chore: Add release notes for 0.13.1

af27e436 · Jorropo · Adin Schmahmann · bc4f854a · af27e436
Commit af27e436 authored Jul 6, 2022 by Jorropo Committed by Adin Schmahmann Jul 6, 2022
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
 # go-ipfs changelog
+## v0.13.1 2022-07-06
+This release includes security fixes for various DOS vectors when importing untrusted user input with `ipfs dag import`
+and the [`v0/dag/import`](https://docs.ipfs.io/reference/http/api/#api-v0-dag-import) endpoint.
+View the linked [security advisory](https://github.com/ipfs/go-ipfs/security/advisories/GHSA-f2gr-7299-487h) for more information.
+### Changelog
+- github.com/ipfs/go-ipfs:
+  - chore: update car
+- github.com/ipld/go-car (v0.3.2 -> v0.4.0) & (v2.1.1 -> v2.4.0):
+  - Bump version in prep for releasing go-car `v0`
+  - Revert changes to `insertionindex`
+  - Revert changes to `index.Index` while keeping most of security fixes
+  - Return error when section length is invalid `varint`
+  - Drop repeated package name from `CarStats`
+  - Benchmark `Reader.Inspect` with and without hash validation
+  - Use consistent CID mismatch error in `Inspect` and `BlockReader.Next`
+  - Use streaming APIs to verify the hash of blocks in CAR `Inspect`
+  - test: add fuzzing for reader#Inspect
+  - feat: add block hash validation to Inspect()
+  - feat: add Reader#Inspect() function to check basic validity of a CAR and return stats
+  - Remove support for `ForEach` enumeration from car-index-sorted
+  - Use a fix code as the multihash code for `CarIndexSorted`
+  - Fix testutil assertion logic and update index generation tests
+  - fix: tighter constraint of singleWidthIndex width, add index recommentation docs
+  - fix: explicitly disable serialization of insertionindex
+  - feat: MaxAllowed{Header,Section}Size option
+  - feat: MaxAllowedSectionSize default to 32M
+  - fix: use CidFromReader() which has overread and OOM protection
+  - fix: staticcheck catches
+  - fix: revert to internalio.NewOffsetReadSeeker in Reader#IndexReader
+  - fix index comparisons
+  - feat: Refactor indexes to put storage considerations on consumers
+  - test: v2 add fuzzing of the index
+  - fix: v2 don't divide by zero in width indexes
+  - fix: v2 don't allocate indexes too big
+  - test: v2 add fuzzing to Reader
+  - fix: v2 don't accept overflowing offsets while reading v2 headers
+  - test: v2 add fuzzing to BlockReader
+  - fix: v2 don't OOM if the header size is too big
+  - test: add fuzzing of NewCarReader
+  - fix: do bound check while checking for CIDv0
+  - fix: don't OOM if the header size is too big
+  - Add API to regenerate index from CARv1 or CARv2
+  - PrototypeChooser support (#305) ([ipld/go-car#305](https://github.com/ipld/go-car/pull/305))
+  - bump to newer blockstore err not found (#301) ([ipld/go-car#301](https://github.com/ipld/go-car/pull/301))
+  - Car command supports for `largebytes` nodes (#296) ([ipld/go-car#296](https://github.com/ipld/go-car/pull/296))
+  - fix(test): rootless fixture should have no roots, not null roots
+  - Allow extracton of a raw unixfs file (#284) ([ipld/go-car#284](https://github.com/ipld/go-car/pull/284))
+  - cmd/car: use a better install command in the README
+  - feat: --version selector for `car create` & update deps
+  - feat: add option to create blockstore that writes a plain CARv1 (#288) ([ipld/go-car#288](https://github.com/ipld/go-car/pull/288))
+  - add `car detach-index list` to list detached index contents (#287) ([ipld/go-car#287](https://github.com/ipld/go-car/pull/287))
+  - add `car root` command (#283) ([ipld/go-car#283](https://github.com/ipld/go-car/pull/283))
+  - make specification of root cid in get-dag command optional (#281) ([ipld/go-car#281](https://github.com/ipld/go-car/pull/281))
+  - Update `version.json` after manual tag push
+  - Update v2 to context datastores (#275) ([ipld/go-car#275](https://github.com/ipld/go-car/pull/275))
+  - update context datastore ([ipld/go-car#273](https://github.com/ipld/go-car/pull/273))
+  - Traversal-based car creation (#269) ([ipld/go-car#269](https://github.com/ipld/go-car/pull/269))
+  - Seek to start before index generation in `ReadOnly` blockstore
+  - support extraction of unixfs content stored in car files (#263) ([ipld/go-car#263](https://github.com/ipld/go-car/pull/263))
+  - Add a barebones readme to the car CLI (#262) ([ipld/go-car#262](https://github.com/ipld/go-car/pull/262))
+  - sync: update CI config files (#261) ([ipld/go-car#261](https://github.com/ipld/go-car/pull/261))
+  - fix!: use -version=n instead of -v1 for index command
+  - feat: fix get-dag and add version=1 option
+  - creation of car from file / directory (#246) ([ipld/go-car#246](https://github.com/ipld/go-car/pull/246))
+  - forEach iterates over index in stable order (#258) ([ipld/go-car#258](https://github.com/ipld/go-car/pull/258))
+- github.com/multiformats/go-multicodec (v0.4.1 -> v0.5.0):
+  - Bump version to 0.5.0
+  - Bump version to 0.4.2
+  - deps: update stringer version in go generate command
+  - docs(readme): improved usage examples (#66) ([multiformats/go-multicodec#66](https://github.com/multiformats/go-multicodec/pull/66))
+### ❤  Contributors
+| Contributor | Commits | Lines ± | Files Changed |
+|-------------|---------|---------|---------------|
+| Masih H. Derkani | 27 | +1494/-1446 | 100 |
+| Rod Vagg | 31 | +2021/-606 | 105 |
+| Will | 19 | +1898/-151 | 69 |
+| Jorropo | 27 | +1638/-248 | 76 |
+| Aayush Rajasekaran | 1 | +130/-100 | 10 |
+| whyrusleeping | 1 | +24/-22 | 4 |
+| Marcin Rataj | 1 | +27/-1 | 1 |
 ## v0.13.0 2022-05-04
 We're happy to announce go-ipfs 0.13.0, packed full of changes and improvements!