@blamejs/core 0.13.7 → 0.13.9

package/CHANGELOG.md

@@ -8,6 +8,10 @@ upgrading across more than a few patches at a time.
 
 ## v0.13.x
 
+- v0.13.9 (2026-05-26) — **Corrected CVE citations in source threat annotations + a build gate that refuses malformed CVE identifiers.** Several source-comment threat annotations cited CVE identifiers that were rejected by the numbering authority (never assigned to a real issue), attributed to the wrong product, or structurally malformed (a placeholder with a non-numeric sequence). The annotated defenses are unchanged — every cap, refusal, and constant-time comparison behaves exactly as before; only the reference labels were corrected, each to a verifiable CVE or to the underlying weakness class (CWE / RFC) where no single CVE fits. Notable corrections: the S/MIME SHA-1 / MD5 certificate-signature refusal now cites the SHAttered collision and RFC 8551 §2.5 instead of a rejected candidate id; decompression-output caps cite CWE-409 and CVE-2025-0725 instead of a fabricated placeholder; the iCalendar RRULE / nesting / byte caps describe the calendar-bomb recursion-DoS class instead of an unrelated SSRF advisory; and the SAML signature-wrapping (XSW) defense now cites the actively-exploited CVE-2024-45409 (ruby-saml, CVSS 10.0) and CVE-2025-25291 / -25292 that the duplicate-element refusal defeats. A new build-time detector refuses any CVE token whose sequence number is not all-numeric, so a placeholder identifier can never reach a release again. **Fixed:** *Corrected rejected / misattributed / malformed CVE references in source threat annotations* — Threat-annotation comments across the mail, crypto, auth, guard, and safe modules carried CVE identifiers that were rejected by the CVE numbering authority, attributed to the wrong product, or written as non-numeric placeholders. Each was corrected to a verifiable CVE or to the weakness class (CWE / RFC) it defends. No runtime behaviour changed — the defenses these comments describe are unchanged. The S/MIME certificate check's SHA-1 / MD5 refusal message now names the SHAttered collision and RFC 8551 §2.5; the SAML XSW defense now names CVE-2024-45409 and CVE-2025-25291 / -25292. **Detectors:** *`malformed-cve-identifier` — refuses structurally-invalid CVE tokens at build time* — A CVE identifier's sequence number is always numeric (`CVE-<year>-<digits>`). The new detector refuses any CVE token whose post-year segment contains a letter — the placeholder shape that lets a fabricated reference slip past review. It cannot verify that a well-formed id is real or correctly attributed (that stays a review responsibility), but it makes the structurally-invalid class impossible to ship.
+
+- v0.13.8 (2026-05-26) — **In-memory archive extraction for read-only / serverless filesystems.** Archive readers gain an in-memory extraction path so an uploaded archive can be opened and its contents read without writing anything to disk — the case a read-only or ephemeral serverless filesystem requires. b.archive.read.zip(...).extractEntries() and b.archive.read.tar(...).extractEntries() are async generators that yield each regular file entry as { name, bytes, size }, applying the same bomb-policy caps, b.guardArchive metadata cascade (which refuses a Zip-Slip / traversal archive wholesale), and entry-type-policy refusals as the disk extract() — only the disk realpath agreement check is omitted, since nothing is written and the caller owns where the returned bytes land. Directory and link entries carry no content and are not yielded. The guard cascade is factored into one shared path so disk and in-memory extraction refuse identically. Also a documentation fix: b.archive.gz no longer claims a b.archive.zip().toGzip() convenience exists — a ZIP is already DEFLATE-compressed per entry, so gzip-wrapping it gains nothing; gzip the uncompressed tar stream (the canonical .tar.gz) instead. **Added:** *`extractEntries()` — in-memory archive extraction (ZIP + tar)* — `b.archive.read.zip(source).extractEntries(opts?)` and `b.archive.read.tar(source).extractEntries(opts?)` are async generators yielding `{ name, bytes, size }` per regular file entry, never touching disk — for serverless / read-only filesystems where the disk `extract({ destination })` path cannot run. Same bomb-policy, guard-archive cascade, and entry-type-policy refusals as disk extraction; the bytes are byte-identical to what `extract()` writes. **Fixed:** *Removed the inaccurate `b.archive.zip().toGzip()` doc claim* — The `b.archive.gz` documentation described a `b.archive.zip().toGzip()` convenience method that does not (and should not) exist: a ZIP is already DEFLATE-compressed per entry, so gzip-wrapping it would compress already-compressed data for no benefit. `b.archive.tar().toGzip()` (the real `.tar.gz`) is unchanged.
+
 - v0.13.7 (2026-05-26) — **Documentation accuracy — several primitives described shipped features as deferred.** A documentation sweep corrected primitive descriptions that still called features deferred after they shipped, so the wiki and inline docs now match the code. b.mdoc documents that device authentication (the ISO 18013-5 §9.1.3 signature variant, verifyDeviceAuth) is verified, not deferred — only the COSE_Mac0 device-auth variant remains refused. b.network.dns.dnssec documents that the root-to-zone chain walk against the IANA trust anchors (verifyChain) and NSEC / NSEC3 denial of existence (verifyDenial / nsec3Hash) ship, where the card previously said they were deferred. b.cose lists COSE_Mac0 and COSE_Encrypt0 among what it ships. The JMAP server documents its push channel, blob upload/download, and EmailSubmission handlers as present, and the submission server documents CHUNKING / BDAT as supported. A new test detector keeps this class of drift from recurring: it fails the build when a comment promises a feature lands in a version that has already shipped. **Fixed:** *Corrected `deferred`/`does-not-ship` docs for features that have shipped* — `b.mdoc` (device authentication, §9.1.3), `b.network.dns.dnssec` (chain walk + NSEC/NSEC3), `b.cose` (COSE_Mac0 + COSE_Encrypt0), the JMAP server (push, blob, EmailSubmission), and the submission server (BDAT/CHUNKING) all carried `@card`/`@intro` text describing shipped capabilities as deferred or not-shipped. The descriptions now match the implemented surface; genuinely-deferred items (the mdoc MAC variant, DNSSEC in-RDATA name canonicalization, COSE multi-signer/multi-recipient) remain documented as such. **Detectors:** *Overdue-defer detector in the codebase-pattern gate* — A new check fails the build when a comment promises a feature "lands in" / is "deferred to" / is "not supported in" a version that the package has already reached — catching stale deferral notes (a feature that shipped but whose comment still says otherwise, or a missed deadline) before they reach a release. An allowlist records the deliberate defer-with-condition exceptions.
 
 - v0.13.6 (2026-05-26) — **`b.ai.frontierModelProtocol` — California SB 53 frontier-AI obligations.** b.ai.frontierModelProtocol assesses a developer's obligations under California's Transparency in Frontier Artificial Intelligence Act — SB 53, Cal. Bus. & Prof. Code §22757.10, effective 2026-01-01 — from a model's training compute and the developer's revenue. It reports whether the model crosses the frontier threshold (more than 10^26 training FLOPs), whether the developer is a large frontier developer (prior-year revenue, with affiliates, above $500M), and the resulting obligations: every frontier developer must report critical safety incidents and publish a transparency report, and a large frontier developer must additionally publish an annual safety framework and disclose its catastrophic-risk assessment. Passing a candidate safety framework reports which required elements (risk identification, mitigation, governance, cybersecurity, standards alignment) are missing. b.ai.frontierModelProtocol.incidentReport validates a critical-incident type against the Act's four categories and computes the notification deadline to the California Office of Emergency Services — 15 days from discovery, or 24 hours when there is an imminent risk of death or serious physical injury. The ca-tfaia compliance posture was already in the catalog. **Added:** *`b.ai.frontierModelProtocol` — SB 53 threshold classification, obligations, and incident reporting* — `b.ai.frontierModelProtocol({ trainingFlops, annualRevenueUsd, framework? })` returns `isFrontierModel`, `isLargeFrontierDeveloper`, the `obligations` list, and (when a framework is supplied) its `frameworkGaps`. `b.ai.frontierModelProtocol.incidentReport({ type, discoveredAt, imminentRiskToLife? })` builds a critical-safety-incident report with the California OES recipient and a `dueAt` / `deadlineHours` computed from the 15-day (or 24-hour imminent-risk) statutory window; `type` must be one of the four categories in `INCIDENT_TYPES`. Throws `FrontierProtocolError` on malformed input.

