Skip to content

stronghold-engine v2.0.0-rc.0
Compare
Choose a tag to compare
@github-actions github-actions released this 03 Jul 12:59
stronghold-engine-v2.0.0-rc.0
87d0ae0
This commit was created on github.com and signed with GitHub’s verified signature. The key has expired.
GPG key ID: 4AEE18F83AFDEB23
Expired
Learn about vigilant mode.

Updating crates.io index

Cargo Audit

\`
Fetching advisory database from https://github.com/RustSec/advisory-db.git
Loaded 553 security advisories (from /home/runner/.cargo/advisory-db)
Updating crates.io index
Scanning Cargo.lock for vulnerabilities (258 crate dependencies)
Crate: json
Version: 0.12.4
Warning: unmaintained
Title: json is unmaintained
Date: 2022-02-01
ID: RUSTSEC-2022-0081
URL: https://rustsec.org/advisories/RUSTSEC-2022-0081
Dependency tree:
json 0.12.4
└── stronghold_engine 2.0.0-rc.0
├── stronghold_native 0.1.0
└── iota_stronghold 2.0.0-rc.0
├── stronghold_native 0.1.0
└── stronghold-derive 1.0.0
├── stronghold-utils 1.0.0
│ ├── stronghold_engine 2.0.0-rc.0
│ └── iota_stronghold 2.0.0-rc.0
└── iota_stronghold 2.0.0-rc.0

Crate: atty
Version: 0.2.14
Warning: unsound
Title: Potential unaligned read
Date: 2021-07-04
ID: RUSTSEC-2021-0145
URL: https://rustsec.org/advisories/RUSTSEC-2021-0145
Dependency tree:
atty 0.2.14
├── env_logger 0.9.3
│ ├── stronghold_native 0.1.0
│ ├── stronghold-runtime 2.0.0-rc.0
│ │ └── stronghold_engine 2.0.0-rc.0
│ │ ├── stronghold_native 0.1.0
│ │ └── iota_stronghold 2.0.0-rc.0
│ │ ├── stronghold_native 0.1.0
│ │ └── stronghold-derive 1.0.0
│ │ ├── stronghold-utils 1.0.0
│ │ │ ├── stronghold_engine 2.0.0-rc.0
│ │ │ └── iota_stronghold 2.0.0-rc.0
│ │ └── iota_stronghold 2.0.0-rc.0
│ └── iota_stronghold 2.0.0-rc.0
├── criterion 0.4.0
│ ├── stronghold_engine 2.0.0-rc.0
│ ├── stronghold-runtime 2.0.0-rc.0
│ └── iota_stronghold 2.0.0-rc.0
└── clap 3.2.25
├── iota_stronghold 2.0.0-rc.0
└── criterion 0.4.0

warning: 2 allowed warnings found
\`

[2.0.0-rc.0]

  • 12ce12fe Secp256k1 ECDSA + SLIP-10 support added.
    Bump iota-crypto version to 0.21.2.
  • 1e72f00f(#474) Upgraded snapshot format to age-encryption.org/v1 with password-based recipient stanza. This resolves the issue with the previous snapshot format encryption being insecure if used with weak passwords. Snapshot encryption doesn't use associated data.
    Added sensitive data zeroization which would otherwise leak in stack and heap memory in plaintext after use.
    KeyProvider unsafe constructors with_passphrase_truncated, with_passphrase_hashed_argon2 were removed, with_passphrase_hashed constructor should be used instead.
  • 988a9d1f(#477) Added snapshot encryption work factor public access. It should only be used in tests to decrease snapshot encryption/decryption times. It must not be used in production as low values of work factor might lead to secrets/seeds leakage.

Cargo Publish

\`
Updating crates.io index
Packaging stronghold_engine v2.0.0-rc.0 (/home/runner/work/stronghold.rs/stronghold.rs/engine)
Packaged 47 files, 180.6KiB (52.0KiB compressed)
Uploading stronghold_engine v2.0.0-rc.0 (/home/runner/work/stronghold.rs/stronghold.rs/engine)
warning: the following are not valid category slugs and were ignored: security. Please see https://crates.io/category_slugs for the list of all category slugs.
Uploaded stronghold_engine v2.0.0-rc.0 to registry crates-io
note: Waiting for stronghold_engine v2.0.0-rc.0 to be available at registry crates-io.
You may press ctrl-c to skip waiting; the crate should be available shortly.
Published stronghold_engine v2.0.0-rc.0 at registry crates-io
\`

Assets 2
Loading