cbor v1.3.1 Release Notes
Release Date: 2019-11-24 // over 4 years ago-
๐ Release v1.3.1 (Nov 24, 2019)
Issue #46 resulted in filing an errata to RFC 7049 (CBOR) after the same mistake was found in both 7049 and Wikipedia. RFC 7049 author (cabo) confirmed within an hour directly in #46 which was super nice of him.
I'll let fuzzing continue for 1-10 days, due in part to issue #46 and initial valid fuzzing corpus. Maybe it'll generate fewer corpus files this time to reach a good stopping point.
๐ Most users of v1.3.0 won't notice any practical difference from these bugfixes. They involve data validation rules and an obscure difference in sorting rule for canonical encoding.
๐ Changes include:
- ๐ Fix: Relax decoding restriction on CBOR int to Go float (commit 71ea0c5)
- ๐ Fix: Separate CTAP2 and RFC 7049 canonical encoding (commit 7164aa3)
- ๐ Fix: Reject indefinite-length byte/text string if chunks are indefinite-length (commit a4adae8)
- ๐ Fix: Reject CBOR primitive 2-byte simple value < 32 (commit aa44241)
๐ This release passed 877k+ executions (19 hours, and still running) of coverage-guided fuzzing using fxamacker/cbor-fuzz.
workers: 2, corpus: 403 (48s ago), crashers: 0, restarts: 1/10000, execs: 877930249 (12405/sec), cover: 1501, uptime: 19h39m