package/README.md

@@ -228,7 +228,7 @@ The framework bundles the surface a typical Node app reaches for. Every primitiv
 - **i18n** — CLDR plural rules, Accept-Language negotiation, Intl formatters, RTL (`b.i18n`)
 - **CSV** — RFC 4180 with Excel formula-injection prevention (`b.csv`)
 - **IDs + slugs** — RFC 9562 UUID v4 + v7 (`b.uuid`); URL-safe slugs (`b.slug`)
-- **Time + archive** — TZ-aware datetime (`b.time`); ZIP creation + adversarial-safe read with bomb caps + path-traversal + LFH/CD-skew defense (`b.archive` + `b.archive.read.zip`); one-liner quarantine extraction (`b.safeArchive.extract`); fs / objectStore / http / buffer / trusted-stream adapter contract (`b.archive.adapters`)
+- **Time + archive** — TZ-aware datetime (`b.time`); ZIP creation + adversarial-safe read with bomb caps + path-traversal + LFH/CD-skew defense (`b.archive` + `b.archive.read.zip`); one-liner quarantine extraction (`b.safeArchive.extract`); in-memory extraction with no disk write for read-only / serverless filesystems (`b.archive.read.zip(...).extractEntries()` / `.tar`); fs / objectStore / http / buffer / trusted-stream adapter contract (`b.archive.adapters`)
 - **Pagination + forms** — HMAC-signed cursor pagination (`b.pagination`); HTML form rendering + validation + CSRF (`b.forms`)
 
 ### Production

package/lib/archive-gz.js

@@ -47,9 +47,11 @@ function _isGzipMagic(buf) {
  * `toAdapter(adapter)` / `digest()` — so gzip slots into the same
  * downstream sinks (object-store + filesystem + http adapters).
  *
- * Composes `b.archive.tar().toGzip(adapter)` / `b.archive.zip().
- * toGzip(adapter)` indirectly: those convenience methods call this
- * primitive after materializing their archive bytes.
+ * `b.archive.tar().toGzip(adapter)` composes this primitive after
+ * materializing the tar bytes (the canonical `.tar.gz`). There is no
+ * `zip().toGzip()` — a ZIP is already DEFLATE-compressed per entry, so
+ * gzip-wrapping it would compress already-compressed data for no gain;
+ * gzip the uncompressed tar stream instead.
  *
  * @opts
  *   level:  number,    // 0-9, default 6 (zlib default).

package/lib/archive-read.js

@@ -546,21 +546,13 @@ function zip(adapter, opts) {
     }
   }
 
-  async function extract(extractOpts) {
-    extractOpts = extractOpts || {};
-    if (typeof extractOpts.destination !== "string" || extractOpts.destination.length === 0) {
-      throw new ArchiveReadError("archive-read/no-destination",
-        "extract: opts.destination must be a non-empty string (target directory)");
-    }
-    var destination = nodePath.resolve(extractOpts.destination);
-    if (!nodeFs.existsSync(destination)) {
-      nodeFs.mkdirSync(destination, { recursive: true });
-    }
-    var loaded = await _loadCD();
-    _enforceBombPolicy(loaded.entries, bombPolicy);
-    // Compose b.guardArchive on the metadata pass — operators with a
-    // posture set declared via opts.guardProfile get the cascade.
-    var guardEntries = loaded.entries.map(function (e) {
+  // Run the b.guardArchive metadata cascade and refuse the whole archive on
+  // any critical issue. Shared by disk `extract` and in-memory `extractEntries`
+  // so both apply the identical posture-aware refusal. `auditAction` names the
+  // audit row for the refusal path.
+  function _assertGuardMetadata(loadedEntries, auditAction) {
+    if (opts.guardProfile === false) return;
+    var guardEntries = loadedEntries.map(function (e) {
       return {
         name:           e.name,
         size:           e.uncompressedSize,
@@ -573,24 +565,80 @@ function zip(adapter, opts) {
         attrs:          { externalAttrs: e.externalAttrs },
       };
     });
-    if (opts.guardProfile !== false) {
-      var profile = opts.guardProfile || "balanced";
-      var guardResult = guardArchive().validateEntries(guardEntries, { profile: profile });
-      if (guardResult && Array.isArray(guardResult.issues) && guardResult.issues.length > 0) {
-        // Refuse the whole archive when any entry trips a critical
-        // guard issue; collect every issue for the audit trail.
-        var critical = guardResult.issues.filter(function (i) { return i.severity === "critical"; });
-        if (critical.length > 0) {
-          _emitAudit(opts, "archive.read.extract.refused", "refused", {
-            entries: loaded.entries.length,
-            issues:  critical.map(function (i) { return i.ruleId; }),
-          });
-          throw new ArchiveReadError("archive-read/guard-refused",
-            "extract refused — " + critical.length + " critical guard issue(s): " +
-            critical.map(function (i) { return i.ruleId + " (" + i.snippet + ")"; }).join("; "));
-        }
+    var profile = opts.guardProfile || "balanced";
+    var guardResult = guardArchive().validateEntries(guardEntries, { profile: profile });
+    if (!guardResult || !Array.isArray(guardResult.issues) || guardResult.issues.length === 0) return;
+    var critical = guardResult.issues.filter(function (i) { return i.severity === "critical"; });
+    if (critical.length === 0) return;
+    _emitAudit(opts, auditAction, "refused", {
+      entries: loadedEntries.length,
+      issues:  critical.map(function (i) { return i.ruleId; }),
+    });
+    throw new ArchiveReadError("archive-read/guard-refused",
+      "extract refused — " + critical.length + " critical guard issue(s): " +
+      critical.map(function (i) { return i.ruleId + " (" + i.snippet + ")"; }).join("; "));
+  }
+
+  // In-memory extraction: yields each file entry's decompressed bytes WITHOUT
+  // writing to disk — for read-only / serverless filesystems. Applies the same
+  // bomb-policy, guard cascade, entry-type policy, and per-entry filename
+  // safety as `extract`; directory entries are skipped (no bytes). The realpath
+  // agreement check is disk-specific and intentionally omitted (no extraction
+  // root); the caller owns where, if anywhere, the bytes land.
+  async function* extractEntries(extractOpts) {
+    extractOpts = extractOpts || {};
+    var loaded = await _loadCD();
+    _enforceBombPolicy(loaded.entries, bombPolicy);
+    _assertGuardMetadata(loaded.entries, "archive.read.extractEntries.refused");
+    var totalDecompressed = 0;
+    var yielded = 0;
+    for (var i = 0; i < loaded.entries.length; i += 1) {
+      var entry = loaded.entries[i];
+      if (entry.isEncrypted && !extractOpts.allowEncrypted) {
+        throw new ArchiveReadError("archive-read/encrypted-entry",
+          "entry " + JSON.stringify(entry.name) + " is encrypted — not decrypted on the in-memory path");
+      }
+      var typeRefusal = _enforceEntryTypePolicy(entry, entryTypePolicy);
+      if (typeRefusal) {
+        throw new ArchiveReadError("archive-read/entry-type-refused",
+          "entry " + JSON.stringify(entry.name) + " is a " + typeRefusal +
+          " — refused by entryTypePolicy");
+      }
+      if (_isDirectoryEntry(entry.name, entry.externalAttrs)) continue;
+      // Archive-level name threats (Zip-Slip traversal, etc.) are refused for
+      // the whole archive by the guardArchive cascade above. The caller owns
+      // final placement of the returned bytes; we deliberately do NOT apply the
+      // disk-write filename policy (shell-exec extensions / reserved names) here
+      // — nothing is written, and over-filtering would drop legitimate names.
+      var lfhResult = await _verifyLfhMatchesCd(adapter, entry);
+      var body = await _decompressEntry(adapter, entry, lfhResult.dataStart, bombPolicy);
+      totalDecompressed += body.length;
+      if (totalDecompressed > bombPolicy.maxTotalDecompressedBytes) {
+        throw new ArchiveReadError("archive-read/total-too-large",
+          "cumulative uncompressed=" + totalDecompressed +
+          " exceeds maxTotalDecompressedBytes during extractEntries");
       }
+      yielded += 1;
+      yield { name: entry.name, bytes: body, size: body.length };
+    }
+    _emitAudit(opts, "archive.read.extractEntries.completed", "success", { entries: yielded });
+  }
+
+  async function extract(extractOpts) {
+    extractOpts = extractOpts || {};
+    if (typeof extractOpts.destination !== "string" || extractOpts.destination.length === 0) {
+      throw new ArchiveReadError("archive-read/no-destination",
+        "extract: opts.destination must be a non-empty string (target directory)");
     }
+    var destination = nodePath.resolve(extractOpts.destination);
+    if (!nodeFs.existsSync(destination)) {
+      nodeFs.mkdirSync(destination, { recursive: true });
+    }
+    var loaded = await _loadCD();
+    _enforceBombPolicy(loaded.entries, bombPolicy);
+    // Compose b.guardArchive on the metadata pass — operators with a
+    // posture set declared via opts.guardProfile get the cascade.
+    _assertGuardMetadata(loaded.entries, "archive.read.extract.refused");
     var written = [];
     var bytesExtracted = 0;
     var totalDecompressed = 0;
@@ -693,10 +741,11 @@ function zip(adapter, opts) {
   }
 
