Skip to content

Release Notes - TaipanStack v0.3.9 (2026-03-11)

Overview

TaipanStack v0.3.9 focuses on reinforcing security boundaries, optimizing core performance primitives, and stabilizing the test suite. This release introduces critical path traversal protections in filesystem utilities and automated sensitive data masking for structured logging pipelines.

🛡️ Security & Observability

  • Critical Path Traversal Fix: Added rigorous protections in filesystem utilities (find_files, get_file_hash, ensure_dir) to prevent access outside the base directory. (#160)
  • Sensitive Data Masking: Integrated automated masking for secrets (passwords, tokens, keys) within the structured logging system via mask_sensitive_data_processor. (#162)
  • New Security Types (Pydantic v2): Implemented SafeHtml and SafeSqlIdentifier natively compatible with FastAPI/Pydantic schemas, protecting against XSS and SQL Injection.
  • JWT Decode Security: Explicitly rejected the "none" algorithm in JWT decoding to mitigate signature bypass vulnerabilities. (#169)
  • Guard Pattern Optimization: Unified regex patterns for sensitive environment variable validation, improving runtime protection efficiency. (#167)

🧩 Core Features (Resilience, and Cache)

  • Observability Module (context): Added correlation_id tracking via contextvars integrating distributed tracing into structlog with automatic scope limits.
  • Resilience Decorators (resilience):
    • @fallback: Intercepts exceptions and business errors, returning safe fallback values.
    • @timeout: Manages maximum execution time in synchronous and asynchronous functions using ThreadPoolExecutor, preventing eternal locks.
  • Intelligent Cache (cache): New @cached(ttl) decorator that memoizes only successful results (Ok), automatically ignoring and recomputing failures (Err).

🧪 QA & Test Stability

  • Concurrency Test Stabilization: Resolved intermittent flakiness in synchronous and asynchronous execution limiters using event-based synchronization. (#165)
  • Expanded Coverage:
    • New test cases for path sanitization and directory traversal guards. (#168)
    • Specific validation for numeric-only SQL identifiers. (#166)
    • Edge-case coverage for excessively long file extensions. (#163)
    • Unit test suite for the main entrypoint (app.main). (#159, #171)

⚡ Performance

  • Hashing Optimization: Refactored file hashing chunk iteration to use functools.partial, minimizing lambda call overhead during I/O operations. (#164)
  • JWT Validation speedup: Micro-optimized the validation of permitted algorithms during token decoding. (#169)

🧹 Refactoring & Chore

  • Code Cleanup: Removed redundant syntax patterns (unnecessary elif branches) for better readability. (#161)
  • Logging Standardization: Standardized internal logging infrastructure and renamed unused parameters in structlog processors for consistency (#162, #170).
  • Linting: Restored Ruff standard formatting across all module files.

Verification Details

  • Test Suite: Critical maintenance tests for concurrency and security guards passed with 100% reliability.
  • Security: Validated via consolidated regex guards and expanded regression testing.
  • Coverage: Maintained 100% statement and branch coverage.

[!TIP] This release is highly recommended for users handling sensitive logging data or complex filesystem operations. It maintains full backward compatibility with the v0.3.x series.