[v1.107.0]
- Security: fixed validation redaction bypasses, redacted webhook report metadata, and bounded TAR extraction.
- Added detection and validation rules for 25+ new provider families: Anthropic, Airtable, Browserbase, Cartesia, Cielo, Civo, Exoscale, Greptile, Infomaniak, Kimi (Moonshot AI), LightOn, Mailgun, MessageBird, Nango, New Relic, Novu, OVHcloud, PlanetScale, Polymarket, Silicon Flow, Twitter/X, Turso, Upstage, Yandex — plus expanded Slack, Volcengine, JWT, Linear, and Pinecone coverage. Built-in coverage is now 1,006 rules (876 standalone detectors + 130 dependent rules), with 511 standalone detectors supporting live validation.
- Migrated the TLS and JWT-signing crypto backend from
ringtoaws-lc-rsacross all validators (GCP, Postgres, raw), the main binary's default provider installation, the MongoDB driver, and gcloud-storage, consolidating on a single FIPS-eligible crypto provider. - Reduced dependency footprint and binary size: removed
include_dirandcolor-backtrace; trimmedclaptodefault-features = falseandtokiofrom"full"to specific features; added per-packageopt-level = "z"for cold crates in the release profile. Viewer assets and builtin rules are now gzip-compressed at build time viabuild.rsand lazily decompressed at runtime, replacinginclude_dirdirectory embedding. - Improved Docker builds in the Makefile: added
SKIP_TESTS=1to skip tests, a separateCARGO_TARGET_DIR=target-dockerto avoid clobbering host build artifacts, andbashto the Alpine package list. - Reworked
--access-mapprovider parsing from clapValueEnumto a customFromStrparser with flexible aliases (mongo,hf,wandb,msteams,brevo,do,ibm,tfc, etc.) and clearer error messages.