   return {
-    kind:    "zip-random-access",
-    inspect: inspect,
-    entries: entries,
-    extract: extract,
+    kind:           "zip-random-access",
+    inspect:        inspect,
+    entries:        entries,
+    extract:        extract,
+    extractEntries: extractEntries,
   };
 }
 

package/lib/archive-tar-read.js

@@ -276,6 +276,87 @@ function tar(adapter, opts) {
     });
   }
 
+  // Shared b.guardArchive metadata cascade — disk `extract` + in-memory
+  // `extractEntries` refuse the whole archive identically on a critical issue.
+  function _assertGuardMetadata(entries, auditAction) {
+    if (opts.guardProfile === false) return;
+    var profile = opts.guardProfile || "balanced";
+    var guardEntries = entries.map(function (e) {
+      return {
+        name:           e.name,
+        size:           e.size,
+        compressedSize: e.size,
+        isSymlink:      e.typeflag === TF_SYMLINK,
+        isHardlink:     e.typeflag === TF_HARDLINK,
+        linkTarget:     e.linkname,
+        isDirectory:    e.typeflag === TF_DIRECTORY,
+        isEncrypted:    false,
+        attrs:          { mode: e.mode },
+      };
+    });
+    var guardResult = guardArchive().validateEntries(guardEntries, { profile: profile });
+    if (!guardResult || !Array.isArray(guardResult.issues)) return;
+    var critical = guardResult.issues.filter(function (i) { return i.severity === "critical"; });
+    if (critical.length === 0) return;
+    _emitAudit(opts, auditAction, "refused", {
+      entries: entries.length,
+      issues:  critical.map(function (i) { return i.ruleId; }),
+    });
+    throw new TarError("archive-tar/guard-refused",
+      "extract refused — " + critical.length + " critical guard issue(s)");
+  }
+
+  // In-memory extraction: yields each regular file entry's bytes without
+  // writing to disk (read-only / serverless filesystems). Same guard cascade,
+  // type-policy refusals, filename safety, and bomb cap as `extract`; directory
+  // and (validated) link entries carry no content and are not yielded.
+  async function* extractEntries(extractOpts) {
+    extractOpts = extractOpts || {};
+    var allowDangerous = extractOpts.allowDangerous || {};
+    var walked = await _walk();
+    var entries = walked.entries;
+    var bytes = walked.bytes;
+    _assertGuardMetadata(entries, "archive.read.tar.extractEntries.refused");
+    var totalDecompressed = 0;
+    var yielded = 0;
+    for (var i = 0; i < entries.length; i += 1) {
+      var entry = entries[i];
+      var type = _classifyTypeflag(entry.typeflag);
+      if (type === "device" || type === "fifo" || type === "socket") {
+        throw new TarError("archive-tar/entry-type-refused",
+          "entry " + JSON.stringify(entry.name) + " is a " + type + " — refused unconditionally");
+      }
+      if (type === "symlink" && !(allowDangerous.symlinks || entryTypePolicy.symlinks)) {
+        throw new TarError("archive-tar/entry-type-refused",
+          "entry " + JSON.stringify(entry.name) + " is a symlink — refused by entryTypePolicy");
+      }
+      if (type === "hardlink" && !(allowDangerous.hardlinks || entryTypePolicy.hardlinks)) {
+        throw new TarError("archive-tar/entry-type-refused",
+          "entry " + JSON.stringify(entry.name) + " is a hardlink — refused by entryTypePolicy");
+      }
+      // Directories + (now-permitted) links carry no content bytes.
+      if (type === "directory" || type === "symlink" || type === "hardlink") continue;
+      // Archive-level name threats are refused by the guardArchive cascade
+      // above; the caller owns placement of the returned bytes, so the
+      // disk-write filename policy is intentionally not applied here.
+      // COPY the slice — bytes.subarray/slice shares the full collected-archive
+      // backing store, so a caller retaining one entry would pin the whole
+      // archive in memory, defeating the serverless memory goal. Buffer.from
+      // gives the entry its own backing store (matching the ZIP path, whose
+      // _decompressEntry already returns a fresh buffer).
+      var body = Buffer.from(bytes.subarray(entry._bodyStart, entry._bodyStart + entry.size));
+      totalDecompressed += body.length;
+      if (totalDecompressed > bombPolicy.maxTotalDecompressedBytes) {
+        throw new TarError("archive-tar/total-too-large",
+          "cumulative uncompressed=" + totalDecompressed +
+          " exceeds maxTotalDecompressedBytes during extractEntries");
+      }
+      yielded += 1;
+      yield { name: entry.name, bytes: body, size: body.length };
+    }
+    _emitAudit(opts, "archive.read.tar.extractEntries.completed", "success", { entries: yielded });
+  }
+
   async function extract(extractOpts) {
     extractOpts = extractOpts || {};
     if (typeof extractOpts.destination !== "string" || extractOpts.destination.length === 0) {
@@ -290,34 +371,7 @@ function tar(adapter, opts) {
     var walked = await _walk();
     var entries = walked.entries;
     var bytes = walked.bytes;
-    if (opts.guardProfile !== false) {
-      var profile = opts.guardProfile || "balanced";
-      var guardEntries = entries.map(function (e) {
-        return {
-          name:           e.name,
-          size:           e.size,
-          compressedSize: e.size,
-          isSymlink:      e.typeflag === TF_SYMLINK,
-          isHardlink:     e.typeflag === TF_HARDLINK,
-          linkTarget:     e.linkname,
-          isDirectory:    e.typeflag === TF_DIRECTORY,
-          isEncrypted:    false,
-          attrs:          { mode: e.mode },
-        };
-      });
-      var guardResult = guardArchive().validateEntries(guardEntries, { profile: profile });
-      if (guardResult && Array.isArray(guardResult.issues)) {
-        var critical = guardResult.issues.filter(function (i) { return i.severity === "critical"; });
-        if (critical.length > 0) {
-          _emitAudit(opts, "archive.read.tar.extract.refused", "refused", {
-            entries: entries.length,
-            issues:  critical.map(function (i) { return i.ruleId; }),
-          });
-          throw new TarError("archive-tar/guard-refused",
-            "extract refused — " + critical.length + " critical guard issue(s)");
-        }
-      }
-    }
+    _assertGuardMetadata(entries, "archive.read.tar.extract.refused");
     var written = [];
     var bytesExtracted = 0;
     var totalDecompressed = 0;
@@ -405,9 +459,10 @@ function tar(adapter, opts) {
   }
 
   return {
-    kind:    "tar-reader",
-    inspect: inspect,
-    extract: extract,
+    kind:           "tar-reader",
+    inspect:        inspect,
+    extract:        extract,
+    extractEntries: extractEntries,
   };
 }
 

package/lib/auth/jwt-external.js

@@ -28,8 +28,8 @@
  *
  * Defenses against the well-known JWT pitfalls:
  *
- *   - alg confusion (CVE-2024-54150 / CVE-2025-30144 / CVE-2026-22817
- *     Hono class) — `algorithms` is REQUIRED with no default; `none`,
+ *   - alg confusion (CVE-2024-54150 / CVE-2026-22817 Hono class) —
+ *     `algorithms` is REQUIRED with no default; `none`,
  *     `HS256` cannot be accepted unless the operator explicitly listed
  *     them, and even then the verifier refuses HS* algs in
  *     verifyExternal because HMAC + a public-key JWKS is the canonical
@@ -480,7 +480,10 @@ async function verifyExternal(token, opts) {
     // weak iss validation. Constant-time compare defeats prefix-timing
     // narrowing; emit a DISTINCT audit event (separate from sig-verify-
     // fail) so detection signals lights up on the cross-realm shape
-    // independently of generic verification failures.
+    // independently of generic verification failures. The `typeof ... !==
+    // "string"` guard also rejects an array-valued iss (CVE-2025-30144,
+    // fast-jwt — an iss array `["attacker", "valid"]` passed an any-match
+    // check); only a single string iss is accepted.
     if (typeof payload.iss !== "string" ||
         !_issuerMatches(payload.iss, opts.issuer)) {
       try { audit().safeEmit({

