github luckyPipewrench/pipelock v2.6.0
on GitHub

latest release: v2
5 hours ago

Changelog

  • f57bc8c Add Conductor durable audit batch queue (#596)
  • 476a113 Add Conductor follower config and capabilities handshake (#595)
  • 49331dd Add Conductor signed message foundation (#594)
  • 0b9d107 Conductor: add atomic policy apply cache (#608)
  • 237418d Conductor: add audit batch ingest boundary (#613)
  • 20def0f Conductor: add audit batch summary query (#617)
  • 0e1d8e0 Conductor: add audit retention pruning (#625)
  • b62b227 Conductor: add control-plane bundle publication boundary (#611)
  • 810836c Conductor: add durable audit storage (#616)
  • 0ba1630 Conductor: add emergency controls (#623)
  • 6b1dd51 Conductor: add enrollment and scoped admin auth (#621)
  • b5ccd80 Conductor: add fleet audit sink (#604)
  • 1f2512e Conductor: add operator probes and telemetry (#618)
  • f2bda72 Conductor: add server runtime wiring (#615)
  • e87e6b8 Conductor: enqueue recorder audit batches (#606)
  • b3f2d01 Conductor: wire follower remote kill polling (#626)
  • bc05a7c Harden enterprise license expiry warnings and CRL enforcement (#592)
  • 24d7211 chart: polish pipelock helm chart for v2.5.0 (#571)
  • b5364d6 chore(lint): bump golangci-lint to v2.12.2 and clean up findings (#577)
  • 7e702e7 chore(release): prepare v2.6.0 pre-tag updates (#641)
  • d0dc401 chore(renovate): hold TypeScript and jsonschema majors at known-good versions (#572)
  • 76a8e1a ci: Update ci-actions (#551)
  • c3f9cc5 ci: Update dependency golangci/golangci-lint to v2.12.2 (#573)
  • 5640971 conductor: wire audit batch transport (#602)
  • c957ff2 deps: Lock file maintenance (#609)
  • 396affd deps: Update dependency @types/node to v24.12.4 (#578)
  • 30a74b9 deps: Update gcr.io/oss-fuzz-base/base-builder-go Docker digest to 3c67aea (#566)
  • 90dd1e1 deps: Update gcr.io/oss-fuzz-base/base-builder-go Docker digest to eb5c93a (#581)
  • 6904308 deps: Update module github.com/CycloneDX/cyclonedx-go to v0.11.0 (#599)
  • 87012ba deps: Update module modernc.org/sqlite to v1.50.1 (#569)
  • 7cbc866 deps: Update rust-verifier (#552)
  • b8ec385 deps: Update ts-verifier (#574)
  • 2b727c9 docs(specs): supersede receipt-format v0.1 draft; add prior-art mapping (#583)
  • d09cf98 docs(standards): Phase B. OWASP MCP Top 10 v2.5 refresh plus in-toto and SCITT profiles (#588)
  • da90386 feat(assess): add NIST AI RMF + HIPAA compliance frameworks + procurement mapping doc (#576)
  • c46d39c feat(assess): close evidence trust gaps and bump schema to v2 (#575)
  • 9f7353a feat(blockreason): add request_policy_deny reason and accept UUIDv7 receipt ids (#628)
  • cde0ce1 feat(conductor): wire follower policy-bundle poller (#640)
  • 72767cb feat(diag): WebSocket verify-install check + enterprise Dockerfile tag (#600)
  • 81fd5b1 feat(dns): add dns.host_overrides for hostname routing (#589)
  • e32ce1a feat(filesentry): block action mode for agent-attributed DLP findings (#603)
  • 7b756af feat(filesentry,doctor): per-path watch required: flag + doctor port-collision check (#620)
  • c7dac55 feat(hermes): add --mode mcp-only with shared mcpwrap engine (#610)
  • 6ec3a7b feat(hermes): add install/verify/rollback + move hook into pipelock binary (#607)
  • 913a290 feat(hermes): bridge Hermes Agent hook events into pipelock scanner pipeline (#605)
  • 0a96f84 feat(license): add fleet feature flag and gate Conductor + fleet-sink (#636)
  • a8c37f4 feat(proxy): SSRF-safe dial path for reverse_proxy.profile: submit (#624)
  • 2efdef7 feat(proxy): enforce request_policy across transports (#631)
  • 8b5f96b feat(proxy): enforce request_policy on GraphQL-over-GET and multipart (#632)
  • db1e677 feat(proxy): reverse_proxy.profile: submit + per-listener trusted_upstream (#622)
  • 9be16aa feat(reqpolicy): JSON discriminator rules + WebSocket per-frame policy (#634)
  • f805afa feat(scan): detect invisible-Unicode/bidi injection in files (#612)
  • c1f57ae feat(scanner): detect hostname/DNS subdomain exfiltration (#642)
  • d1f8f8f feat(v2.6): NSA MCP CSI follow-ups: context-leak, lethal-trifecta, per-message signing, replay (#579)
  • cbef196 feat: add GraphQL operation extractor for request_policy (#630)
  • baf455a feat: add request_policy operation-rails engine and config (#627)
  • 9ad4c5b feat: recurse request_policy into JSON batch sub-requests (#633)
  • 6b81f31 fix(certgen): accept PKCS8-encoded EC keys in LoadCA (#582)
  • 1548b21 fix(deps): bump golang.org/x/crypto to v0.52.0 (13 SSH CVE fixes) (#585)
  • 98d0624 fix(deps): bump golang.org/x/net to v0.55.0 (5 HTML-parser CVE fixes) (#584)
  • 15b6b60 fix(dlp): harden provider token patterns against false positives (#586)
  • 46a160d fix(dlp): tighten remaining provider token patterns (#587)
  • 0ead548 fix(hermes): make --mode full load, enable, and block under real Hermes (#629)
  • cde7755 fix(mcp): strip inbound com.pipelock/mediation on HTTP listener path (#601)
  • 810d26a fix(proxy): consult cfg.Suppress before hard-block in request header DLP (#619)
  • 3d863bb fix(proxy): redaction hardening (scanner lockstep + allowlist_unparseable passthrough) (#635)
  • c8f6dcc fix(proxy,redact,media): preserve trusted-host file transfers (#639)
  • b14f20a fix(redaction): harden body redaction + tighten Databricks DLP pattern (#580)
  • a595768 fix: don't honor ambient HTTP_PROXY on upstream egress transports (#645)
  • ecf75c4 refactor(audit): options structs for 5 long-param logger functions + 3 TODO closeouts (#597)
  • e9af47b refactor(compliance): extract framework ID + feature name constants (#591)
  • ac24917 refactor(proxy): consolidate adaptive-upgrade emissions; fix TMPDIR-dependent policy hash (#644)
  • cfa0ae1 refactor(proxy): extract sessionKeyFor helper for session-key construction (#643)
  • 0180f41 refactor(runtime,mcp): split server.go and proxy_http.go into per-concern files (#598)
  • 041bac0 refactor: relocate Conductor packages; refresh README + comparison (#637)
Check out latest releases or
releases around luckyPipewrench/pipelock v2.6.0

Don't miss a new pipelock release

NewReleases is sending notifications on new releases.

Get notifications