v0.1.10

Golang [1.15.7, 1.15.8, 1.16rc1]

Changes

• bundle diff now expose an oplog as a JSONPatch like output - #28
• from vault can pull a specific secret version by adding <path>?version=<version> - #26
• Vault secret metadata are now exported as annotations when a bundle is created from Vault

cmd/harp/v0.1.10

Bundle Diff / Vault Version puller

cmd/harp-server/v0.1.10

Bundle Diff / Vault Version puller

v0.1.9

Changes

• Fix a random test issue with fuzz test and memguard - #23 #24
• Fix golangci-lint dependency pull error - #22
• Fix errorlint findings in harp-server - #25

cmd/harp/v0.1.9

SDK and Tools update

cmd/harp-server/v0.1.9

SDK and Tools update

v0.1.8

Changes

• bundle dump and from dump use wire agnostic value serialization format (JSON) so that it can be used to migrate data from container versions. - #16
• from vault / to vault - Vault error was masked by an invalid errgroup usage with context, the error was overridden by context cancellation error. Now the real underlying error is raised and displayed to the user. - #18
• Vault authentication is now explicitly tested before starting any operation.
• Vault parallel workers now use explicit worker count, modifiable via flags and don't rely on runtime to prevent docker CPU count detection problem. - #15

cmd/harp/v0.1.8

Release v0.1.8

cmd/harp-server/v0.1.8

Release v0.1.8

v0.1.7

Harp v0.1.7 - https://github.com/elastic/harp

Changes

• Go toolchain constraints updated to [1.15.6, 1.15.7]
• os/exec vulnerability mitigation - https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2021-3115 (not disclosed yet)
• Fix container reader usage for bundle diff/dump
• Dependencies have been updated
• Tools have been updated (rebuild tools base image via mage docker:tools)
• errorwrapping is now fixed and enforced by linter
• CodeQL is executed on each PR + main
• Snyk vulnerability scan for dependency is executed on each PR + main

Reference(s)

• https://blog.golang.org/path-security
• https://groups.google.com/g/golang-announce/c/mperVMGa98w