You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Copy file name to clipboardExpand all lines: CHANGELOG.md
+25-19Lines changed: 25 additions & 19 deletions
Display the source diff
Display the rich diff
Original file line number
Diff line number
Diff line change
@@ -9,34 +9,40 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
9
9
10
10
## [Unreleased]
11
11
12
+
## [0.0.4] - 2025-08-03
13
+
12
14
### Added
13
-
- Virtual root display: Jailed paths now always display as starting from the jail root, using forward slashes (`/`) on all platforms.
14
-
- Internal type-state engine (`ValidatedPath`): All path validation now uses a type-state pipeline for strict, auditable security guarantees. This benefits crate development and advanced users, but is fully hidden from typical API usage.
15
-
- Improved docs, roadmap, and tests for new clamping, canonicalization, and display logic.
15
+
16
+
-**Virtual root display system**: `JailedPath` now always displays as starting from the jail root using forward slashes (`/`) on all platforms, hiding internal filesystem details from users
17
+
-**Internal type-state validation engine**: Introduced `ValidatedPath` with compile-time state tracking for strict, auditable security guarantees through marker types (`Raw`, `Clamped`, `JoinedJail`, `Canonicalized`, `BoundaryChecked`)
18
+
-**One-shot path validation**: New `try_jail()` function for convenient single-use path validation without creating a `PathValidator`
19
+
-**Safe file operations trait**: `JailedFileOps` trait provides jail-safe file operations (`read_to_string()`, `write_bytes()`, `exists()`, `create_dir_all()`, etc.) without exposing raw paths
20
+
-**Enhanced examples and documentation**: Added comprehensive examples for real-world usage patterns, marker types, virtual root display, and safe file operations
16
21
17
22
### Changed
18
-
- All path validation now clamps traversal and absolute paths to the jail root; escapes are never allowed.
19
-
-`JailedPath` and `PathValidator` refactored for stricter jail enforcement and cross-platform consistency.
20
23
21
-
### Removed / Refactored
22
-
-**BREAKING:** Removed legacy types and traversal rejection; all path handling now clamps to jail root.
24
+
-**BREAKING: Path validation behavior**: All path validation now clamps traversal and absolute paths to the jail root instead of rejecting them - escapes are mathematically impossible
25
+
-**BREAKING: API restructure**: Complete refactor of `JailedPath` and `PathValidator` for stricter jail enforcement and cross-platform consistency using type-state validation
26
+
-**Enhanced crate description**: Updated to "Prevent directory traversal with type-safe virtual path jails and safe symlinks"
27
+
-**Non-existent jail handling**: `PathValidator` now allows creation with non-existent jail directories (validates they would be directories if they exist)
28
+
-**Comprehensive test suite**: Updated all integration and unit tests to validate new clamping behavior and type-state API
23
29
24
-
### Fixed
25
-
- Clippy lints, cross-platform display, and documentation issues.
30
+
### Dependencies
26
31
27
-
### Changed
28
-
-**PathValidator:** Now uses `ValidatedPath` for all jail and candidate path handling. Jail existence check allows non-existent jails, but requires directories if present.
29
-
-**Clamping logic:** Absolute paths are forcibly clamped to jail root; all root components are stripped before joining to jail.
30
-
-**Integration and unit tests:** Updated to use new type-state API and dynamic jail roots.
31
-
-**README and docs:** Updated to explain type-state pattern, marker types, and new security guarantees.
32
+
-**Added**: `tempfile = "3.20.0"` as dev dependency for robust testing
33
+
34
+
### Technical Implementation
32
35
33
-
### Removed / Refactored
34
-
-**BREAKING:** Removed `ClampedPath` type and all related logic. All clamping and normalization is now performed by `ValidatedPath` and its `.clamp()` method.
35
-
-**BREAKING:** Removed legacy newtypes and type aliases; all path handling now uses `ValidatedPath` and marker types.
36
-
-**BREAKING:** All usages, tests, and documentation updated to use the new type-state API.
36
+
-**Type-state pipeline**: All path validation uses `ValidatedPath<State>` where `State` tracks the exact sequence of security transformations
37
+
-**Clamping algorithm**: Absolute paths are forcibly clamped to jail root; all root components stripped before joining to jail
38
+
-**Virtual path abstraction**: Clean separation between user-facing virtual paths and internal real filesystem paths
37
39
38
40
### Fixed
39
-
- Fixed: All Clippy lints (needless_borrow, redundant_clone) resolved. All doctests and integration tests pass. Absolute path clamping logic fixed. Documentation and examples now compile and run successfully.
41
+
42
+
- All Clippy lints resolved (`needless_borrow`, `redundant_clone`)
43
+
- Cross-platform display consistency across Windows, macOS, and Linux
44
+
- All doctests and integration tests now pass with new validation behavior
45
+
- Documentation examples compile and run successfully
0 commit comments