Security
- Enforce HTTPS by default for remote backends — remote storage URLs now require HTTPS; opt in with
allow_insecure_httpif needed - Bind AEAD objects to identity context in AAD — authenticated additional data now includes repository identity, preventing cross-repo ciphertext splicing
- Reduce passphrase exposure in subprocesses and environment — passphrase handling minimizes in-memory lifetime and avoids leaking into child process environments
Features & Improvements
- Parallel large-file pipeline — large files are segmented and chunked in parallel via explicit crossbeam-channel stages, replacing pariter
- XOR dedup prefilter — a fast xor-based filter skips redundant chunk transforms before hitting the full dedup index
one_file_systemdefault changed tofalse— backups now cross filesystem boundaries by default, so bind mounts and subvolumes are no longer silently skipped. Setone_file_system: trueto restore the old behavior.- Walk optimization — skip redundant
symlink_metadatacalls for files whenone_file_systemis enabled
Bug Fixes
- Fix deadlock between pariter reorder buffer and ByteBudget
- Make
delete-reposafe by classifying keys and fixing recursive list - Remove trailing encrypted header from pack files
- Server: recover from RwLock poison instead of panicking
- Windows: use HANDLE type alias for windows-sys 0.59 compatibility (Rust 1.93)
- Fix clippy 1.93 lint for
set_readonly(false)in tests
Dependencies
- Replace
filetimeandhttp-body-utilwith internal implementations - Replace
rpasswordanddirswith internal helpers
Downloads
| Platform | File |
|---|---|
| Linux x86_64 | vger-v0.7.0-x86_64-unknown-linux-gnu.tar.gz
|
| macOS aarch64 | vger-v0.7.0-aarch64-apple-darwin.tar.gz
|
| Windows x86_64 | vger-v0.7.0-x86_64-pc-windows-msvc.zip
|
SHA256 checksums are available in SHA256SUMS.