melange

No immediate action

v0.52.0 New feature · 2d

include-functions option

Open

No immediate action

v0.51.0 Maintenance · 3d

Routine maintenance and dependency updates.

Open

No immediate action

v0.50.8 Mixed · 10d

Maven mirror + deps bump + Docker tag

Open

v0.50.6 Security relevant · 24d

Security fixes

• CI hardened against template injection and credential exposure
• cfg.Package.Version validation added in linter to prevent path traversal

Notable features

• Linter added to detect shipping of libtool linker files

Full changelog

What's Changed

• fix(ci): harden against template injection and credential exposure by @stevebeattie in https://github.com/chainguard-dev/melange/pull/2514
• linter: validate cfg.Package.Version against path traversal in saveLintResults by @antitree in https://github.com/chainguard-dev/melange/pull/2515
• build(deps): bump github.com/chainguard-dev/yam from 0.2.57 to 0.2.58 in the gomod group across 1 directory by @dependabot[bot] in https://github.com/chainguard-dev/melange/pull/2516
• Add linter to complain about shipping libtool linker files. by @smoser in https://github.com/chainguard-dev/melange/pull/2520

Full Changelog: https://github.com/chainguard-dev/melange/compare/v0.50.5...v0.50.6

View release on GitHub

v0.50.1 Bug fix · 1mo

Minor fixes and improvements.

Full changelog

What's Changed

• fix(qemu): fix CPU/Memory resource precedence by @egibs in https://github.com/chainguard-dev/melange/pull/2489

Full Changelog: https://github.com/chainguard-dev/melange/compare/v0.50.0...v0.50.1

View release on GitHub