package/lib/auth/jwt.js

@@ -234,8 +234,8 @@ async function verify(token, opts) {
   // SECURITY: when the resolver uses header.kid as a filename / map
   // key / cache index, it MUST sanitize the kid first. Path-traversal
   // (`../etc/passwd`), null-byte (`key\0..`), control chars, and
-  // similar shapes turn a kid lookup into an arbitrary-file-read
-  // primitive (CVE-2018-0114 java-jwt class). Use
+  // similar shapes turn a kid lookup into an arbitrary-file-read or
+  // SQLi primitive (the PortSwigger JWT "kid" injection / LFI class). Use
   // `b.guardJwt.kidSafe(header.kid)` — throws on traversal indicators
   // and control bytes, returns the validated kid on success.
   var key;

package/lib/auth/oauth.js

@@ -1344,8 +1344,8 @@ function create(opts) {
     }
     var iss = u.searchParams.get("iss");
     var sid = u.searchParams.get("sid");
-    // RFC 0 invariant: `iss` MUST match the configured issuer when
-    // present (defends against an attacker-controlled IdP forging a
+    // OpenID Connect Front-Channel Logout 1.0 §3: `iss` MUST match the
+    // configured issuer when present (defends against an attacker-controlled IdP forging a
     // logout for a session at a different IdP). `sid` is required
     // when the RP registered with frontchannel_logout_session_required=true;
     // we surface it either way and let the operator decide.

package/lib/auth/saml.js

@@ -453,12 +453,14 @@ function create(opts) {
 
     // XSW defense — refuse duplicate top-level security-critical
     // elements. SAML XML signature wrapping (XSW) attacks shuffle
-    // signed elements alongside unsigned siblings; the parser's
-    // first-match `_findChild` lookup combined with the signed-
-    // element-ID check at L479 was vulnerable to a multi-Assertion
-    // payload where the verifier signed one but the consumer read
-    // attributes from another. Reject any Response with more than
-    // one of these structural children (Audit 2026-05-11).
+    // signed elements alongside unsigned siblings; a first-match
+    // child lookup combined with a signed-element-ID check is
+    // vulnerable to a multi-Assertion payload where the verifier
+    // signs one element but the consumer reads attributes from
+    // another. This is the class behind CVE-2024-45409 (ruby-saml,
+    // CVSS 10.0, actively exploited) and CVE-2025-25291/25292
+    // (omniauth-saml / ruby-saml namespace-confusion XSW). Reject
+    // any Response with more than one of these structural children.
     var statusChildren = _findAllChildren(root, "Status", SAML_NS.protocol);
     if (statusChildren.length > 1) {
       throw new AuthError("auth-saml/duplicate-status",
@@ -1531,9 +1533,10 @@ function create(opts) {
 //     http://www.w3.org/2009/xmlenc11#rsa-oaep          (XMLEnc 1.1 §5.4.2)
 //
 // AES-CBC content encryption (xmlenc#aes128-cbc / aes256-cbc) is
-// intentionally REFUSED: CVE-2011-1473 + the broader XML-Encryption
-// padding-oracle research (Jager & Somorovsky 2011) demonstrate that
-// CBC mode under XMLEnc is exploitable without per-content MAC.
+// intentionally REFUSED: the XML-Encryption padding-oracle research
+// (Jager & Somorovsky, "How to Break XML Encryption", CCS 2011)
+// demonstrates that CBC mode under XMLEnc is exploitable without per-
+// content MAC.
 // Operators integrating with IdPs that default to CBC (older ADFS /
 // Azure AD / Okta / Keycloak / OneLogin) MUST switch the IdP's
 // content-encryption setting to AES-128-GCM or AES-256-GCM. The
@@ -1543,7 +1546,7 @@ function create(opts) {
 //
 // SHA-1 anywhere (rsa-oaep-mgf1p with SHA-1 OAEP DigestMethod,
 // xmldsig#sha1 DigestMethod) is also refused — Bleichenbacher /
-// collision risk plus CVE-2023-49141-class advisories outweigh
+// collision risk plus CVE-2023-49141 class advisories outweigh
 // "interop with stale IdPs". Operators upgrade the IdP's digest
 // algorithm to SHA-256+ rather than relax the framework defense.
 //
@@ -1606,7 +1609,7 @@ function _decryptEncryptedAssertion(encAssertion, spPrivateKeyPem) {
     }
     if (oaepHashName === "sha1") {
       throw new AuthError("auth-saml/encrypted-weak-oaep-digest",
-        "EncryptedKey OAEP DigestMethod is SHA-1 — refused (CVE-2023-49141-class). " +
+        "EncryptedKey OAEP DigestMethod is SHA-1 — refused (CVE-2023-49141 class). " +
         "Require SHA-256+ on IdP side.");
     }
     var spKey;
@@ -1710,7 +1713,7 @@ function _decryptEncryptedAssertion(encAssertion, spPrivateKeyPem) {
       "(supported: W3C xmlenc11#aes128-gcm, xmlenc11#aes256-gcm, " +
       "framework-experimental urn:blamejs:experimental:xmlenc:xchacha20-poly1305). " +
       "AES-CBC content encryption is refused — switch the IdP to AES-128-GCM or AES-256-GCM " +
-      "(CVE-2011-1473 padding-oracle class).");
+      "(XMLEnc CBC padding-oracle class, Jager & Somorovsky CCS 2011).");
   }
   return clearBytes.toString("utf8");
 }

package/lib/calendar.js

@@ -515,7 +515,7 @@ function toIcal(jsCal, opts) {
  * timestamps in the operator's `[from, to]` window. Returns an array
  * of ISO 8601 UTC strings (`yyyy-mm-ddTHH:MM:SSZ`). Bounded by
  * `MAX_EXPAND_INSTANCES` (4096) + `MAX_EXPAND_SPAN_MS` (10 years) to
- * defend against CVE-2024-39687-class recurrence-bomb expansion.
+ * defend against the RRULE recurrence-bomb expansion class.
  *
  * v1 supports FREQ=DAILY/WEEKLY/MONTHLY/YEARLY with INTERVAL, COUNT,
  * UNTIL. BYDAY / BYMONTH / BYMONTHDAY / BYWEEKNO / BYYEARDAY /

package/lib/crypto-hpke.js

@@ -5,7 +5,7 @@
  * Suite (PQC-first per framework crypto policy):
  *   KEM:    ML-KEM-1024 (FIPS 203) — post-quantum encapsulation
  *   KDF:    HKDF-SHA3-512
- *   AEAD:   ChaCha20-Poly1305 (RFC 7539)
+ *   AEAD:   ChaCha20-Poly1305 (RFC 8439, obsoletes RFC 7539)
  *
  * The classical HPKE suites in RFC 9180 §7 (DHKEM with X25519 / P-256 /
  * P-384 / P-521 + HKDF-SHA256/384/512 + AES-GCM/ChaCha20) are NOT

package/lib/crypto-oprf.js

@@ -30,14 +30,14 @@
  *   <code>suite(name)</code> returns the suite for one of the RFC 9497
  *   ciphersuites — <code>ristretto255-sha512</code> (the Privacy Pass
  *   default), <code>p256-sha256</code>, <code>p384-sha384</code>, or
- *   <code>p521-sha512</code> — each exposing the three modes. Group and
+ *   <code>p521-sha512</code> — each exposing both shipped modes. Group and
  *   hash-to-curve operations come from the vendored <code>@noble/curves</code>.
  *   Byte arguments are <code>Uint8Array</code> / <code>Buffer</code>;
  *   returned elements and outputs are <code>Uint8Array</code>.
  *
  * @card
  *   RFC 9497 Oblivious PRFs — learn <code>F(key, input)</code> without the
- *   server seeing the input (oprf / voprf / poprf modes; ristretto255 / P-256
+ *   server seeing the input (oprf / voprf modes; ristretto255 / P-256
  *   / P-384 / P-521 suites). The primitive behind Privacy Pass, password
  *   hardening, and private set intersection.
  */

package/lib/crypto.js

@@ -789,7 +789,7 @@ function toBase64Url(buf) {
  *
  * Strict mode (default) refuses non-canonical input — chars outside
  * the RFC 4648 §5 alphabet, length-mod-4-of-1, mixed `+/` from
- * standard base64, trailing garbage. Defends a CVE-2022-0235-class
+ * standard base64, trailing garbage. Defends a CVE-2022-0235 class
  * footgun where Node's permissive decoder silently tolerated
  * tampered JWT signatures. Operators with a documented lossy legacy
  * payload opt out per call via `{ strict: false }`.
@@ -817,7 +817,7 @@ function fromBase64Url(s, opts) {
   // OAuth `state` round-tripping) MUST reject non-canonical / malformed
   // input. The Node base64url decoder silently tolerates trailing
   // garbage, mixed `+/` from standard base64, missing padding errors,
-  // and length-mod-4 shapes — CVE-2022-0235-class footgun. Strict mode
+  // and length-mod-4 shapes — CVE-2022-0235 class footgun. Strict mode
   // (the default) refuses anything outside the RFC 4648 §5 alphabet +
   // length rules. Operators with a known-lossy legacy payload pass
   // `{ strict: false }` to opt out per call.

