20260629 : 3.1.2 - Security Release
- Make
hash(TEXT)anddigest(TEXT, TEXT, TEXT)RESTRICTED
(thanks to Sarath Kumar)
- [CI] Introduce cargo audit
- [doc] use rumdl instead of mdl
- [CI] upgrade to rustc 1.96
- [doc] overview of similar tools
- [core] upgrade dependencies
This release brings a fix for a potential brute-force attack on the hashing
functions (CVE-2026-13455). All users should upgrade as soon as possible.
See issue 649 for more details.
If a quick upgrade is not possible, the threat can be blocked with:
SECURITY LABEL FOR anon ON FUNCTION anon.digest(TEXT, TEXT, TEXT)
IS 'RESTRICTED';
SECURITY LABEL FOR anon ON FUNCTION anon.hash(TEXT)
IS 'RESTRICTED';