Release history and notes

Sequence based identifiers are used for versioning (schema follows below):

major.minor[.revision]

  • It is always safe to upgrade within the same minor version (for example, from 0.3 to 0.3.4).

  • Minor version changes might be backwards incompatible. Read the release notes carefully before upgrading (for example, when upgrading from 0.3.4 to 0.4).

  • All backwards incompatible changes are mentioned in this document.

0.1.6

2026-03-17

  • Comprehensive zip bomb detection: Replaced ZipInspector with full Fifield 2019 detection (overlap, extra-field quoting, per-file/aggregate ratio, Zip64, bzip2). Configurable thresholds.

  • Content-based nested archive detection: Uses zipfile.is_zipfile() instead of extension-only checks; prevents extension-spoofing attacks.

  • Permission sanitisation: New strip_special_bits option strips setuid/setgid/sticky bits from extracted files (default: True).

  • Module-level env-var caching: Default limits cached at import time for performance, with runtime env-var overrides still supported.

  • Event improvements: Added nesting_depth_exceeded event type.

  • Type safety: Added explicit TypeError for None path in extract().

  • Documentation: Updated ARCHITECTURE.rst with new features.

0.1.5

2026-03-17

  • Fifield-style zip bomb detection: Added ZipInspector class to detect overlapping local entries in zip archives, preventing sophisticated compression-ratio attacks.

0.1.4

2026-03-03

  • Recursive extraction: SafeZipFile(…, recursive=True, max_nesting_depth=3) (and safe_extract) auto-descends into nested .zip files, extracting them into subdirectories. All safety limits apply at every level.

  • CLI: New safezip command (extract + list subcommands) with full support for all security limits, passwords, symlink policies, and recursive mode.

  • Nesting protection: max_nesting_depth guard + NestingDepthError prevents deep zip-bomb recursion.

  • Docs & tests: Updated README.rst/AGENTS.md with examples, added ARCHITECTURE.rst, complete CLI + recursive integration test suites.

  • Misc: Simplified Makefile, .gitignore cleanup.

0.1.3

2026-03-01

  • Minor fixes in docs and tests.

0.1.2

2026-02-28

  • Minor fixes.

0.1.1

2026-02-27

  • Tested against Python 3.15.

0.1

2026-02-25

  • Initial beta release.

View llms.txt version