Security
- CVE-2023-50246: Fix heap buffer overflow in jvp_literal_number_literal
- CVE-2023-50268: fix stack-buffer-overflow if comparing nan with payload
CLI changes
- Make the default background color more suitable for bright backgrounds. @mjarosie @taoky @nicowilliams @itchyny #2904
- Allow passing the inline jq script after
--
. @emanuele6 #2919 - Restrict systems operations on OpenBSD and remove unused
mkstemp
. @klemensn #2934 - Fix possible uninitialised value dereference if
jq_init()
fails. @emanuele6 @nicowilliams #2935
Language changes
- Simplify
paths/0
andpaths/1
. @asheiduk @emanuele6 #2946 - Reject
U+001F
in string literals. @torsten-schenk @itchyny @wader #2911 - Remove unused nref accumulator in
block_bind_library
. @emanuele6 #2914 - Remove a bunch of unused variables, and useless assignments. @emanuele6 #2914
- main.c: Remove unused EXIT_STATUS_EXACT option. @emanuele6 #2915
- Actually use the number correctly casted from double to int as index. @emanuele6 #2916
- src/builtin.c: remove unnecessary jv_copy-s in type_error/type_error2. @emanuele6 #2937
- Remove undefined behavior caught by LLVM 10 UBSAN. @Gaelan @emanuele6 #2926
- Convert decnum to binary64 (double) instead of decimal64. This makes jq behave like the JSON specification suggests and more similar to other languages. @wader @leonid-s-usov #2949
- Fix memory leaks on invalid input for
ltrimstr/1
andrtrimstr/1
. @emanuele6 #2977 - Fix memory leak on failed get for
setpath/2
. @emanuele6 #2970 - Fix nan from json parsing also for nans with payload that start with 'n'. @emanuele6 #2985
- Allow carriage return characters in comments. @emanuele6 #2942 #2984
Documentation changes
- Generate links in the man page. @emanuele6 #2931
- Standardize arch types to AMD64 & ARM64 from index page download dropdown. @owenthereal #2884
libjq
Build and test changes
- Fix incorrect syntax for checksum file. @kamontat @wader #2899
- Remove
-dirty
version suffix for windows release build. @itchyny #2888 - Make use of
od
in tests more compatible. @nabijaczleweli @emanuele6 @nicowilliams #2922 - Add dependabot. @yeikel #2889
- Extend fuzzing setup to fuzz parser and and JSON serializer. @DavidKorczynski @emanuele6 #2952
- Keep releasing executables with legacy names. @itchyny #2951
New Contributors
- @yeikel made their first contribution in #2889
- @dependabot made their first contribution in #2894
- @kamontat made their first contribution in #2899
- @taoky made their first contribution in #2904
- @tboz203 made their first contribution in #2920
- @nabijaczleweli made their first contribution in #2922
- @klemensn made their first contribution in #2934
- @asheiduk made their first contribution in #2946
- @rockwotj made their first contribution in #2953
- @jesperronn made their first contribution in #2898
Full Changelog: jq-1.7...jq-1.7.1