From 3b31242e77a53498292473d0fdb01a57efc3044b Mon Sep 17 00:00:00 2001 From: yuriyryabikov <22548029+kurok@users.noreply.github.com> Date: Fri, 12 Jun 2026 22:13:03 +0100 Subject: [PATCH] release: v0.4.0 MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Bump version 0.3.0 -> 0.4.0 (single-sourced from Cargo.toml) and finalize the CHANGELOG. v0.3.0 was the PyO3 0.16.6 release; this is the first release of the modernized parser (PyO3 0.29, security fixes, 3.11–3.14 support). Note: includes breaking changes — drops Python 3.7–3.10, str input is now lossless UTF-8, and undecodable bodies raise ParseError. Signed-off-by: yuriyryabikov <22548029+kurok@users.noreply.github.com> --- CHANGELOG.md | 42 +++++++++++++++++++++++++++++++++--------- Cargo.toml | 2 +- 2 files changed, 34 insertions(+), 10 deletions(-) diff --git a/CHANGELOG.md b/CHANGELOG.md index 3187484..6a14fb4 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -7,23 +7,46 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0 ## [Unreleased] -## [0.3.0] +## [0.4.0] - 2026-06-12 + +### Breaking + +- Dropped support for Python 3.7–3.10; the minimum supported version is now + **3.11** (`requires-python >= 3.11`). +- `str` input to `parse_email` is now decoded as UTF-8 (lossless). Previously + each code point was truncated to its low byte, corrupting non-ASCII input. + Output for non-ASCII `str` therefore changes — pass `bytes` for exact control. +- Message bodies that fail to decode (e.g. invalid base64) now raise + `ParseError` instead of silently returning an empty value. ### Changed -- Upgraded PyO3 from 0.16 to 0.29, resolving RUSTSEC-2025-0020 and - RUSTSEC-2026-0177 advisories. -- Added a fast path for string input parsing, improving throughput. +- Upgraded PyO3 0.16.6 → 0.29.0, resolving RUSTSEC-2025-0020 and + RUSTSEC-2026-0177. +- Upgraded `mailparse` 0.15.0 → 0.16.1. +- Track the stable Rust toolchain and declare the MSRV (`rust-version = 1.83`). +- Faster string-input parsing via a UTF-8 fast path. ### Added -- Public API contract tests to guard the exposed interface. -- An RFC-feature `.eml` test corpus covering MIME and RFC 822 edge cases. +- Support for CPython 3.13 and 3.14. +- Denial-of-service hardening: input-size cap (100 MiB) and MIME + recursion-depth cap (256), both surfaced as `ParseError`. +- Public API contract tests, an RFC-feature `.eml` corpus, round-trip + correctness tests, and an empty-field sentinel test. +- `CONTRIBUTING.md` with build-from-source and testing instructions. ### Security -- Hardened CI: enforced `rustfmt` and `cargo audit`, added Dependabot and - `cargo-deny` configuration, and pinned the audit cache. +- Fixed the lossy `str`→bytes conversion that corrupted non-ASCII input. +- Added untrusted-input DoS guards (input-size and recursion-depth caps). +- Hardened CI: PR-gated matrix, blocking `cargo audit`, SHA-pinned actions, + Dependabot, `cargo-deny`, OIDC Trusted Publishing, and removed real PII from + test fixtures. + +## [0.3.0] + +Prior release (PyO3 0.16.6). See the Git history for details. --- @@ -31,5 +54,6 @@ The package version is single-sourced from `Cargo.toml`'s `[package].version`. `pyproject.toml` declares `dynamic = ["version"]`, so maturin reads the version from `Cargo.toml` at build time. Bump the version in `Cargo.toml` only. -[Unreleased]: https://github.com/namecheap/fast_mail_parser/compare/v0.3.0...HEAD +[Unreleased]: https://github.com/namecheap/fast_mail_parser/compare/v0.4.0...HEAD +[0.4.0]: https://github.com/namecheap/fast_mail_parser/compare/v0.3.0...v0.4.0 [0.3.0]: https://github.com/namecheap/fast_mail_parser/releases/tag/v0.3.0 diff --git a/Cargo.toml b/Cargo.toml index 2250e82..0288200 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -3,7 +3,7 @@ name = "fast_mail_parser" description = "Very fast Python library for .eml files parsing." edition = "2021" rust-version = "1.83" -version = "0.3.0" +version = "0.4.0" authors = ["Andrii Sokyrko "] readme = "Readme.md" license-file = "LICENSE"