Release notes: v2.2.1
Why this release
v2.2.1 is a reliability and security hardening release for the trust core introduced in v2.2.0. It closes a decompression-bomb vector on bundle reads, caps several unbounded stream-reassembly buffers, fixes a crash on non-ASCII provider error text, makes the git tool's subprocess handling actually timeout-safe, unifies akmon bundle verify and agef-verify onto one shared pass/fail implementation so the two verifiers cannot silently diverge, and resolves three supply-chain advisories. No new features, no format changes, no breaking changes.
Top fixes
- Decompression-bomb guard on bundle reads. A malicious or oversized
.akmonarchive could previously expand without bound duringread_bundle, exhausting memory on the machine verifying it. Reading now caps total decompressed bytes and fails closed with a newBundleError::BundleTooLarge. - Unbounded provider stream buffers capped. The Anthropic, OpenAI-compatible, and Ollama streaming readers, and the Bedrock event-stream frame reader, now cap how much they buffer while waiting for a delimiter, instead of growing without bound against a broken or hostile endpoint.
- Crash on non-ASCII provider error text fixed. Error-body truncation panicked when a byte offset landed inside a multi-byte UTF-8 codepoint; truncation is now always character-boundary-safe.
- Git tool subprocess reliability. Git subcommands now share a single async, timeout-guarded runner that actually kills the child process on timeout, instead of leaking a process and a runtime thread.
akmon bundle verifyandagef-verifyunified. Both binaries now call one shared implementation of the report shape and pass/fail policy, eliminating duplicated trust-decision logic that could previously drift between them. Output is unchanged.- Supply-chain advisories resolved. Updated
bitstream-io,anyhow, andcrossbeam-epochto clear a yanked transitive dependency and two RUSTSEC advisories. No manifest changes.
See CHANGELOG.md for the complete list.
Upgrade notes
- Safe upgrade from v2.2.0. AGEF stays at v0.1.3; no bundle format, journal format, or CLI flag changes.
- All fixes are additive hardening; existing journals and bundles remain readable and byte-identical on write.
Verification checklist
akmon --version # should report 2.2.1
agef-verify --version # should report 2.2.1
sha256sum --check SHA256SUMS
Docs links
- Release notes: v2.2.0 (the trust-layer release this hardens)
- Changelog