package/lib/framework-error.js

@@ -290,7 +290,8 @@ var GuardTimeError        = defineClass("GuardTimeError",        { alwaysPermane
 var GuardMimeError        = defineClass("GuardMimeError",        { alwaysPermanent: true });
 // GuardJwtError covers JWT identifier violations: shape malformation
 // (not 3 base64url segments), alg=none refuse (canonical CVE-class —
-// CVE-2015-9235 jsonwebtoken / CVE-2018-0114 java-jwt), alg-allowlist
+// CVE-2015-9235 jsonwebtoken alg:none / CVE-2018-0114 Cisco node-jose
+// embedded-JWK key confusion), alg-allowlist
 // drift, kid path-traversal (operator keyResolver path-injection
 // class), typ confusion, oversized header / payload / signature,
 // exp / nbf / iat sanity, missing required claims, unknown crit

package/lib/guard-jwt.js

@@ -16,8 +16,9 @@
  *
  *   Algorithm-confusion defense: `alg=none` is universally refused
  *   at every profile (RFC 7518 §3.6 explicit-no-signature, the
- *   canonical CVE-2015-9235 jsonwebtoken / CVE-2018-0114 java-jwt
- *   class). The operator-supplied `allowedAlgs` allowlist defaults
+ *   canonical CVE-2015-9235 jsonwebtoken alg:none / CVE-2018-0114
+ *   Cisco node-jose embedded-JWK confusion class). The
+ *   operator-supplied `allowedAlgs` allowlist defaults
  *   to the framework's PQC-first set (ML-DSA-87 / ML-DSA-65 /
  *   ML-DSA-44 / SLH-DSA-SHAKE-256{f,s} / SLH-DSA-SHA2-256{f,s} /
  *   EdDSA / ES* / RS* / PS*) so HS256-against-RSA-public-key

package/lib/guard-smtp-command.js

@@ -493,7 +493,7 @@ function gate(opts) {
  *
  * Scan a DATA-body byte buffer for the SMTP smuggling shape per
  * CVE-2023-51764 (Postfix), CVE-2023-51765 (Sendmail), CVE-2023-51766
- * (Exim), CVE-2024-32178 (.NET System.Net.Mail). RFC 5321 §2.3.8
+ * (Exim). RFC 5321 §2.3.8
  * mandates canonical CRLF line termination; the smuggling exploit
  * relies on parsers that accept `\n.\n` (bare LF before / after the
  * dot) as an alternate body terminator and then resume parsing the
@@ -517,7 +517,7 @@ function detectBodySmuggling(buf) {
     throw new GuardSmtpCommandError("guard-smtp-command/bad-input",
       "detectBodySmuggling: input must be a Buffer");
   }
-  // The CVE-2023-51764 / 51765 / 51766 / 2024-32178 class is any
+  // The CVE-2023-51764 / 51765 / 51766 class is any
   // dot-line whose line boundary is anything OTHER than canonical
   // \r\n on BOTH sides of the dot. The canonical-and-only terminator
   // is `\r\n.\r\n`. Every other shape that some receiver might honor

package/lib/mail-auth.js

@@ -1858,8 +1858,8 @@ function dmarcParseAggregateReport(input, opts) {
       // "stream is malformed" (operator-level diagnostic) so audit/
       // alert wiring can react differently. Node surfaces the bomb
       // case with ERR_BUFFER_TOO_LARGE / "Output length exceeded the
-      // limit" / the explicit `maxOutputLength` code. CVE-class:
-      // CVE-2024-zlib decompression amplification.
+      // limit" / the explicit `maxOutputLength` code. Defends the
+      // decompression-amplification class (CWE-409 / CVE-2025-0725).
       var msg = (e && e.message) || String(e);
       var isBomb = (e && (e.code === "ERR_BUFFER_TOO_LARGE" ||
                           e.code === "ERR_OUT_OF_RANGE")) ||

package/lib/mail-crypto-pgp.js

@@ -663,7 +663,7 @@ function _parseSignaturePacket(packetBytes) {
   if (hashAlg !== HASH_ALG_SHA256 && hashAlg !== HASH_ALG_SHA512) {
     throw new MailCryptoError("mail-crypto/pgp/bad-hash",
       "hash alg " + hashAlg + " refused; only SHA-256 (8) and SHA-512 (10) are accepted. " +
-      "SHA-1 (id=2) refused per SHAttered (CVE-2017-9006-class).");
+      "SHA-1 (id=2) refused per SHAttered (2017 SHA-1 collision).");
   }
   var hashedSubLen = body.readUInt16BE(4);
   if (6 + hashedSubLen > body.length) {

package/lib/mail-crypto-smime.js

@@ -21,9 +21,9 @@
  *   second part as base64-encoded DER.
  *
  *   Posture (when the surface lights up):
- *     - Refuses SHA-1 as the signature hash (CVE-2017-9006-class —
- *       PKCS#7 collision attacks against legacy S/MIME) and as the
- *       certificate signature algorithm.
+ *     - Refuses SHA-1 as the signature hash (SHAttered, 2017 — practical
+ *       SHA-1 collision; RFC 8551 §2.5 mandates SHA-256+ for S/MIME) and
+ *       as the certificate signature algorithm.
  *     - Refuses RSA keys < 2048 bits (RFC 8301 §3.1 — same posture
  *       as the rest of the mail surface).
  *     - Refuses MD5 anywhere (the historical S/MIME-v2 default; long
@@ -87,8 +87,8 @@
  * CVE citations:
  *   - CVE-2017-17688 / CVE-2017-17689 (EFAIL — S/MIME variant; informs
  *     the encrypt+decrypt deferral when that surface lights up)
- *   - CVE-2017-9006 (PKCS#7 / S/MIME signature-validation bypass
- *     class — informs the SHA-1 refusal posture)
+ *   - SHAttered (2017 practical SHA-1 collision) + RFC 8551 §2.5 (SHA-256
+ *     floor for S/MIME) — inform the SHA-1 signature-hash refusal posture
  *   - CVE-2018-5407 (PortSmash — informs the side-channel hardening
  *     posture when private operations land in v2)
  */
@@ -109,7 +109,7 @@ var MailCryptoError = defineClass("MailCryptoError", { alwaysPermanent: true });
 // hand-copying strings. These reflect RFC 8551 §2.5 + RFC 8301 floors.
 var RSA_MIN_BITS = 2048;                                                          // allow:raw-byte-literal — RFC 8301 §3.1
 var ALLOWED_HASHES = ["sha256", "sha384", "sha512"];
-var REFUSED_HASHES = ["md5", "sha1"];                                             // allow:raw-byte-literal — CVE-2017-9006-class
+var REFUSED_HASHES = ["md5", "sha1"];                                             // allow:raw-byte-literal — SHAttered / RFC 8551 §2.5
 
