v1.2.3

This release contains an important security fix: Do not use zstd.Decoder.DecodeAll on untrusted data (#27)

This issue was uncovered during a security audit performed by 7ASecurity, facilitated by OSTIF, for the OpenTelemetry project.

https://opentelemetry.io/blog/2024/cve-2024-36129/
GHSA-c74f-6mfw-mm4v

v1.2.2

Update go modules, for some security fixes.

v1.2.1

Fix lz4 package, which was accidentally using zstd instead. (#21)

v1.2.0

Add "nonclobbering" imports, for cases where you do not want to override previously registered grpc codecs with the same name.

v1.1.19

• Zstd: use a more appropriate window size for RPC.

v1.1.18

• Upgrade github.com/klauspost/compress v1.15.9 -> v1.16.5
• Upgrade github.com/pierrec/lz4/v4 v4.1.15 -> v4.1.17
• Require go >= 1.17

v1.1.17: add experimental s2 and klauspost_snappy

What's Changed

• Add experimental s2 support by @mostynb in #11
• Add experimental/klauspost_snappy package, which might be more efficient than the google snappy package by @mostynb in #12
• Update deps by @mostynb in #13

Full Changelog: v1.1.16...v1.1.17

v1.1.16: upgrade github.com/klauspost/compress to v1.14.1

Upgrade zstd to 1.14.1

v1.1.15: Upgrade lz4 to v3

Run the tests on push and PR updates

v1.1.14: upgrade github.com/klauspost/compress to v1.13.6, google.golang.org/grpc to v1.42.0

Upgrade github.com/klauspost/compress to v1.13.6 and google.golang.org/grpc to v1.42.0.

This includes the following zstd improvements since v1.13.4:

• pooledZipWriter should return Writers to the same klauspost/compress#426