af6f725 · Oversight

v0.4.8: mobile-build portability + rustls-webpki security bump

Patch release covering two fixes already on main since v0.4.7:

- 32-bit usize overflow fix in oversight-rust MAX_CIPHERTEXT_BYTES
  (PR #4) gates the 4 GiB literal to 64-bit targets and falls back to
  usize::MAX on 32-bit. Unblocks the Flutter+Rust mobile companion's
  Android armv7 and i686 builds.
- rustls-webpki bumped 0.103.12 -> 0.103.13 (Dependabot PR #3) for
  GHSA-82j2-j2ch-gfr8 (reachable CRL parse panic) and a corrected URI
  excluded-subtree check. In scope for our Rekor TLS path.

No new features, no breaking changes. Bump applies to the Python
oversight-protocol package and CHANGELOG/README only; Rust workspace
version unchanged.

af6f725 Zion Boggan committed on Apr 29, 2026 (1 month ago)

CHANGELOG.md +19 -0

		@@ -1,5 +1,24 @@
		# Oversight CHANGELOG

	+	## v0.4.8 - 2026-04-29 Mobile-build portability and rustls-webpki security bump
	+
	+	Patch release covering two upstream-driven fixes that landed on `main`
	+	since v0.4.7. No new features and no breaking changes.
	+
	+	- `oversight-rust/oversight-container`: gate the 4 GiB
	+	`MAX_CIPHERTEXT_BYTES` literal to 64-bit targets and fall back to
	+	`usize::MAX` on 32-bit. Required to cross-compile the Rust core for
	+	Android `armv7-linux-androideabi` and `i686-linux-android`, which the
	+	mobile companion (`oversight-protocol/oversight-mobile`, Flutter +
	+	Rust via `flutter_rust_bridge`) embeds unchanged. Behavior is preserved
	+	for any realistic bundle on 32-bit; `usize::MAX` is just under 4 GiB
	+	on those targets. (PR #4, merged 2026-04-26.)
	+	- `oversight-rust` Cargo.lock: bumped `rustls-webpki` from 0.103.12 to
	+	0.103.13. Patches a reachable panic in CRL parsing
	+	(GHSA-82j2-j2ch-gfr8) and an inverted-meaning URI excluded-subtree
	+	check (rustls/webpki#471). In scope because the Rust registry and
	+	Rekor clients use rustls for TLS. (Dependabot PR #3, merged 2026-04-29.)
	+
		## v0.4.7 - 2026-04-22 Registry federation hardening and conformance harness

		Federation stops being aspirational when a second operator can prove

README.md +10 -0

		@@ -110,6 +110,16 @@ The attribute command runs a 5-phase pipeline:
		4. Multi-layer Bayesian fusion combining all evidence into ranked candidates
		5. Content fingerprint comparison (winnowing + sentence hashing) as a last resort when all watermarks are stripped

	+	## What's new in v0.4.8
	+
	+	Mobile-build portability and security bump. Patch release. The
	+	Rust core's 4 GiB ciphertext-size cap is now gated to 64-bit targets
	+	and falls back to `usize::MAX` on 32-bit, which is what unblocks the
	+	mobile companion's `armv7` and `i686` Android builds (the desktop CLI
	+	and registry are unchanged). `rustls-webpki` lifted to 0.103.13 to
	+	pick up the GHSA-82j2-j2ch-gfr8 CRL parse fix and a corrected URI
	+	name-constraint check; both apply to our Rekor TLS path.
	+
		## What's new in v0.4.7

		Registry federation hardening. `docs/spec/registry-v1.md` now

oversight_core/__init__.py +1 -1

		@@ -31,4 +31,4 @@ __all__ = [
		"l3_policy",
		]

	-	__version__ = "0.4.7"
	+	__version__ = "0.4.8"

pyproject.toml +1 -1

		@@ -4,7 +4,7 @@ build-backend = "setuptools.build_meta"

		[project]
		name = "oversight-protocol"
	-	version = "0.4.7"
	+	version = "0.4.8"
		description = "Open protocol for cryptographic data provenance, recipient attribution, and leak detection."
		readme = "README.md"
		license = {text = "Apache-2.0"}