Changelog

Copy Markdown View Source

[0.1.3] - 2026-05-15

Security

  • Fix timing attack vulnerability in webhook signature verification by replacing == with constant-time HMAC comparison
  • Fix atom table exhaustion vulnerability by replacing String.to_atom/1 with String.to_existing_atom/1 on API response keys
  • Remove sensitive data leakage (response bodies, error internals) from error messages in HTTP client
  • Fix undefined function calls in legacy Request module (Config.get_headers/0, Config.get_auth/0, Config.api_url/0)

[0.1.2] - 2026-02-09

Fixed

  • Bug fix for OAuth function
  • Cleaning redundant code

[0.1.1] - 2026-01-30

Added

  • First release