Skip to content

Commit bfaae84

Browse files
PSeitzPSeitz
committed
release 0.13.0
1 parent 055502e commit bfaae84

3 files changed

Lines changed: 40 additions & 7 deletions

File tree

CHANGELOG.md

Lines changed: 39 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -1,3 +1,32 @@
1+
0.13.0 (2026-03-15)
2+
==================
3+
### Features
4+
- Add option to reuse compression dict [#207](https://github.com/PSeitz/lz4_flex/pull/207) (thanks @matthewfollegot)
5+
6+
### Fixes
7+
- Fix handling of invalid match offsets during decompression [#055502e](https://github.com/PSeitz/lz4_flex/commit/055502e) (thanks @Marcono1234)
8+
```
9+
Invalid match offsets (offset == 0) during decompression were not properly
10+
handled, which could lead to invalid memory reads. This is a security fix
11+
that was also backported to 0.12.1 and 0.11.6.
12+
```
13+
- Fix `get_maximum_output_size` overflow on 32-bit targets [#205](https://github.com/PSeitz/lz4_flex/pull/205) (thanks @dglittle)
14+
```
15+
Cast input_len to u64 before multiplying by 110, avoiding overflow on
16+
32-bit targets (e.g. wasm32) where input_len * 110 overflows usize
17+
when input_len > ~39MB.
18+
```
19+
20+
0.12.1 (2026-03-14)
21+
==================
22+
### Security Fix
23+
- Fix handling of invalid match offsets during decompression [#a0b9154](https://github.com/PSeitz/lz4_flex/commit/a0b9154) (thanks @Marcono1234)
24+
```
25+
Invalid match offsets (offset == 0) during decompression were not properly
26+
handled, which could lead to invalid memory reads on untrusted input.
27+
Users on 0.12.x should upgrade to 0.12.1.
28+
```
29+
130
0.12.0 (2025-11-11)
231
==================
332
- Fix integer overflows when decoding large payloads [#192](https://github.com/PSeitz/lz4_flex/pull/192) (thanks @teh-cmc)
@@ -10,6 +39,16 @@ This change also removes a unsafe fast-path for write_integer to simplify the co
1039
The performance impact is on incompressible data, which is already fast enough.
1140
```
1241

42+
0.11.6 (2026-03-14)
43+
==================
44+
### Security Fix
45+
- Fix handling of invalid match offsets during decompression [#84cdafb](https://github.com/PSeitz/lz4_flex/commit/84cdafb) (thanks @Marcono1234)
46+
```
47+
Invalid match offsets (offset == 0) during decompression were not properly
48+
handled, which could lead to invalid memory reads on untrusted input.
49+
Users on 0.11.x should upgrade to 0.11.6.
50+
```
51+
1352
0.11.5 (2025-06-19)
1453
==================
1554
- Fix incorrect rust-version field name in Cargo.toml [#187](https://github.com/PSeitz/lz4_flex/pull/187)

Cargo.toml

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -8,7 +8,7 @@ homepage = "https://github.com/pseitz/lz4_flex"
88
repository = "https://github.com/pseitz/lz4_flex"
99
readme = "README.md"
1010
license = "MIT"
11-
version = "0.12.0"
11+
version = "0.13.0"
1212
include = ["src/*.rs", "src/frame/**/*", "src/block/**/*", "README.md", "LICENSE"]
1313
rust-version = "1.81"
1414

_typos.toml

Lines changed: 0 additions & 6 deletions
This file was deleted.

0 commit comments

Comments
 (0)