This release includes 1 security fix for security teams reviewing exposed deployments.
Topics
Summary
AI summaryBroad release touches Commit Details, Commit Statistics, https://www.conventionalcommits.org, and 87433ed.
Changes in this release
| Type | Severity | Summary | CVE |
|---|---|---|---|
| Feature | Low |
Add `sha256` forwardings for all crates. Add `sha256` forwardings for all crates. Source: llm_adapter@2026-05-26 Confidence: high |
— |
| Feature | Low |
Add `sha1` forwardings for all crates. Add `sha1` forwardings for all crates. Source: llm_adapter@2026-05-26 Confidence: high |
— |
| Dependency | Low |
Raise MSRV for hash dependency updates. Raise MSRV for hash dependency updates. Source: llm_adapter@2026-05-26 Confidence: high |
— |
| Bugfix | Medium |
Fix symlink prefix reuse and worktree escape vulnerability. Fix symlink prefix reuse and worktree escape vulnerability. Source: llm_adapter@2026-05-26 Confidence: low |
— |
| Refactor | Low |
Update all crates to Rust 2024 edition. Update all crates to Rust 2024 edition. Source: llm_adapter@2026-05-26 Confidence: high |
— |
| Refactor | Low |
Remove rust_2018_idioms lint declarations. Remove rust_2018_idioms lint declarations. Source: llm_adapter@2026-05-26 Confidence: high |
— |
| Refactor | Low |
Cleanup the `justfile` and automate feature tests. Cleanup the `justfile` and automate feature tests. Source: llm_adapter@2026-05-26 Confidence: high |
— |
| Refactor | Low |
Document why each fixture archive is .gitignored. Document why each fixture archive is .gitignored. Source: llm_adapter@2026-05-26 Confidence: high |
— |
| Refactor | Low |
Run `gix-status-tests` using `GIX_TEST_FIXTURE_HASH`. Run `gix-status-tests` using `GIX_TEST_FIXTURE_HASH`. Source: llm_adapter@2026-05-26 Confidence: high |
— |
| Refactor | Low |
Run `gix-traverse-tests` with SHA‑256. Run `gix-traverse-tests` with SHA‑256. Source: llm_adapter@2026-05-26 Confidence: high |
— |
Full changelog
Commit Statistics
- 21 commits contributed to the release over the course of 28 calendar days.
- 28 days passed between releases.
- 0 commits were understood as conventional.
- 0 issues like '(#ID)' were seen in commit messages
Commit Details
view details- Uncategorized
- Merge pull request #2595 from cruessler/add-hex-to-id-sha1-only (87433ed)
- Review (f962ed1)
- Merge pull request #2590 from GitoxideLabs/independent-testtools (575113d)
- Adapt to changes in
gix-testtools(ce9e6bd) - Merge pull request #2573 from cruessler/run-gix-traverse-tests-with-sha-256 (278d7ec)
- Address auto-review (0ec3bb7)
- Cleanup the
justfileand automate feature tests (db7b97b) sha1andsha256forwardings for all crates (09b982c)- Merge pull request #2574 from cruessler/run-gix-status-tests-with-sha-256 (ac01cf1)
- Review (c10c3b8)
- Use
GIX_TEST_FIXTURE_HASHforgix-status-tests(b5b4029) - Merge pull request #2575 from SarthakB11/fix/issue-2316 (4743361)
- Review (1980190)
- Document why each fixture archive is .gitignored (e3d5a04)
- Merge pull request #2568 from GitoxideLabs/dependabot/cargo/cargo-56d6b174d8 (ab2fee1)
- Update crates to Rust 2024 edition (2cb17b2)
- Remove rust_2018_idioms lint declarations (e10d5f6)
- Raise MSRV for hash dependency updates (3675a8d)
- Merge pull request #2559 from GitoxideLabs/fix/symlink-prefix-reuse-worktree-escape-ghsa-f89h-2fjh-2r9q (3af9b4a)
- Release gix-fs v0.21.1 (d3e4c17)
- Merge pull request #2546 from GitoxideLabs/fix-2545 (adb8328)
Security Fixes
- Fixed symlink prefix reuse worktree escape vulnerability referenced as GHSA-F89H-2FJH-2R9Q
Weekly OSS security release digest.
The CVE patches and breaking changes that affected production tools this week. One email, every Sunday.
No spam, unsubscribe anytime.
Share this release
Related context
Related tools
Earlier breaking changes
- vgix-v0.84.0 Allow checkouts of empty repositories; `destination_must_be_empty` becomes `Option<bool>`
- vgix-worktree-stream-v0.33.0 Changes API of `Stream::add_entry_from_path` to require `hash_kind` argument.
- vgix-object-v0.61.0 Renames `Data::hash_kind` to `Data::object_hash` for consistency.
Beta — feedback welcome: [email protected]