 // PROFILES + COMPLIANCE_POSTURES — the framework's standard cross-
 // primitive contract. sign() and verify() (live since v0.10.16) read
@@ -708,7 +708,7 @@ function checkCert(opts) {
       throw new MailCryptoError("mail-crypto/smime/refused-hash",
         "cert signature algorithm '" + sigAlgName +
         "' refused — SHA-1 / MD5 in cert signatures is forbidden " +
-        "(CVE-2017-9006-class). Acceptable hashes: " + ALLOWED_HASHES.join(", "));
+        "(SHAttered SHA-1 collision; RFC 8551 §2.5). Acceptable hashes: " + ALLOWED_HASHES.join(", "));
     }
   }
 

package/lib/mail-crypto.js

@@ -62,7 +62,7 @@
  *
  * CVE citations:
  *   - CVE-2017-17688 / CVE-2017-17689 (EFAIL)
- *   - CVE-2017-9006 (PKCS#7 / S/MIME signature-validation bypass class)
+ *   - SHAttered (2017 SHA-1 collision) + RFC 8551 §2.5 — SHA-1 signature-hash refusal
  */
 
 var pgp   = require("./mail-crypto-pgp");

package/lib/mail-dav.js

@@ -112,8 +112,9 @@
  *   ## CVE defense composition
  *
  *   - `b.safeIcal` rejects RRULE COUNT > 10000 / BYxxx list > 24 →
- *     defends CVE-2024-39687 (ical4j RRULE recursion / Outlook
- *     calendar bomb) on the PUT path.
+ *     defends the ical4j RRULE-recursion / recurrence-expansion DoS
+ *     class (unbounded RRULE expansion exhausts CPU/memory) on the
+ *     PUT path.
  *   - `b.xmlC14n.parse` rejects DOCTYPE / ENTITY in the
  *     PROPFIND / REPORT body → defends XXE / billion-laughs on the
  *     query path.
@@ -125,7 +126,7 @@
  *   mount under their HTTP router. Composes b.safeIcal / b.safeVcard
  *   for PUT-body validation, b.xmlC14n.parse for PROPFIND / REPORT
  *   bodies. Per-principal URL isolation; operator-supplied storage
- *   backend. Defends CVE-2024-39687 at the PUT boundary.
+ *   backend. Defends the RRULE-recursion expansion-DoS class at the PUT boundary.
  */
 
 var lazyRequire = require("./lazy-require");
@@ -749,7 +750,7 @@ function create(opts) {
       return _refuseStatus(res, 400, "PUT requires a component path");
     }
     var bodyBuf = await _readBodyBytes(req);
-    // Validate iCal body via safeIcal — defends CVE-2024-39687 at the
+    // Validate iCal body via safeIcal — defends the RRULE-recursion expansion-DoS class at the
     // ingest boundary.
     try {
       safeIcal.parse(bodyBuf, {

package/lib/mail-deploy.js

@@ -527,8 +527,9 @@ function autoDiscoverXml(opts) {
 //     brotli or the in-progress UTA-draft requires it.
 
 // Hard caps — defensive against CVE-2025-0725 (libcurl/zlib
-// integer overflow), CVE-2024-zlib decompression amplification, and
-// the §5.2 community ceiling (receivers commonly cap at 10 MiB).
+// integer overflow) and the decompression-amplification class
+// (CWE-409), plus the §5.2 community ceiling (receivers commonly cap
+// at 10 MiB).
 var TLSRPT_MAX_COMPRESSED_BYTES   = C.BYTES.mib(4);                                                   // allow:raw-byte-literal — 4 MiB compressed cap per §5.2 community practice
 var TLSRPT_MAX_DECOMPRESSED_BYTES = C.BYTES.mib(32);                                                  // allow:raw-byte-literal — 32 MiB decompressed cap (operators override via opts)
 var TLSRPT_MAX_RATIO              = 50;                                                               // allow:raw-byte-literal — 50:1 compression ratio refusal

package/lib/mail-server-imap.js

@@ -53,7 +53,7 @@
  *     pipelined command queued before TLS is refused with
  *     `BAD Pipelined post-STARTTLS not permitted`.
  *
- *   - **Literal-injection (CVE-2018-19518 INC IMAP class)** —
+ *   - **Literal-injection / command-continuation smuggling** —
  *     `{n}` literal continuation MUST come on a line of its own
  *     (per `b.guardImapCommand.detectLiteralSmuggling`); oversize
  *     literals refused (default 64 MiB); LITERAL+ (RFC 7888) non-

package/lib/mail-server-jmap.js

@@ -106,7 +106,7 @@
  *
  *   ## What v1 does NOT ship
  *
- *   - **Calendars / Contacts (RFC 9610)**, **Sieve (RFC 9404)**,
+ *   - **Calendars / Contacts (RFC 9610)**, **Sieve (RFC 9661)**,
  *     **MDN (RFC 9007)** — opt-in capabilities.
  *
  * @card

package/lib/mail-server-managesieve.js

@@ -95,7 +95,7 @@
  *
  *   - **CHECKSCRIPT** (RFC 5804 §2.12) — parse-only verb. Operators
  *     who want it compose `b.safeSieve.validate` directly via JMAP
- *     `SieveScript/validate` (RFC 9404). The MTA-side ManageSieve
+ *     `SieveScript/validate` (RFC 9661). The MTA-side ManageSieve
  *     surface is `PUTSCRIPT` + `HAVESPACE`; CHECKSCRIPT adds a third
  *     entry point with no operator demand yet.
  *   - **UNAUTHENTICATE** (RFC 5804 §2.14) — exotic. Operators close

package/lib/mail-server-mx.js

@@ -25,7 +25,7 @@
  *
  *   ## Defenses baked in
  *
- *   - **SMTP smuggling** (CVE-2023-51764 / CVE-2024-32178) — every
+ *   - **SMTP smuggling** (CVE-2023-51764 Postfix / CVE-2023-51765 Sendmail / CVE-2023-51766 Exim) — every
  *     wire line passes through `b.guardSmtpCommand.validate` which
  *     refuses bare LF, bare CR, NUL, C0 controls, DEL, and oversize.
  *     The DATA body's `\r\n.\r\n` terminator is matched on canonical
@@ -108,7 +108,7 @@
  * @card
  *   Inbound SMTP / MX listener. RFC 5321 state machine with SMTP-
  *   smuggling defense baked into the wire-protocol layer (RFC 5321
- *   §2.3.8 + CVE-2023-51764 / CVE-2024-32178), open-relay refusal by
+ *   §2.3.8 + CVE-2023-51764 / 51765 / 51766), open-relay refusal by
  *   default, STARTTLS-stripping defense (CVE-2021-38371), and the
  *   framework's mail-gate cascade (HELO / RBL / greylist /
  *   guardEnvelope / DMARC / safeMime / guardEmail) running at the
@@ -260,8 +260,8 @@ function create(opts) {
 
   // Default-on operator-supplied-domain hardening. opts.localDomains
   // and the HELO / MAIL FROM / RCPT TO domain validations all route
-  // through `b.guardDomain` for IDN homograph defense (CVE-2017-5469
-  // class), special-use-domain refusal (RFC 6761), label-length cap
+  // through `b.guardDomain` for IDN homograph / Punycode-spoof defense
+  // (mixed-script confusable class), special-use-domain refusal (RFC 6761), label-length cap
   // (RFC 1035 §2.3.4), and bare-IP-as-domain refusal (CVE-2021-22931
   // class). Operators with a closed-network deployment can pass
   // `guardDomain: false` to skip; the default keeps the protection on.

package/lib/mail-server-submission.js

@@ -40,7 +40,7 @@
  *
  *   ## Wire-protocol defenses (inherited from MX listener pattern)
  *
- *   - SMTP smuggling (CVE-2023-51764 / -51765 / -51766 / 2024-32178 /
+ *   - SMTP smuggling (CVE-2023-51764 / -51765 / -51766 /
  *     RFC 5321 §2.3.8): every wire line through
  *     `b.guardSmtpCommand.validate`; DATA-body terminator scan
  *     through `b.safeSmtp.findDotTerminator` (strict-CRLF);
@@ -351,8 +351,8 @@ function create(opts) {
   }
 
   // Default-on guardDomain hardening for HELO / MAIL FROM / RCPT TO.
-  // Same posture as mail-server-mx — IDN homograph (CVE-2017-5469
-  // class), special-use-domain refusal (RFC 6761), label-length cap
+  // Same posture as mail-server-mx — IDN homograph / Punycode-spoof
+  // (mixed-script confusable class), special-use-domain refusal (RFC 6761), label-length cap
   // (RFC 1035 §2.3.4), bare-IP-as-domain refusal (CVE-2021-22931
   // class). Operators with a closed-network deployment pass
   // `guardDomain: false` to skip; the default keeps protection on.

package/lib/mail-store.js

@@ -50,7 +50,7 @@
  *   of caller; only `b.legalHold.release` can flip the flag.
  *
  *   Parses messages on append via `b.safeMime.parse` (bounded
- *   substrate, defends CVE-2024-39929 + CVE-2025-30258). Validates
+ *   substrate, defends CVE-2024-39929 + CVE-2026-26312). Validates
  *   `Message-Id` via `b.guardMessageId.validate`.
  *
  * @card
@@ -526,7 +526,7 @@ function _appendMessage(args) {
       "appendMessage: folder '" + args.folderName + "' not found");
   }
 
