From a72e133453929e5d6611c15a25f190689bed731f Mon Sep 17 00:00:00 2001
From: longieirl <noreply@github.com>
Date: Mon, 4 May 2026 11:41:46 +0100
Subject: [PATCH] fix(sec): bump to v0.1.5, document CVE-2026-31789 fix (closes
 #164)

- Bump version 0.1.4 -> 0.1.5 in all 3 version files
- Add CHANGELOG entry for 3 critical OpenSSL CVEs (CVE-2026-31789)
  affecting libssl3t64, openssl, openssl-provider-legacy
- Dockerfile apt-get upgrade already pulls openssl 3.5.5-1~deb13u2 fix
  on rebuild; no Dockerfile change needed
---
 CHANGELOG.md                                               | 7 +++++++
 packages/parser-core/pyproject.toml                        | 2 +-
 .../parser-core/src/bankstatements_core/__version__.py     | 4 ++--
 packages/parser-free/pyproject.toml                        | 2 +-
 4 files changed, 11 insertions(+), 4 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 7267b6e..841d12b 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -9,6 +9,13 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
 
 ---
 
+## [0.1.5] — 2026-05-04
+
+### Security
+- **CVE-2026-31789** (`#164`) — Rebuilt production Docker image to pick up `openssl 3.5.5-1~deb13u2` patch, which resolves 3 critical heap-buffer-overflow findings (`libssl3t64`, `openssl`, `openssl-provider-legacy`). The existing `apt-get upgrade -y` in the production stage pulls the patched packages automatically on every rebuild; the previous `:latest` image predated the Debian fix release. Trivy gate in CI confirms 0 critical vulnerabilities post-rebuild.
+
+---
+
 ## [0.1.4] — 2026-05-01
 
 ### Security
diff --git a/packages/parser-core/pyproject.toml b/packages/parser-core/pyproject.toml
index e286710..5db3315 100644
--- a/packages/parser-core/pyproject.toml
+++ b/packages/parser-core/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "bankstatements-core"
-version = "0.1.4"
+version = "0.1.5"
 description = "Core PDF bank statement parsing library"
 readme = "README.md"
 requires-python = ">=3.11"
diff --git a/packages/parser-core/src/bankstatements_core/__version__.py b/packages/parser-core/src/bankstatements_core/__version__.py
index 3fd732f..c82efe7 100644
--- a/packages/parser-core/src/bankstatements_core/__version__.py
+++ b/packages/parser-core/src/bankstatements_core/__version__.py
@@ -2,5 +2,5 @@
 
 from __future__ import annotations
 
-__version__ = "0.1.4"
-__version_info__ = (0, 1, 4)
+__version__ = "0.1.5"
+__version_info__ = (0, 1, 5)
diff --git a/packages/parser-free/pyproject.toml b/packages/parser-free/pyproject.toml
index 4c9f25f..fa82ca7 100644
--- a/packages/parser-free/pyproject.toml
+++ b/packages/parser-free/pyproject.toml
@@ -1,6 +1,6 @@
 [project]
 name = "bankstatements-free"
-version = "0.1.4"
+version = "0.1.5"
 description = "Free-tier CLI for bankstatements-core PDF bank statement processor"
 readme = "README.md"
 requires-python = ">=3.11"