BlackVectorOps
V4.0.0 #22
xkilldash9x
announced in
Announcements
V4.0.0
#22
Replies: 0 comments
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Uh oh!
There was an error while loading. Please reload this page.
-
Why v4
This release ships breaking changes to the fingerprinting
algorithm and the signature-database schema contract. Both are mechanical incompatibilities, not bug fixes:
Fingerprints from v3 do not match v4. The SCEV
affine-recurrence folding pass (PR Fix non-deterministic hashing of Select and Map Iteration blocks #5) changes the canonical IR of any function containing loops, which changes its fingerprint hash. Code that was semantically equivalent under v3 will look different under v4 (and vice versa).
Existing PebbleDB signature databases are rejected. v4
fails closed when it opens a database whose stored schema version is older than the current binary's. The stored
TopologyHashvalues were produced by v3's canonicalizer and will never match v4 fingerprints, so rebuilding the indexes cannot fix it; you have to re-index the original samples with the v4 binary.Module path bumped to
/v4. Update your imports:github.com/BlackVectorOps/semantic_firewall/v3/...→github.com/BlackVectorOps/semantic_firewall/v4/....Migrating
go install github.com/BlackVectorOps/semantic_firewall/v 4/cmd/sfw@v4.0.0sfw index <sample.go> --name <name> --severity HIGH/v4import path.sfw auditin v3, the audit flow moves to aseparate repo with an MCP server + agent loop:
go install github.com/BlackVectorOps/semantic_firewall_m cp/cmd/sfw-mcp@latestThen
sfw-mcp audit <old> <new> "<msg>" --provider <anthropic|openai|gemini|openai-compatible> --model <name>.See (https://github.com/BlackVectorOps/semantic_firewall_mcp) for the full provider matrix.
Bug fixes (also in this release)
jsondb: nil-pointer panic on non-ENOENTos.Staterrorsjsondb:sigMapdrift afterAddSignaturesbatch insertscheck: panic during analysis now flips the--strictexit code
audit: new--no-sandboxflag for pre-sandboxed CIenvironments
pebbledb: fail closed on older-schema databases (ratherthan silently returning zero matches)
diff: fail closed on non-ENOENTos.StaterrorsWhat's Changed
@xkilldash9x in
⚡ Optimize string accumulation in ExtractTopology #8
@xkilldash9x in
⚡ Optimize GenerateTopologyHash allocations #10
by @xkilldash9x in
⚡ Optimize indexing loop by batching signature additions #11
verification tests by @xkilldash9x in Refine branch differentiation comment and add hash verification tests #12
add tests by @xkilldash9x in
chore: solidify len/cap impurity check for maps/chans and add tests #15
@xkilldash9x in
security: Refactor UTF-8 validation to prevent DoS #13
ShortFuncName by @xkilldash9x in
fix: handle nested parenthesis and brackets in ShortFuncName #17
topology analysis by @xkilldash9x in
Refactor: Use safe type assertion helper for closures in topology analysis #16
by @xkilldash9x in
⚡ Optimize instruction string building in Canonicalizer #18
by @xkilldash9x in
Verify StringVal extraction and remove stale FIX comment #14
⚡ Optimize signature lookup to O(1) #9
1.79.3 by @dependabot in
chore(deps): bump google.golang.org/grpc from 1.78.0 to 1.79.3 in the go_modules group across 1 directory #19
1.41.0 by @dependabot in
chore(deps): bump go.opentelemetry.io/otel from 1.39.0 to 1.41.0 in the go_modules group across 1 directory #20
Fix/security and logic issues #21
Full Changelog: https://github.com/BlackVectorOps/semant
ic_firewall/compare/v3.2.0...v4.0.0
This discussion was created from the release V4.0.0.
Beta Was this translation helpful? Give feedback.
All reactions