github rupor-github/fb2cng v1.1.0
on GitHub

latest releases: v1.2.2, v1.2.1, v1.2.0...
one month ago

New features

  • added --asin flag to be able to set ASIN during conversion if necessary

Bug Fixes

Critical

  • Fixed hyphenation for non-ASCII languages (Cyrillic, Greek, etc.) — byte/rune index confusion caused pattern weights to be silently lost
  • Fixed race condition on global slug.Lowercase in concurrent transliteration calls

High

  • SecretString no longer leaks secrets via fmt.Sprintf / %v — added String() and GoString() methods
  • CSS url() resolution now uses os.DirFS to prevent arbitrary file reads via path traversal
  • Added 256 MB limit on base64 binary decoding to prevent OOM from malicious FB2 files
  • Added 8192x8192 dimension cap on SVG rasterization to prevent OOM
  • Fixed infinite loop in JPEG quality detection on crafted input
  • Fixed JPEG SOI header validation (&&||) — single-byte corruption no longer passes

Medium

  • Added Zip Slip protection in archive walker — rejects entries with ../ or absolute paths
  • Fixed temp directory leak in Prepare() on both error and success paths
  • Fixed off-by-one in trie.allSubstrings() — now matches allSubstringsAndValues() behavior
  • Fixed CSS injection — selector and url() values are now properly escaped
  • Fixed parseDimension — rewritten to correctly reject malformed CSS dimensions
  • Eliminated stale Imports/FontFaces sync bug by replacing fields with methods
  • Removed dead code in indexHref — replaced url.Parse() with explicit scheme allowlist
  • encodeImage now returns an error for unsupported formats instead of silent nil, nil
  • Fixed Report.Close() — both arc.Close() and r.file.Close() errors are now reported via errors.Join
  • Fixed %v%w in error wrapping in config.Dump()
  • Fixed case-sensitivity mismatch in MHL connector — target is now normalized to lowercase
  • Fixed isTitleEmpty — now recurses into child segments via AsPlainText()

Performance

  • Replaced += string concatenation with strings.Builder in hot hyphenation loops
  • Cached HTML entities JSON parsing with sync.Once — no longer re-parsed on every Prepare()
  • Moved isKnownTextTag map to package level — no longer allocated per call
  • Fixed O(n²) AsTOCText — tracks lastByte instead of calling buf.String() in loop
  • Replaced strings.NewReader(string(bytes)) with bytes.NewReader to avoid copy
  • Converted recursive parseDescendantSelector to iterative loop (eliminates stack overflow risk)

Robustness

  • Added ColSpan/RowSpan clamping to max(v, 1)
  • CleanFileName now strips NUL bytes
  • StoreCopy temp directories are now cleaned up on all paths
  • truncateText now slices by runes, not bytes — no more split UTF-8
  • Zip writer close error in kfxdump is now captured
  • Added 2-minute timeout on MHL child process via exec.CommandContext
  • Child process stderr is now forwarded to os.Stderr
  • binary.Write in JPEG header rewrite replaced with direct binary.BigEndian.PutUint16 into fixed array
  • Iterator yield return values are now checked at all call sites

Maintenance

  • Extracted 8 default vignette SVGs and 2 placeholder SVGs to //go:embed files
  • Added //go:build windows constraint to MHL connector
  • Fixed YAML config tag typo: jpeq_quality_leveljpeg_quality_level (breaking — existing config files need updating)
  • Fixed typos: "unnesessary", "deffered", "exits"→"exists", "wich"→"which", and others
  • Removed dead imageChanged flag for SVG path
  • Updated Sentences iterator doc to reflect actual behavior
  • Updated docs/guide.md and docs/stylesheets.md for CSS security changes and config rename

Full Changelog: v1.0.0...v1.1.0

Check out latest releases or
releases around rupor-github/fb2cng v1.1.0

Don't miss a new fb2cng release

NewReleases is sending notifications on new releases.

Get notifications