Skip to content

TaipanStack v0.4.3 Release Notes

TaipanStack v0.4.3 is a major security, quality, and refactoring release. This version introduces strict static typing across the entire codebase (completely eliminating Any), hardens security guards against advanced SSRF and DoS vectors, and achieves true 100% test coverage in the core result module with 1,207 passing tests.

See documentation at: TaipanStack Dev Portal.

What's New & Fixed in v0.4.3

🛡️ Core Security & Sentinel Guards

  • [High] URL & SSRF Protection (PR #487, #544): Patched critical URL validation bypasses and SSRF risks in guard_ssrf. Implemented bounded length checks and hardened parsing logic via rigorous property-based fuzzing.
  • [Medium] Input Hardening (PR #423, #526, #551): Enforced extreme input bounds checking for validate_python_version and validate_email to prevent algorithmic complexity DoS attacks.
  • [Medium] Resilience Guards (PR #489, #490): Hardened the RateLimiter against time-drift corruption and patched a DoS vector in run_safe_command timeouts.
  • [Universal] Finite Parameter Enforcement (PR #558): Enforced math.isfinite validation on all timeout and delay parameters across the suite to prevent "NaN-chaos" in distributed logic.
  • [SAST] Custom Security Rules (PR #486, #507, #420): Integrated new Semgrep rules targeting path traversal, insecure PRNG, Pydantic secret leakage, and insecure filesystem permissions.

⚡ Performance & Reliability

  • [Perf] Sanitizer Hoisting: Boosted throughput of path and filename sanitization by hoisting regex compilation out of hot execution loops.
  • [Perf] Decorator Optimization (PR #532): Reduced latency in @safe and @safe_from decorators by hoisting type casts and minimizing closure overhead.
  • [Resilience] CircuitBreaker Stability (PR #537): Enforced finite threshold logic in state transitions to ensure deterministic recovery from failure states.
  • [Resilience] Retry Consistency (PR #450): Stabilized exponential backoff algorithms to prevent state drifting under heavy resource contention.

🏗️ Refactoring & Modernization

  • [Breaking] Strict Typing (PR #465, #543): Completed the project-wide refactor to eliminate all Any types. Transitions to Unpack and TypedDict for external API bridges ensure total type safety.
  • [Core] Modern Type Checks (PR #518): Refactored the core Result module to utilize modern Python 3.11+ container type checks and pattern matching.
  • [Structure] Complexity Reduction (PR #453, #494): Drastically reduced cyclomatic complexity in filesystem and bridge modules through functional decomposition.

🧪 QA & CI/CD

  • Core 100% Coverage (PR #481): Achieved verified 100% branch and statement coverage in the core module with a synchronized suite of 1,207 passing tests.
  • CI/CD Validation (PR #531, #546): Audited and refactored the entire pipeline execution model, enforcing strict naming conventions and removing insecure bypass methods.

Security Advice

We strongly recommend upgrading to v0.4.3 immediately to benefit from the new SSRF and DoS protections. If you have custom integrations using Any types, you may need to provide explicit type annotations as the codebase now strictly forbids untyped signatures.