--- CBOR-XS/Changes 2016/04/24 13:15:19 1.58 +++ CBOR-XS/Changes 2020/12/04 02:57:14 1.86 @@ -3,16 +3,81 @@ TODO: pack_keys? TODO: document encode_cbor_sharing? TODO: weaken cyclic structures? -TODO: allowed_classes or so? +TODO: large negative integers +TODO: type cast tests. +TODO: as_map (for non-string keys) +TODO: possibly implement https://peteroupc.github.io/CBOR/extended.html, but NaNs are nonportable. rely on libecb? +TODO: https://github.com/svaarala/cbor-specs/blob/master/cbor-nonutf8-string-tags.rst, but maybe that is overkill? -TODO: Fredrik Ljunggren, document utf8_strings - - the Math::BigFloat maintainer apparently thinks that changing - documented maths function to suddenly yield different results or - to fail completely on valid input is cool. Try to work around - this madness - if Math::BigFloat changes its API too much, - future versions will have to remove support for bignums +1.82 Tue Dec 1 02:47:40 CET 2020 + - add CBOR::XS::as_bool cast function. + +1.81 Mon Nov 30 19:29:33 CET 2020 + - cast functions were broken due to last-minute renaming. thats + what you get for not having a tessuite. + - Math::BigInt and Math::BigFloat are pretty broken (again), + so disable some tests. (try printing the bigfloat + 799999999999999999998E99999999999999999998). + +1.8 Sun Nov 29 22:35:13 CET 2020 + - experimental support for some type casts, as well as embedding + raw cbor data. + +1.71 Thu Nov 15 20:52:13 CET 2018 + - work around what smells like a perl bug w.r.t. exceptions + thrown in callbacks. + - update libecb. + +1.7 Tue Jun 27 04:02:23 CEST 2017 + - SECURITY FIX: fix two bugs found by american fuzzy lop, + upgrade is advised if you accept data from untrusted + sources. + - an out-of bound sharedref or stringref index could cause an + out of bounds access - might be exploitable. + - a decoding error during indefinite array or hash decoding + could cause an endless loop. + +1.6 Wed Dec 7 15:13:23 CET 2016 + - greatly expand the SECURITY IMPLICATIONS and similar sections. + - new constructor new_safe, to create a secure CBOR::XS object. + - new option forbid_objects, to disallow serialisation. + - new CBOR::XS::safe_filter functionality. + - fix a crash when decoding a cyclic data structure using + stringref/pack_strings when allow_cycles is disabled. + - fix a crash when decoding hash keys with length >= 2**31. + - avoid unreasonably long decoding times for certain + types of (corrupt) cbor texts. + - support arrays and hashes with >= 2**31 members. + - avoid overflow on pointer arithmetic when checking whether enough + data is available. + - fix a memory leak that occured when decoding failed while decoding + a tagged value. + - do not leak the partially constructed result when stringifying + a hash key throws an exception. + - various code size and efficiency optimizations (reduced code + from 42 to 40kB on my system, despite the new features). + +1.5 Wed Apr 27 11:38:39 CEST 2016 + - Math::BigFloat madness workaround, see + http://blog.schmorp.de/2016-04-23-mathbigfloat-maintainer-fail.html (bugreport by zdm@softvisio.net). - - remove some weird dead code that was duplication (%FILTER). + - add text_keys and text_strings options to force CBOR text encoding + for perl hash keys or all strings, as a result of discussions + with Fredrik Ljunggren. + - implement support for arbitrary-exponent numbers (see + http://peteroupc.github.io/CBOR/bigfrac.html, tags 264 and 265) + for both en- and decoding. + - implement support for rational numbers (see + http://peteroupc.github.io/CBOR/rational.html, tag 30) for both + en- and decoding. + - the above effectively implements all registered CBOR extensions + in a sensible manner. + - remove some weird dead code that was duplicated (%FILTER). + - add t/58_hv.t, which tests hashes and the new text_* flags. + hashes apparently were not encoded at all in any of the existing + tests. + - document Math::BigFloat base-2 performance/crash issues. + - use stability canary. 1.41 Thu 25 Feb 15:22:03 CET 2016 - avoid perl panics on nested FREEZE/THAW calls (testcase by