Skip to content

Feature/3.6.0#14

Closed
charlesoj6205 wants to merge 2 commits into
mainfrom
feature/3.6.0
Closed

Feature/3.6.0#14
charlesoj6205 wants to merge 2 commits into
mainfrom
feature/3.6.0

Conversation

@charlesoj6205

@charlesoj6205 charlesoj6205 commented Jun 2, 2026

Copy link
Copy Markdown
Contributor

Merged security PR

naynovi and others added 2 commits June 1, 2026 13:41
@naynovi
Revise SECURITY.md for clarity on versions and reporting
f70c37c 
Updated the security policy to clarify supported versions and reporting process.
@charlesoj6205
Merge branch 'pr-13' into feature/3.6.0
0166a0c
Copilot AI reviewed Jun 2, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds a SECURITY.md policy file to document supported versions and provide a private vulnerability reporting channel for this library.

Changes:

  • Introduces SECURITY.md with a supported-version matrix.
  • Documents the process for reporting vulnerabilities via email.

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

Comment thread SECURITY.md
@@ -0,0 +1,15 @@

We maintain updates and patches in the latest release. Earlier versions will still work, but will have less functionalities than later versions.
Comment thread SECURITY.md
Thank you for letting us know about possible security vulnerabilities to this project.
Please don’t publish details in a public issue or PR, send us a private email at support@approov.io. Please disclose which version your report refers to.

Your message will recieve a prompt reply.
Comment thread SECURITY.md
Comment on lines +5 to +8
| Version | Supported |
| ------- | ------------------ |
| 3.5.x | :white_check_mark: |
| < 3.4 | :x: |
@ivolz

ivolz commented Jun 21, 2026

Copy link
Copy Markdown
Contributor

Superseded. Its only net change over feature/initialize-guard-service-layers was SECURITY.md, which has been folded into that branch (the 3.5.6 init-guard / bypass / state-preservation work), with the supported-versions threshold corrected to < 3.5. Closing in favour of that branch; the feature/3.6.0 remote branch is left intact.

@ivolz ivolz closed this Jun 21, 2026
ivolz added a commit that referenced this pull request Jun 21, 2026
@ivolz
feat!: remove automated query param substitution (Issue #14); release…
8cb5cc3 
… 3.5.7

java.net.URL is immutable once the connection is opened, and the automated
query-substitution path broke the request-mutation tracking message signing
relies on. Removed the public API (addSubstitutionQueryParam,
removeSubstitutionQueryParam, getSubstitutionQueryParams, substituteQueryParams,
substituteQueryParam) and the automated substitution in the addApproov flow.
Secure-string query values are now fetched manually via fetchSecureString() and
built into the URL before openConnection(). USAGE.md/REFERENCE.md updated.

BREAKING CHANGE: query-parameter substitution APIs removed.
@ivolz ivolz mentioned this pull request Jun 21, 2026
Open
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@ivolz ivolz Awaiting requested review from ivolz

@adriantuk adriantuk Awaiting requested review from adriantuk

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@charlesoj6205 @ivolz @naynovi