File tree Expand file tree Collapse file tree 1 file changed +21
-0
lines changed
Expand file tree Collapse file tree 1 file changed +21
-0
lines changed Original file line number Diff line number Diff line change @@ -5,6 +5,7 @@ All notable changes to this project will be documented in this file. The format
55## Table of Contents
66
77- [ Unreleased] ( #unreleased )
8+ - [ 1.9.21 - 2025-12-04] ( #1921---2025-12-04 )
89- [ 1.9.20 - 2025-12-02] ( #1920---2025-12-02 )
910- [ 1.9.19 - 2025-12-02] ( #1919---2025-12-02 )
1011- [ 1.9.18 - 2025-12-02] ( #1918---2025-12-02 )
@@ -192,6 +193,26 @@ All notable changes to this project will be documented in this file. The format
192193### Security
193194---
194195
196+ ### [ 1.9.21] - 2025-12-04
197+
198+ ### Security
199+
200+ - Implemented strict validation for hex string parsing across the codebase,
201+ addressing TOB-21.
202+ Non-hex characters now cause an immediate error instead of being silently
203+ discarded, preventing message-forgery scenarios.
204+
205+ ### Fixed
206+
207+ - Rewrote the ` toArray ` and ` hexToArray ` conversion logic to enforce strict
208+ hexadecimal input handling rather than permissive filtering.
209+ - Corrected UTF-8 decoding behavior to ensure invalid byte sequences produce
210+ a single ` U+FFFD ` replacement character as specified.
211+ - Updated all internal hash and array conversion utilities to maintain consistent
212+ behavior with strong input validation.
213+
214+ ---
215+
195216### [ 1.9.20] - 2025-12-02
196217
197218### Security
You can’t perform that action at this time.
0 commit comments