Skip to content

Release Notes — v0.4.6

Release Date: 2026-04-30

TaipanStack v0.4.6 is a comprehensive security and quality release, addressing critical vulnerabilities, achieving 100% genuine code coverage, and hardening the entire resilience layer.

🛡️ Security

  • Fix (Critical) — TOCTOU Vulnerability: Resolved a Time-of-Check to Time-of-Use (TOCTOU) vulnerability in tempfile.mkstemp by ensuring atomic creation and strict filesystem permissions (PR #651).
  • Fix (High) — File Extension DoS: Patched a Denial of Service vulnerability in guard_file_extension where malformed extensions could cause excessive processing (PR #658).
  • Fix (High) — Unbounded Cache growth: Remedied a DoS vector in the @cached decorator by implementing a bounded cache with an LRU (Least Recently Used) eviction policy, preventing memory exhaustion (PR #646).
  • Fix (Medium) — Generator Bypass: Prevented a subtle security bypass in guard_command_injection when using empty generators, ensuring strict iterator-based validation (PR #640).
  • Hardening — Time Jump Resilience: Reinforced the RateLimiter against massive forward time jumps (e.g., NTP synchronizations or clock chaos), ensuring consistent rate limiting (PR #642).
  • Audit — Semgrep Standards: Resolved global security findings and standardized nosem exclusions across the core codebase (PR #659).

🌊 Resilience

  • Timeout Hardening: Reinforced the @timeout decorator against thread exhaustion in high-concurrency scenarios through enhanced cleanup logic (PR #638).
  • Bulkhead Pattern: Hardened limit_concurrency against resource exhaustion during extreme load spikes (PR #652).

⚡ Performance & Refactoring

  • Complexity Reduction: Significantly reduced cyclomatic complexity across sanitizers, subprocess utilities, and resilience modules (PR #649).
  • Clean Code: Eliminated deprecated internal Pydantic imports (#641) and removed unused ensure_ascii arguments from serialization logic (#660).
  • Adaptive Streamlining: Removed legacy attributes in adaptive resilience components to optimize state transitions (PR #637).

🔄 CI/CD & Infrastructure

  • Zero-Bypass CI: Audited and standardized all GitHub Actions pipelines to enforce zero-bypass security policies (PR #643, #653, #639).
  • Dependencies: Upgraded cryptography to >=46.0.7 and updated the GitHub Actions group to latest versions (PR #647, #648).

✅ QA & Testing

  • 100% Genuine Coverage: Achieved the ultimate quality milestone: true 100% code coverage without a single pragma: no cover bypass in the entire project (PR #644, #654).
  • Test Suite: The test suite has grown to 1,296 passing tests, incorporating new chaos experiments and security edge cases.
  • Synchronization: Unified test counts and version metadata across all documentation files (PR #655).