@@ -5,7 +5,7 @@ All notable changes to this project will be documented in this file.
55The format is based on [ Keep a Changelog] ( https://keepachangelog.com/en/1.0.0/ ) ,
66and this project adheres to [ Semantic Versioning] ( https://semver.org/spec/v2.0.0.html ) .
77
8- ## [ Unreleased ]
8+ ## [ 0.8.6 ] - 2026-01-07
99
1010### Added
1111
@@ -122,6 +122,75 @@ and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0
122122 - **Implementation**: Query detection in `utils.rs:should_use_query()`, SQL generation in `connection.ex:explain_query/4`
123123 - **Test coverage**: 12 tests across `explain_simple_test.exs` and `explain_query_test.exs`
124124
125+ - **STRICT Table Option Support**
126+ - Added support for SQLite' s STRICT table option for stronger type enforcement
127+ - Usage : Pass `options: [strict: true ]` to `create table ()` in migrations
128+ - Example :
129+ ```elixir
130+ create table (:users , options: [strict: true ]) do
131+ add :name , :string
132+ add :age , :integer
133+ end
134+ ```
135+ - STRICT tables enforce column type constraints at INSERT / UPDATE time
136+ - Helps catch type errors early and ensures data integrity
137+ - Can be combined with other table options
138+
139+ - ** Enhanced JSON and JSONB Functions **
140+ - Added comprehensive JSON manipulation functions for working with JSON data
141+ - SQL injection protection with proper parameter handling
142+ - Functions include `json_extract/ 2 `, `json_type/ 2 `, `json_valid/ 1 `, and more
143+ - Consolidated JSON result handling for consistent behaviour
144+ - Extensive test coverage for all JSON operations
145+
146+ - ** Cross - Connection Security Tests **
147+ - Added comprehensive tests for transaction isolation across connections
148+ - Validates that transactions from one connection cannot be accessed by another
149+ - Tests cover savepoints, prepared statements, and cursors
150+ - Ensures strict connection ownership and prevents security vulnerabilities
151+
152+ - ** Generated / Computed Columns Documentation **
153+ - Added documentation for SQLite ' s generated column support
154+ - Covers both VIRTUAL and STORED generated columns
155+ - Examples of computed columns in migrations
156+
157+ ### Security
158+
159+ - **CVE-2025-47736 Protection**
160+ - Comprehensive parameter validation to prevent atom table exhaustion
161+ - Improved parameter extraction to avoid malicious input exploitation
162+ - Validates all named parameters against statement introspection
163+ - Proper error handling for invalid or malicious parameter names
164+ - See [security documentation](SECURITY.md) for details
165+
166+ ### Fixed
167+
168+ - **Statement Caching Improvements**
169+ - Replaced unbounded `persistent_term` cache with bounded ETS LRU cache
170+ - Prevents memory leaks from unlimited prepared statement caching
171+ - Configurable cache size with automatic eviction of least-recently-used entries
172+ - Improved cache performance and memory footprint
173+
174+ - **Error Handling Improvements**
175+ - Propagate parameter introspection errors instead of silently falling back
176+ - Return descriptive errors for invalid argument types in parameter normalisation
177+ - Improved error tuple handling in fuzz tests
178+ - Better error messages throughout the codebase
179+
180+ - **Code Quality Improvements**
181+ - Fixed Credo warnings (nesting, unused variables, assertions)
182+ - Standardised unused variable naming for consistency
183+ - Improved test reliability and reduced flakiness
184+ - Better state threading in security tests
185+ - Fixed binary blob round-trip handling in tests
186+
187+ ### Changed
188+
189+ - **Rust UTF-8 Validation Cleanup**
190+ - Removed redundant UTF-8 validation comments and tautological boundary checks
191+ - Removed redundant `validate_utf8_sql` function (SQLite already validates UTF-8)
192+ - Cleaner, more maintainable codebase
193+
125194## [0.8.3] - 2025-12-29
126195
127196### Added
0 commit comments