Skip to content

Releases: hyperjumptech/grule-rule-engine

Release 1.15.0

30 Jan 22:41
e4e90fe
Compare
Choose a tag to compare

This release is a security fix for a RCE vulnerability in the go-git dependency.

Details: go-git v4 - CVE-2023049569/CWE-22 - Path Traversal

Overview
Affected versions of this package are vulnerable to Path Traversal via malicious server replies. An attacker can create and amend files across the filesystem and potentially achieve remote code execution by sending crafted responses to the client.

Notes
This is only exploitable if the client is using ChrootOS, which is the default for certain functions such as PlainClone.
Applications using BoundOS or in-memory filesystems are not affected by this issue.

Users loading rules from remote Git servers are encouraged to upgrade to v1.15.0 as soon as possible.

Releasing v1.14.1

29 Aug 02:38
cb643c1
Compare
Choose a tag to compare
  • Fixed wrong package name. changed from grule-rule-engine to `github.com/hyperjumptech/grule-rule-engine'
  • Fixed wrong test that previously have not catch the return catch. now it catches the return error properly

Releasing v1.14.0

28 Aug 10:19
3765de3
Compare
Choose a tag to compare

After a quite long time, I've finally manage to find some time on recontributing on Grule Rule Engine. Thank you very-very much for all contributors. The following are some collection of changes we did since the last release.

  • Been introduce a new linting using golangci-lint, Its there but no yet integrated to the CI yet.
  • I tried to remove all code that may yield a panic. change it to response with an error instead of panicking. Unless the function say so, like "MustLoad()", or "MustThis and MustThat". Those function will panic if It sees error. I you guys see a panic. Feel free to tell me or you can give a pull request.

Cheers

Releasing v1.13.0

26 Jan 05:36
5a9fc72
Compare
Choose a tag to compare
  • Support for evaluating Interface and Pointer inside the context
  • Bump up to use go 1.19

Releasing v1.12.0

16 Dec 09:03
2134fd5
Compare
Choose a tag to compare
  • Increased the Go version to version 1.18. If you still wished to use the version that uses 1.16, please use Grule version v1.11.0.
  • FIX #339 Remove the snapshot comparison from every creation of new instance, new test created.
  • FIX #334 Functions defined within Interface which added into DataContext can now be invoked from GRL.
  • FIX #328 When the engine try to access slice element with out of bound index, it will now emit the error instead of just panicking.

Releasing v1.11.0

15 Aug 10:11
620083c
Compare
Choose a tag to compare
  • Git resource bundle loading can now be loaded from a private repo with user and password pair.
  • Added an additional string function MatchStringas built in string function.
  • Zap logger is now supported in addition to logrus

Note on the Zap Logger :

By default, grule-rule-engine and its subpackages use the logrus logger, which is initialized in the logger subpackage.

The ability to pass a logger (zap or logrus) to subpackages that is initialized in your applications (usually in main.go) has been added.

In each subpackage antlr, ast, builder, engine, the SetLogger (externalLog interface{}) function was added.
It can be passed a logger instance (zap or logrus) to be used by the subpackage.

The SetLogLevel() function from the logger package has been changed.
Now it is not tied to logrus levels, but uses the levels defined in the logger subpackage of the current library.

Releasing v1.10.6

31 May 02:38
f349f94
Compare
Choose a tag to compare
  • Fixing issue #303 and #304 caused by the AST tree logic bug that misses adding ArrayMapSelector snapshot into the ExpressionAtom.
  • Bump up ANTLR4 to use the most recent version

Releasing v1.10.5

25 Feb 03:53
03efe71
Compare
Choose a tag to compare
  • Adding new built in function MatchString for matching a string to regular expression. fixes issue #281
  • A way to track the cause of panic when importing GRB rule binary file. Right now, when the process raises a panic, a panic log were emitted but without showing panic message and the error message were not returned. Now the panic message were displayed in the log and the error returned.

Releasing v1.10.4

02 Dec 08:28
cbb290d
Compare
Choose a tag to compare
  • Minor fix where when using JSON as data into the context, when evaluation is evaluating JSON path beyond the JSON data it self, the evaluation yield a panic. Now evaluating JSON data in context will not panic but instead the rule entry will simply failed the evaluation and rule execution proceed normaly.
  • Minor broken link fix in the documentation

Releasing v1.10.3

25 Nov 08:07
072b2a2
Compare
Choose a tag to compare
  • Add option to error on failed grule engine execution
  • Fixed #268 : Where everytime engine execute using the same knowledgebase instance, the rule entries are not resetted as intended.