workspace dependencies into single alphabetical list (f25d387)
- feat(core): add 7z format support foundation (Phase 10.1) (4c2e357)
- refactor(core): consolidate test helpers into shared module (DRY Phase 3) (616258a)
- refactor(core): consolidate archive creation helpers (DRY Phase 2) (9d116c7)
- fix(core): move create_dir_all import to cfg(unix) block for Windows compatibility (8a5ed7d)
- fix(core): remove invalid doctest from private common module (be3e6b9)
- refactor(core): unify file extraction and FFI error handling (DRY Phase 1) (3f9386f)
Installation
Rust
[dependencies]
exarch-core = "0.2.0"Python
pip install exarch==0.2.0Node.js
npm install exarch-rs@0.2.0