-  // Parse via safe-mime — bounded; defends CVE-2024-39929 + CVE-2025-30258.
+  // Parse via safe-mime — bounded; defends CVE-2024-39929 + CVE-2026-26312.
   var tree = safeMime.parse(buf, args.safeMimeOpts);
 
   // Extract canonical fields.

package/lib/mail.js

@@ -1594,10 +1594,10 @@ function create(opts) {
   var auditOn = opts.audit !== false;
 
   // Default-on guardDomain hardening for every outbound recipient + the
-  // sender address. Refuses CVE-2017-5469-class IDN homograph spoofs in
+  // sender address. Refuses IDN homograph / mixed-script-confusable spoofs in
   // recipient or from domains, RFC 6761 special-use domain names
   // (`.localhost`, `.test`, `.invalid`, `.example`) in production sends,
-  // RFC 1035 §2.3.4 label-length violations, and CVE-2021-22931-class
+  // RFC 1035 §2.3.4 label-length violations, and CVE-2021-22931 class
   // bare-IP-as-domain (DNS-rebinding allowlist-bypass class). Operators
   // sending to address literals (`<x@[1.2.3.4]>`) — rare; mostly mailing-
   // list internals — pass `guardDomain: false` to opt out, or pass

package/lib/network-tls.js

@@ -462,12 +462,15 @@ function applyToContext(opts) {
 //   setKeyShares(["X25519MLKEM768", "X25519"])        → string[] (after)
 //   resetKeyShares()                                  → restores default
 
-// RFC 9794 (PQ TLS Hybrid Key Exchange) named-group ordering. The
-// preferred groups (the first the peer mutually supports wins) put the
-// IANA-registered hybrid named groups ahead of the classical fallback:
+// PQ/T-hybrid named-group ordering (RFC 9794 is the PQ/T-hybrid
+// *terminology*; the TLS codepoints come from the IANA TLS Supported
+// Groups registry + draft-kwiatkowski-tls-ecdhe-mlkem +
+// draft-ietf-tls-hybrid-design). The preferred groups (the first the peer
+// mutually supports wins) put the IANA-registered hybrid named groups
+// ahead of the classical fallback:
 //
-//   X25519MLKEM768       — codepoint 0x11EC, RFC 9794 default hybrid
-//   SecP256r1MLKEM768    — codepoint 0x11EB, RFC 9794 optional hybrid
+//   X25519MLKEM768       — codepoint 0x11EC (IANA; draft-kwiatkowski-tls-ecdhe-mlkem)
+//   SecP256r1MLKEM768    — codepoint 0x11EB (IANA; NIST-curve hybrid)
 //                            (NIST-curve fallback for FIPS-mandated peers
 //                            that refuse X25519)
 //   SecP384r1MLKEM1024   — draft-kwiatkowski-tls-ecdhe-mlkem-02 codepoint
@@ -520,7 +523,7 @@ function resetKeyShares() {
   return getKeyShares();
 }
 
-// preferredGroups — RFC 9794 alias surface for the named-group list.
+// preferredGroups — alias surface for the named-group list.
 // `set(list)` overrides the default ordering; `get()` reads the active
 // list; `reset()` restores the framework default. The setKeyShares /
 // getKeyShares / resetKeyShares names are kept as the lower-level
@@ -604,7 +607,7 @@ function buildOptions(opts) {
 
   // PQC group preference. Caller may narrow (drop a group) but not
   // widen — every requested group must appear in the framework
-  // preferred list. Both `groups` (RFC 9794 alias) and `ecdhCurve`
+  // preferred list. Both `groups` (alias) and `ecdhCurve`
   // (Node TLS option) are accepted; `groups` wins when both supplied.
   var requested = null;
   if (Array.isArray(opts.groups)) {

package/lib/safe-decompress.js

@@ -54,10 +54,12 @@
  *   bytes ever cross the audit boundary on the bomb-class path.
  *
  *   Threat model:
- *     - **CVE-2025-0725** (libcurl + zlib decompression amplification)
- *       — bounded output + ratio cap defeat the amplification.
- *     - **CVE-2024-zlib** class (decompression-bomb research, gzip /
- *       deflate / brotli variants) — bounded output prevents OOM.
+ *     - **Decompression bomb** (CWE-409 — improper handling of highly
+ *       compressed data; the classic 42.zip nested-bomb expands to
+ *       petabytes from kilobytes) across gzip / deflate / brotli —
+ *       the bounded-output cap + expansion-ratio cap refuse before the
+ *       allocation, so no decompressed bytes are ever materialized past
+ *       the cap.
  *     - **Efail-class** (CVE-2017-17688 / 17689) — operators decrypting
  *       MIME parts compose `b.safeDecompress` on the inner deflate
  *       streams; the bounded-output posture defeats the unbounded-
@@ -73,8 +75,8 @@
  *   - [RFC 1951](https://www.rfc-editor.org/rfc/rfc1951) deflate
  *   - [RFC 1952](https://www.rfc-editor.org/rfc/rfc1952) gzip
  *   - [RFC 7932](https://www.rfc-editor.org/rfc/rfc7932) brotli
- *   - [CVE-2025-0725](https://nvd.nist.gov/vuln/detail/CVE-2025-0725)
- *   - [CVE-2024-zlib](https://nvd.nist.gov/) decompression-bomb class
+ *   - [CWE-409](https://cwe.mitre.org/data/definitions/409.html) improper
+ *     handling of highly compressed data (decompression bomb)
  */
 
 var zlib = require("node:zlib");

package/lib/safe-ical.js

@@ -15,7 +15,7 @@
  *   delivery-time iTIP processing, and the scheduling primitives that
  *   compose against ical bytes.
  *
- *   Defends `CVE-2024-39687` (ical4j RRULE recursion / "Outlook
+ *   Defends the ical4j RRULE-recursion expansion-DoS class ("Outlook
  *   calendar bomb" — a hostile RRULE with unbounded COUNT and
  *   recursive BYxxx expansion can pin a CalDAV server's CPU at 100%
  *   until the request times out). Caps:
@@ -36,8 +36,8 @@
  *       instances than this cap.
  *     - RRULE BYDAY / BYMONTH / BYMONTHDAY / BYHOUR / BYMINUTE /
  *       BYSECOND / BYSETPOS / BYWEEKNO / BYYEARDAY list-length cap
- *       (24 entries) — refused regardless of profile. CVE-2024-39687
- *       achieves expansion blow-up by stacking long BYxxx lists.
+ *       (24 entries) — refused regardless of profile. The recursion
+ *       DoS achieves expansion blow-up by stacking long BYxxx lists.
  *
  *   Header-injection / control-char defense: refuses NUL, C0 control
  *   bytes (other than TAB inside QUOTED-PRINTABLE-shaped values), and
@@ -75,8 +75,8 @@
  * @card
  *   Bounded RFC 5545 iCalendar parser — caps total bytes, nesting
  *   depth, RRULE COUNT and BYxxx list-lengths; refuses NUL / C0 / DEL
- *   inside property values; allowlists property names; defends
- *   CVE-2024-39687 (ical4j RRULE recursion / Outlook calendar-bomb).
+ *   inside property values; allowlists property names; defends the
+ *   ical4j RRULE-recursion expansion-DoS class (Outlook calendar-bomb).
  */
 
 var C = require("./constants");
@@ -84,8 +84,8 @@ var { defineClass } = require("./framework-error");
 
 var SafeIcalError = defineClass("SafeIcalError", { alwaysPermanent: true });
 
-// RRULE caps are enforced regardless of profile — CVE-2024-39687 has
-// no safe permissive posture.
+// RRULE caps are enforced regardless of profile — the recursion-DoS
+// class has no safe permissive posture.
 var RRULE_MAX_COUNT      = 10000;                                                                          // allow:raw-byte-literal — RFC 5545 §3.3.10 recurrence-count cap
 var RRULE_MAX_BY_ENTRIES = 24;                                                                             // allow:raw-byte-literal — BYxxx list-length cap
 
