Skip to content

v0.3.7 — Security hardening, legacy separation, crash prevention #56

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
ApiliumDevTeam merged 12 commits into from
Mar 7, 2026
Merged

v0.3.7 — Security hardening, legacy separation, crash prevention #56

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
12 commits
Select commit Hold shift + click to select a range
7820066
fix: use axum 0.8 path parameter syntax {param} instead of :param
ApiliumDevTeam Mar 7, 2026
ac2a784
fix: remaining axum path params + jsonwebtoken crypto provider
ApiliumDevTeam Mar 7, 2026
1762d13
fix: resolve 6 audit findings for clean release
ApiliumDevTeam Mar 7, 2026
5c503e5
security: upgrade rusqlite 0.25 → 0.32 (CVE-2022-35737) + audit config
ApiliumDevTeam Mar 7, 2026
3a5a6f6
refactor: decouple product workspace from legacy Holochain crates
ApiliumDevTeam Mar 7, 2026
67d42ad
security: harden Córtex API server against OWASP top-10 vectors
ApiliumDevTeam Mar 7, 2026
30fbca1
security: real Ed25519 signatures and TLS verification in aingle_minimal
ApiliumDevTeam Mar 7, 2026
5f2d8fd
security: constant-time comparisons for ZK proof verification
ApiliumDevTeam Mar 7, 2026
fbc78a9
security: gas metering and input validation in smart contracts runtime
ApiliumDevTeam Mar 7, 2026
c935fe0
fix: doc-test imports and hanging test in hope_agents and aingle_viz
ApiliumDevTeam Mar 7, 2026
2cd8370
chore: bump all product crate versions to 0.3.7
ApiliumDevTeam Mar 7, 2026
c4e36a3
Merge pull request #55 from ApiliumCode/fix/axum-path-params
ApiliumDevTeam Mar 7, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
25 changes: 25 additions & 0 deletions .cargo/audit.toml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,25 @@
# Cargo audit configuration for AIngle
# https://rustsec.org/

[advisories]
# Advisories to ignore in product crates
ignore = [
# rsa 0.9.10 — Marvin Attack timing sidechannel (no upstream fix)
# Pulled in by jsonwebtoken 10.x; JWT auth uses HMAC/EdDSA, not RSA decryption
"RUSTSEC-2023-0071",

# bincode 2.0.1 — unmaintained advisory, still functional (aingle_graph)
"RUSTSEC-2025-0141",

# async-std — unmaintained (transitive via async-tungstenite in aingle_minimal)
"RUSTSEC-2025-0052",

# fxhash — unmaintained (transitive via sled in aingle_graph)
"RUSTSEC-2025-0057",

# instant — unmaintained (transitive via sled → parking_lot 0.11)
"RUSTSEC-2024-0384",

# paste — unmaintained (transitive via wasmer and candle-core/gemm)
"RUSTSEC-2024-0436",
]
Loading
Loading