Releases: trufflesecurity/trufflehog
Releases · trufflesecurity/trufflehog
v3.95.5
What's Changed
- [INS-461] Add test to ensure new detectors are registered in defaults.go by @mustansir14 in #4915
- [INS-455] Unify common logic in Atlassian Data Center detectors by @mustansir14 in #4907
- fix(github): cache repo info under original URL on redirect by @kashifkhan0771 in #4958
- Added GitLab OAuth Detector by @shahzadhaider1 in #4729
- Box Detector: Extract Subject ID for Analyzer Integration by @shahzadhaider1 in #4761
- [INS-346] SpectralOps Personal API Key Detector by @MuneebUllahKhan222 in #4770
- [INS-335] Added AWS Appsync Detector by @MuneebUllahKhan222 in #4803
- fix(twilio): deduplicate matches to prevent O(N×M) result explosion by @kashifkhan0771 in #4954
- Automate corpora testing in CI by @mustansir14 in #4927
- Enable errcheck and staticcheck for golangci-lint v2 and resolve all issues by @amanfcp in #4924
- feat: add host, db and username to ExtraData for database detectors by @mariocj89 in #4849
- Remove over speculation from Corpora CI workflow by @mustansir14 in #4974
- Fix line numbers for duplicate secrets within a chunk by @amanfcp in #4910
- Add feature flags for Pinecone, Cloudinary, and GitLab OAuth detectors by @camgunz in #4961
- Update Go security dependencies by @cursor[bot] in #4986
- Pin GitHub Actions to SHA digests by @bryanbeverly in #4985
- Update CODEOWNERS: replace 5 slugs with scanning + integrations by @bryanbeverly in #4983
- Added source config flags to sharepoint proto by @MuneebUllahKhan222 in #4972
- [SCAN-795] HTML decoder: ASPX and entity-encoded HTML support by @mustansir14 in #4981
- adds some debugging info for APKs and fixes issues parsing obfuscated APKs by @johannestaas-trufflesec in #4991
New Contributors
- @mariocj89 made their first contribution in #4849
- @cursor[bot] made their first contribution in #4986
- @johannestaas-trufflesec made their first contribution in #4991
Full Changelog: v3.95.3...v3.95.5
Contributors
bryanbeverly, mariocj89, and 8 other contributors
Assets 11
v3.95.4
Immutable
release. Only release title and notes can be modified.
What's Changed
- [INS-461] Add test to ensure new detectors are registered in defaults.go by @mustansir14 in #4915
- [INS-455] Unify common logic in Atlassian Data Center detectors by @mustansir14 in #4907
- fix(github): cache repo info under original URL on redirect by @kashifkhan0771 in #4958
- Added GitLab OAuth Detector by @shahzadhaider1 in #4729
- Box Detector: Extract Subject ID for Analyzer Integration by @shahzadhaider1 in #4761
- [INS-346] SpectralOps Personal API Key Detector by @MuneebUllahKhan222 in #4770
- [INS-335] Added AWS Appsync Detector by @MuneebUllahKhan222 in #4803
- fix(twilio): deduplicate matches to prevent O(N×M) result explosion by @kashifkhan0771 in #4954
- Automate corpora testing in CI by @mustansir14 in #4927
- Enable errcheck and staticcheck for golangci-lint v2 and resolve all issues by @amanfcp in #4924
- feat: add host, db and username to ExtraData for database detectors by @mariocj89 in #4849
- Remove over speculation from Corpora CI workflow by @mustansir14 in #4974
- Fix line numbers for duplicate secrets within a chunk by @amanfcp in #4910
- Add feature flags for Pinecone, Cloudinary, and GitLab OAuth detectors by @camgunz in #4961
- Update Go security dependencies by @cursor[bot] in #4986
- Pin GitHub Actions to SHA digests by @bryanbeverly in #4985
- Update CODEOWNERS: replace 5 slugs with scanning + integrations by @bryanbeverly in #4983
- Added source config flags to sharepoint proto by @MuneebUllahKhan222 in #4972
- [SCAN-795] HTML decoder: ASPX and entity-encoded HTML support by @mustansir14 in #4981
- adds some debugging info for APKs and fixes issues parsing obfuscated APKs by @johannestaas-trufflesec in #4991
New Contributors
- @mariocj89 made their first contribution in #4849
- @cursor[bot] made their first contribution in #4986
- @johannestaas-trufflesec made their first contribution in #4991
Full Changelog: v3.95.3...v3.95.4
Contributors
bryanbeverly, mariocj89, and 8 other contributors
Assets 3
v3.95.3
What's Changed
- Renamed AnypointOAuth2 detector's AnalysisInfo keys to make it consistent with its Analyzer by @MuneebUllahKhan222 in #4906
- Rename AnalysisInfo field to SecretParts on detectors.Result by @mcastorina in #4911
- Document SecretParts contract in detector-authoring docs by @mcastorina in #4912
- Add a static check for detectors that don't set SecretParts by @mcastorina in #4913
- Populate SecretParts on all detectors by @mcastorina in #4919
- Make checksecretparts required in CI by @mcastorina in #4921
- Deduplicate concurrent credential verification requests via singleflight by @kashifkhan0771 in #4314
- log non-critical chunk errors at V(2).Info instead of Error by @johnelliott in #4928
- [INS-320] Cloudinary detector by @MuneebUllahKhan222 in #4747