@@ -223,7 +223,7 @@ function parse(text, opts) {
   if (byteLen > caps.maxBytes) {
     throw new SafeIcalError("safe-ical/oversize-bytes",
       "safeIcal.parse: input " + byteLen + " bytes exceeds maxBytes=" + caps.maxBytes +
-      " (CVE-2024-39687-class defense)");
+      " (calendar-bomb defense)");
   }
 
   var lines = _unfold(s, caps);
@@ -466,7 +466,7 @@ function _parseComponent(lines, startIdx, ctx, depth) {
   if (depth > ctx.caps.maxNestingDepth) {
     throw new SafeIcalError("safe-ical/oversize-nesting",
       "safeIcal.parse: nesting depth exceeds maxNestingDepth=" +
-      ctx.caps.maxNestingDepth + " (CVE-2024-39687-class defense)");
+      ctx.caps.maxNestingDepth + " (calendar-bomb defense)");
   }
   ctx.componentCount += 1;
   if (ctx.componentCount > ctx.caps.maxComponents) {
@@ -516,7 +516,7 @@ function _parseComponent(lines, startIdx, ctx, depth) {
         "safeIcal.parse: unknown property '" + pn +
         "' (extend via opts.extraProperties or use X- prefix)");
     }
-    // RRULE caps — CVE-2024-39687 defense.
+    // RRULE caps — recursion-DoS / calendar-bomb defense.
     if (pn === "RRULE" || pn === "EXRULE") {
       _validateRrule(ln.value);
     }
@@ -558,7 +558,7 @@ function _validateRrule(value) {
       if (!isFinite(n) || n < 0 || n > RRULE_MAX_COUNT) {
         throw new SafeIcalError("safe-ical/oversize-rrule-count",
           "safeIcal.parse: RRULE COUNT=" + val + " exceeds cap=" +
-          RRULE_MAX_COUNT + " (CVE-2024-39687 defense)");
+          RRULE_MAX_COUNT + " (calendar-bomb defense)");
       }
     } else if (key === "BYDAY" || key === "BYMONTH" || key === "BYMONTHDAY" ||
                key === "BYHOUR" || key === "BYMINUTE" || key === "BYSECOND" ||
@@ -567,7 +567,7 @@ function _validateRrule(value) {
       if (entries.length > RRULE_MAX_BY_ENTRIES) {
         throw new SafeIcalError("safe-ical/oversize-rrule-by",
           "safeIcal.parse: RRULE " + key + " list length " + entries.length +
-          " exceeds cap=" + RRULE_MAX_BY_ENTRIES + " (CVE-2024-39687 defense)");
+          " exceeds cap=" + RRULE_MAX_BY_ENTRIES + " (calendar-bomb defense)");
       }
     }
   }

package/lib/safe-mime.js

@@ -27,7 +27,7 @@
  *       crypto.
  *
  *   Defends `CVE-2024-39929` (Exim MIME multipart parser) and
- *   `CVE-2025-30258` (gnumail truncated-MIME-tree class) by capping
+ *   `CVE-2026-26312` (Stalwart nested `message/rfc822` MIME OOM) by capping
  *   total parts, nesting depth, boundary length, header bytes,
  *   header-line bytes, decoded body bytes, message bytes — plus
  *   charset + transfer-encoding allowlists.
@@ -41,7 +41,7 @@
  *   incoming message above a threshold.
  *
  * @card
- *   Bounded MIME parser — walks RFC 5322 + 2045 / 2046 / 2047 + EAI message structure into a part tree with hard caps on depth, part count, body size, header bytes, and charset / transfer-encoding allowlists. Defends CVE-2024-39929 + CVE-2025-30258.
+ *   Bounded MIME parser — walks RFC 5322 + 2045 / 2046 / 2047 + EAI message structure into a part tree with hard caps on depth, part count, body size, header bytes, and charset / transfer-encoding allowlists. Defends CVE-2024-39929 + CVE-2026-26312.
  */
 
 var C = require("./constants");
@@ -332,13 +332,13 @@ function _parsePart(buf, ctx, depth) {
   if (depth > ctx.maxNestingDepth) {
     throw new SafeMimeError("safe-mime/oversize-nesting",
       "safeMime.parse: nesting depth exceeded maxNestingDepth=" + ctx.maxNestingDepth +
-      " (CVE-2024-39929-class defense)");
+      " (CVE-2024-39929 class defense)");
   }
   ctx.partCount += 1;
   if (ctx.partCount > ctx.maxParts) {
     throw new SafeMimeError("safe-mime/oversize-part-count",
       "safeMime.parse: total parts exceeded maxParts=" + ctx.maxParts +
-      " (CVE-2024-39929-class defense)");
+      " (CVE-2024-39929 class defense)");
   }
 
   var sep = _findHeaderBodySep(buf);
@@ -668,7 +668,7 @@ function _decodeRfc2047Words(value) {
         raw = Buffer.from(text.replace(/_/g, " ").replace(/=([0-9A-Fa-f]{2})/g,
           function (__, hex) { return String.fromCharCode(parseInt(hex, 16)); }), "binary");      // allow:raw-byte-literal — parseInt radix 16, not bytes
       }
-      // RFC 2047 §5 / CVE-2020-7244 header-injection defense — after
+      // RFC 2047 §5 encoded-word header-injection defense — after
       // base64 / Q-encoded decode, check the DECODED bytes for header
       // separators (CR, LF, NUL). A sender that base64-encodes
       // `\r\nBcc: attacker@x.com` would otherwise reach the consumer's
@@ -680,7 +680,7 @@ function _decodeRfc2047Words(value) {
         if (b === 0x0d /* CR */ || b === 0x0a /* LF */ || b === 0x00 /* NUL */) {
           throw new SafeMimeError("safe-mime/rfc2047-header-injection",
             "RFC 2047 encoded-word decoded to bytes containing CR/LF/NUL " +
-            "(byte index " + bi + "); refusing per RFC 2047 §5 / CVE-2020-7244 class");
+            "(byte index " + bi + "); refusing per RFC 2047 §5 (encoded-word header injection)");
         }
       }
       return _decodeBufferAs(raw, charset);

package/lib/safe-sieve.js

@@ -619,7 +619,7 @@ function parse(script, opts) {
  * Parse-only validation — returns `{ ok, requiredCaps, issues }`
  * shape mirroring the rest of the guard family. Operator-facing
  * primitives that want a JMAP-style `SieveScript/validate` response
- * (RFC 9404) compose this and surface `issues` directly.
+ * (RFC 9661 — JMAP for Sieve Scripts) compose this and surface `issues` directly.
  *
  * @opts
  *   profile:           "strict" | "balanced" | "permissive",

package/lib/safe-smtp.js

@@ -23,7 +23,7 @@
  *     - RFC 5321 §2.3.8 — line termination MUST be CRLF
  *     - RFC 5321 §4.5.2 — dot-stuffing on the SMTP body
  *     - RFC 5321 §4.1.1.4 — DATA command terminates with `<CRLF>.<CRLF>`
- *     - CVE-2023-51764 / -51765 / -51766 / 2024-32178 — SMTP
+ *     - CVE-2023-51764 / -51765 / -51766 — SMTP
  *       smuggling (parsers that accept bare-LF dot-terminators).
  *       The guard primitive `b.guardSmtpCommand.detectBodySmuggling`
  *       owns smuggling detection; the safe-* terminator scanner

package/package.json

@@ -1,6 +1,6 @@
 {
   "name": "@blamejs/core",
-  "version": "0.13.7",
+  "version": "0.13.9",
   "description": "The Node framework that owns its stack.",
   "license": "Apache-2.0",
   "author": "blamejs contributors",

package/sbom.cdx.json

@@ -2,10 +2,10 @@
   "$schema": "http://cyclonedx.org/schema/bom-1.5.schema.json",
   "bomFormat": "CycloneDX",
   "specVersion": "1.5",
-  "serialNumber": "urn:uuid:22a52afe-2217-4e18-a7a1-15e6a137ec0c",
+  "serialNumber": "urn:uuid:8b6b1445-7522-46ce-ab72-88ef073536dd",
   "version": 1,
   "metadata": {
-    "timestamp": "2026-05-27T04:39:38.785Z",
+    "timestamp": "2026-05-27T07:12:04.477Z",
     "lifecycles": [
       {
         "phase": "build"
@@ -19,14 +19,14 @@
       }
     ],
     "component": {
-      "bom-ref": "@blamejs/core@0.13.7",
+      "bom-ref": "@blamejs/core@0.13.9",
       "type": "application",
       "name": "blamejs",
-      "version": "0.13.7",
+      "version": "0.13.9",
       "scope": "required",
       "author": "blamejs contributors",
       "description": "The Node framework that owns its stack.",
-      "purl": "pkg:npm/%40blamejs/core@0.13.7",
+      "purl": "pkg:npm/%40blamejs/core@0.13.9",
       "properties": [],
       "externalReferences": [
         {
@@ -54,7 +54,7 @@
   "components": [],
   "dependencies": [
     {
-      "ref": "@blamejs/core@0.13.7",
+      "ref": "@blamejs/core@0.13.9",
       "dependsOn": []
     }
   ]