cbor v1.3.1 Release NotesRelease Date: 2019-11-24 // over 1 year ago
🚀 Release v1.3.1 (Nov 24, 2019)
Issue #46 resulted in filing an errata to RFC 7049 (CBOR) after the same mistake was found in both 7049 and Wikipedia. RFC 7049 author (cabo) confirmed within an hour directly in #46 which was super nice of him.
I'll let fuzzing continue for 1-10 days, due in part to issue #46 and initial valid fuzzing corpus. Maybe it'll generate fewer corpus files this time to reach a good stopping point.
🛠 Most users of v1.3.0 won't notice any practical difference from these bugfixes. They involve data validation rules and an obscure difference in sorting rule for canonical encoding.
🔄 Changes include:
- 🛠 Fix: Relax decoding restriction on CBOR int to Go float (commit 71ea0c5)
- 🛠 Fix: Separate CTAP2 and RFC 7049 canonical encoding (commit 7164aa3)
- 🛠 Fix: Reject indefinite-length byte/text string if chunks are indefinite-length (commit a4adae8)
- 🛠 Fix: Reject CBOR primitive 2-byte simple value < 32 (commit aa44241)
🚀 This release passed 877k+ executions (19 hours, and still running) of coverage-guided fuzzing using fxamacker/cbor-fuzz.
workers: 2, corpus: 403 (48s ago), crashers: 0, restarts: 1/10000, execs: 877930249 (12405/sec), cover: 1501, uptime: 19h39m