Releases: Agoric/SES
SES-0.5.0
Release 0.5.0 (05-Apr-2019)
INCOMPATIBLE API CHANGE: Starting with this release, the SES package exports
a single default object (named SES, from which you can get the
SES.makeSESRootRealm() function). Previously, it exported both a SES
object and the makeSESRootRealm function.
Code which uses this package as an ES6 module must change its import from
import { SES } from 'ses'; to:
import SES from 'ses';Similarly, for code which uses CommonJS-style, it must change from const { SES } = require('ses') to:
const SES = require('ses')The package now exports bundles in various flavors: CommonJS, ES6 Module, and
browser-based UMD.
Other changes:
- whitelist Symbol.matchAll, to fix Chrome-v73 (Issue #90)
- change primary export #88
- improve documentation #66 #67
- add integration tests #85
- packaging: remove ses-shim.js, add other generated bundles
- update Realms shim to commit 0c00eb, to fix Browserify #79
- test against node v10/v11, switch from travis to circleci #73
- fix examples #102
Thanks to Matt Bell, Kate Sills, and Mark Miller for additional fixes in this
release.
SES-0.4.0
Release 0.4.0 (20-Feb-2019)
Improve usability.
- remove
Natanddeffrom the global environment #45 - provide a helper function named
s.makeRequire()to build arequire
endowment. This can be configured to enablerequire('@agoric/nat')or
require('@agoric/harden')(among others), so the same code can work
either inside or outside of a SES realm. For details of its configuration,
see the comments in the commit which landed it. #13 - harden() comes from
@agoric/make-hardener, which doesn't climb
prototype/inheritance chains, but does complain if the prototype wasn't
already known to harden(). This avoids the "Ice-9" freeze-the-world
problem, and also serves to signal when an object from one realm is passed
into the harden() of a different realm. #15 - harden() now shares a WeakSet of previously-hardened objects #4
- use harden() instead of def() #39
- SES no longer depends upon Nat, but uses it during unit tests. Client code
that wants Nat should userequire('@agoric/nat'). #45 - Include AsyncIteratorPrototype in the set of anonIntrinsics #58
- use eslint to format all SES code
0.3.0
release 0.3.0: improves security and functionality
This fixes all known confinement leaks:
- We now freeze AsyncGeneratorFunction and AsyncFunction, the last of the
"anonymous" intrinsics (which are reachable by syntax but not simple
property lookup). In the previous release, attacker code could modify their
behavior (which defender code might have been relying upon) or use them as
a communication channel. (#3, #41) - We now remove all unknown properties from the global object, using a
special list of ones that are safe to expose. This protects us from
surprising platform-specific objects, or newly-added standard JS objects
that have not yet been examined for safety. The 'Intl' object is currently
removed by this check (andintlMode: "allow"has been removed), but may
be brought back in a future release. (#26) - RegExp.prototype.compile is removed unconditionally (even if regexpMode:
"allow" is set), because it violates the semantics of Object.freeze
It also improves usability:
- Uncaught exceptions in Node.js are now rendered correctly when the
errorStackMode: "allow"option is enabled. In the previous release, such
exceptions were always displayed as "undefined", which was particularly
unhelpful. If your program is abruptly exiting with "undefined", try
turning this option on while you're debugging. But don't leave it on,
because it probably enables a confinement breach. - SES is an ES6 module, but should now be importable with
require()by
other code which is unaware of ES6 modules, because it now uses theesm
module internally. (#32) console.logis now available within the confined code, if the
consoleMode: "allow"option is enabled. If this is disabled,
console.log()will throw aTypeError(sinceconsoleis undefined, it
has nologproperty). Many otherconsolemethods (but not all) are
exposed too. (#35)
SES now requires Node.js version 10 or later.