kobako 0.11.0 → 0.11.1

checksums.yaml

@@ -1,7 +1,7 @@
 ---
 SHA256:
-  metadata.gz: cc8e33cc57bfd43cf4d4e06def6536c8c0d45fd4ccd5bbf04b13a4187db67f0a
-  data.tar.gz: 8656976c144bb23226686b2c8f60830d3fd635f637c52caaa824bd3e168e07f2
+  metadata.gz: d4988fb0777b2a0365c1ca00ec1056d421a43dbd0ddfbe816c90c3b7eb11326c
+  data.tar.gz: f9354c79ca9da885844339f9cc04d4c1770743eee6998dfc117190bc3e59fade
 SHA512:
-  metadata.gz: 35258fb35a0accee9beea36f01c4fb6cb2c658a2aefcb3ae4ebb7c17decd4e97f1b35e155121ae77456eed6d529d7ec13195ba43a3bf8a3ad43724d11ae5512b
-  data.tar.gz: 06ea66fd5877fc58fc6e5a21805d434e53968004e8c00577264ca547b10ae7aa4f4196798a3fa18da332fd730cc8fe441ac8e37dbfe2527653fed0da598d8bbf
+  metadata.gz: 7aaee105f78b392b7b7ce7b922213e09d27a459c5625473d55eaf380a5cbdd949d6c7440ba04bcf25dcdcf44c493e9b2270fe1e5ec62ce85a139b2ea0b711ad2
+  data.tar.gz: 541e6250ca3b3f634e8588e6b7a9af419d287ed212c2809c2e563834510a762b8d0e1fd43f1bb564a4338e6db2176eee2c5a164ec69532253a27a1bd77658d11

data/.release-please-manifest.json

@@ -1 +1 @@
-{".":"0.11.0","wasm/kobako-core":"0.5.0","wasm/kobako":"0.5.0","wasm/kobako-io":"0.5.0","wasm/kobako-regexp":"0.5.0","wasm/kobako-baker":"0.5.0"}
+{".":"0.11.1","wasm/kobako-core":"0.5.1","wasm/kobako":"0.5.1","wasm/kobako-io":"0.5.1","wasm/kobako-regexp":"0.5.1","wasm/kobako-baker":"0.5.1"}

data/CHANGELOG.md

@@ -1,5 +1,12 @@
 # Changelog
 
+## [0.11.1](https://github.com/elct9620/kobako/compare/v0.11.0...v0.11.1) (2026-06-14)
+
+
+### Bug Fixes
+
+* **guest:** adopt beni 0.7.0 protected dispatch (B-51) ([c61655b](https://github.com/elct9620/kobako/commit/c61655bcead336d32a4b6ff7ff1b34c21cdfccd9))
+
 ## [0.11.0](https://github.com/elct9620/kobako/compare/v0.10.0...v0.11.0) (2026-06-13)
 
 

data/Cargo.lock

@@ -878,7 +878,7 @@ dependencies = [
 
 [[package]]
 name = "kobako"
-version = "0.11.0"
+version = "0.11.1"
 dependencies = [
  "libc",
  "magnus",

data/README.md

@@ -329,7 +329,7 @@ forwards to another Service but never reads — while a named subset becomes an
 
 Guest code can name any `<Namespace>::<Member>` path, but a forged name only resolves to
 something you bound — the real authorization gate is this host-side allowlist. Give each
-trust context its own Sandbox, and see [`docs/security.md`](docs/security.md) for the rest
+trust context its own Sandbox, and see [`docs/security-model.md`](docs/security-model.md) for the rest
 as security-design concerns: validating untrusted input, default-deny external effects,
 and controlling the return surface.
 

data/SECURITY.md

@@ -0,0 +1,35 @@
+# Security Policy
+
+kobako runs untrusted guest code inside an in-process Wasm sandbox, so a break in
+its isolation boundary is treated as a security issue. This file is about **reporting
+such an issue**; for how the boundary is meant to work and where your
+responsibilities as a host begin, see [`docs/security-model.md`](docs/security-model.md).
+
+## Supported versions
+
+kobako is pre-1.0. Security fixes land on the latest released `0.x` version only;
+upgrade to it before reporting.
+
+## Reporting a vulnerability
+
+Report privately through GitHub's **[Report a vulnerability](https://github.com/elct9620/kobako/security/advisories/new)**
+flow — please do not open a public issue or pull request for a suspected vulnerability.
+
+Include the affected version, a minimal guest script or host setup that reproduces the
+issue, and what boundary you expected to hold. You can expect an initial acknowledgement
+within a few days; once a fix or mitigation is agreed, disclosure is coordinated through
+a GitHub Security Advisory. Reporters are credited in the published advisory unless you
+ask to stay anonymous.
+
+## Scope
+
+In scope is anything that lets guest code cross the isolation boundary it should not:
+reaching host memory, the filesystem, the network, or `ENV`; obtaining ambient time or
+entropy the host froze; reaching a `Namespace::Member` you never bound; or a
+memory-safety fault in the host codec or wasmtime driver.
+
+Out of scope is what a bound Service is *designed* to expose: if guest code reaches a
+method because you bound an object carrying it, that is a host-side authorization
+choice, not a sandbox escape — narrow the bound surface as described in the security
+model. Resource exhaustion that stays within the limits you configured is likewise
+expected behaviour, not a vulnerability.

data/ext/kobako/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "kobako"
-version = "0.11.0"
+version = "0.11.1"
 edition = "2021"
 authors = ["Aotokitsuruya <contact@aotoki.me>"]
 license = "Apache-2.0"

data/ext/kobako/src/runtime/ambient.rs

@@ -5,7 +5,7 @@
 //! seed. No allowlisted mrbgem reaches these preview1 imports today
 //! (`build_config/wasi.rb`), but a future libc-backed gem would silently
 //! obtain real time and host entropy — a covert timing channel and a
-//! nondeterminism source the sandbox deliberately excludes (docs/security.md).
+//! nondeterminism source the sandbox deliberately excludes (docs/security-model.md).
 //! Pinning the clocks to the Unix epoch and the RNG to a constant stream
 //! makes that denial a property of the host, not merely of the gem allowlist.
 //!

data/lib/kobako/version.rb

@@ -1,5 +1,5 @@
 # frozen_string_literal: true
 
 module Kobako
-  VERSION = "0.11.0"
+  VERSION = "0.11.1"
 end

data/release-please-config.json

@@ -2,6 +2,7 @@
   "$schema": "https://raw.githubusercontent.com/googleapis/release-please/main/schemas/config.json",
   "release-type": "ruby",
   "last-release-sha": "5694da60b08931ea260e13025689b8d8c47d767a",
+  "group-pull-request-title-pattern": "chore${scope}: release${component} ${version}",
   "packages": {
     ".": {
       "component": "kobako",

metadata

@@ -1,7 +1,7 @@
 --- !ruby/object:Gem::Specification
 name: kobako
 version: !ruby/object:Gem::Version
-  version: 0.11.0
+  version: 0.11.1
 platform: ruby
 authors:
 - Aotokitsuruya
@@ -53,6 +53,7 @@ files:
 - Cargo.toml
 - LICENSE
 - README.md
+- SECURITY.md
 - data/kobako.wasm
 - ext/kobako/Cargo.toml
 - ext/kobako/extconf.rb