- ci: bump JS actions to Node 24 majors (incl. CodeQL v4 + WIF auth v3) by @bryanbeverly in #4933
- chore: bump golangci-lint-action v7 → v9 (Node 24) by @bryanbeverly in #4936
- Add default Content-Type: application/json header for custom detector verification request by @MuneebUllahKhan222 in #4947
- Make detector Result.SecretParts initialization stricter by @mcastorina in #4948
- Add Pinecone API key detector by @dylanTruffle in #4917
- adding customizable successRanges and rotatedRanges to customDetector by @jordanTunstill in #4892
Full Changelog: v3.95.2...v3.95.3
Contributors
bryanbeverly, mcastorina, and 5 other contributors
Assets 11
v3.95.2
What's Changed
- Revert "[INS-397] Fix git version parser panic on non-numeric patch versions" by @trufflesteeeve in #4903
Full Changelog: v3.95.1...v3.95.2
Contributors
trufflesteeeve
Assets 11
v3.95.1
What's Changed
- [INS-444] Fix verification logic in Mesibo detector by @mustansir14 in #4884
Full Changelog: v3.95.0...v3.95.1
Contributors
mustansir14
Assets 11
v3.95.0
What's Changed
- Upgrade golangci-lint in CI runner and Makefile by @amanfcp in #4861
- Deprecate SquareUp Detector by @nabeelalam in #4855
- [INS-397] Fix git version parser panic on non-numeric patch versions by @shahzadhaider1 in #4882
- Fix Bitbucket line highlighting URLs by @shahzadhaider1 in #4854
- [INS-403] Support Custom endpoint config in hashicorpvaultauth Detector by @MuneebUllahKhan222 in #4825
- [INS-398] Added tests to ensure that custom endpoint configuration works in artifactory detectors by @MuneebUllahKhan222 in #4832
- Host ldap-verify library in trufflesecurity by @trufflesteeeve in #4859
- Add AnalysisError type and wrap all analyzer error paths by @johnelliott in #4779
- dep-updates: Go 1.25 and dependency refreshes by @dustin-decker in #4888
- Fix nil pointer panics in GitHub analyzer gist/repo binding functions by @shahzadhaider1 in #4864
- [INS-399] Added Bitbucket data center(on prem) PAT detector by @MuneebUllahKhan222 in #4883
- [INS-402] Add Jira Data Center PAT Detector by @mustansir14 in #4872
- Add man page generation for trufflehog by @bryanbeverly in #4894
- Add Confluence Data Center PAT detector by @amanfcp in #4886
Full Changelog: v3.94.3...v3.95.0
Contributors
bryanbeverly, johnelliott, and 7 other contributors
Assets 11
v3.94.3
What's Changed
- Add release bot workflow by @bryanbeverly in #4835
- handle AADSTS50173 as explicit revocation signal for azure refresh tokens by @jordanTunstill in #4842
- Add AnalysisInfo to verified results by @hxnyk in #4862
- Add nil check and error context to GitHub analyzer by @johnelliott in #4858
- [CSM-1857] Fix expired Azure secrets being silently dropped by @dipto-truffle in #4845
- Add HTML decoder for secret detection in HTML-formatted sources by @alafiand in #4840
- Split out detector types into separate proto file in order to narrow CODEOWNERS scope by @casey-tran in #4871
New Contributors
- @johnelliott made their first contribution in #4858
- @dipto-truffle made their first contribution in #4845
- @alafiand made their first contribution in #4840
Full Changelog: v3.94.2...v3.94.3
Contributors
bryanbeverly, johnelliott, and 5 other contributors
Assets 11
v3.94.2
What's Changed
- Skip TestAPKHandler by @shahzadhaider1 in #4841
- fix: replace release-guard workflow with revert-latest job by @sysread in #4838
- Deprecated GoogleAPIKey Detector by @nabeelalam in #4853
- todoist: replace deprecated verification endpoint by @rai1612 in #4828
- Add Shopify OAuth Detector by @amanfcp in #4738
- [INS-425] Updated google.golang.org/grpc v1.78.0 --> v1.79.3 by @MuneebUllahKhan222 in #4852
- [INS-421] Re-enabled TestAPKHandler test and updated artifact url by @MuneebUllahKhan222 in #4856
New Contributors
Full Changelog: v3.94.1...v3.94.2
Contributors
sysread, amanfcp, and 4 other contributors
Assets 11
v3.94.1
What's Changed
Full Changelog: v3.94.0...v3.94.1
Contributors
amanfcp
Assets 11
v3.94.0
What's Changed
- Use trContext instead of context throughout Filesystem source by @camgunz in #4804
- Make naming more consistent in the Filesystem source by @camgunz in #4805
- Rearrange some method parameters in the Filesystem source by @camgunz in #4806
- [INS-254] Datadog detector verification fix and endpoint configuration by @MuneebUllahKhan222 in #4616
- [INS-241] Datadogapikey detector by @MuneebUllahKhan222 in #4627
- Analysis info now uses snake case by @MuneebUllahKhan222 in #4765
- Add anypoint oauth2 detector to defaults.go by @mustansir14 in #4722
- Update README formatting and CLI help output by @bryanbeverly in #4758
- Add test cases for escaped unicode by @casey-tran in #4812
- Confine symlink state handling to scanSymlink in Filesystem source by @camgunz in #4807
- Expand tilde manually in TUI by @mcastorina in #4827
New Contributors
- @bryanbeverly made their first contribution in #4758
Full Changelog: v3.93.8...v3.94.0
Contributors
bryanbeverly, mcastorina, and 4 other contributors