Skip to content

fix: patch 5 security vulnerabilities found in audit#12

Merged
Raezil merged 1 commit into
mainfrom
fix/security-vulnerabilities
May 21, 2026
Merged

fix: patch 5 security vulnerabilities found in audit#12
Raezil merged 1 commit into
mainfrom
fix/security-vulnerabilities

Conversation

@Raezil
Copy link
Copy Markdown
Member

@Raezil Raezil commented May 21, 2026

  • Fail-fast nil dispatcher and zero buffer size in NewEventStore
  • Recover panicking handlers in async workers so wg.Done() always fires and the worker pool is never silently exhausted
  • Remove __ctx magic key from execute() and Transaction.Commit() to prevent context injection via Args
  • Lock txMu in Rollback() to prevent concurrent Subscribe from losing events when head is reset
  • Add regression tests for panic recovery and invalid constructor args

@Raezil @claude
fix: patch 5 security vulnerabilities found in audit
277dac0 
- Fail-fast nil dispatcher and zero buffer size in NewEventStore
- Recover panicking handlers in async workers so wg.Done() always fires
  and the worker pool is never silently exhausted
- Remove __ctx magic key from execute() and Transaction.Commit() to
  prevent context injection via Args
- Lock txMu in Rollback() to prevent concurrent Subscribe from losing
  events when head is reset
- Add regression tests for panic recovery and invalid constructor args

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@Raezil Raezil merged commit d7604f9 into main May 21, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Raezil