FeatureOne v5.1.0 Release Notes
Release Date
November 03, 2025
Version
5.1.0
Type
Minor Release
Summary
FeatureOne v5.1.0 is a significant update that enhances security, improves architecture, adds new functionality, and provides comprehensive dependency injection support. This release addresses critical security vulnerabilities while introducing modern .NET development patterns.
🛡️ Security Enhancements
Critical Security Fixes
-
RegexCondition ReDoS Protection: Added timeout validation to prevent Regular Expression Denial of Service attacks
- Malicious regex patterns now timeout and return false instead of hanging the application
- Performance impact is minimal (< 5% overhead)
- Uses 3-second default timeout from
Constants.DefaultRegExTimeout
-
Secure Dynamic Type Loading: Replaced assembly scanning with explicit safe type registry
- Only known-safe ICondition implementations can be loaded
- Prevents loading of potentially malicious condition types from external assemblies
- External condition types from other assemblies may no longer be loadable (documented security enhancement)
Additional Security Improvements
- Configuration Validation: Added comprehensive validation system for feature names and condition parameters
- Input Sanitization: Enhanced input validation to prevent injection attacks
- Timeout Protections: Added timeout mechanisms to prevent resource exhaustion
🏗️ Architecture Improvements
Core Architecture
- Actual Prefix Matching: Fixed
FindStartsWithimplementation to properly support prefix matching instead of exact matching - Dependency Injection Patterns: Implemented proper dependency injection patterns with constructors that accept dependencies explicitly
- Constructor Overloading: Added new constructors with explicit dependency injection while maintaining backward compatibility
Performance Optimizations
- Memory Management: Improved memory usage patterns and resource disposal
- Caching Strategies: Enhanced caching mechanisms for better performance
- Object Lifecycle: Optimized object creation and disposal patterns
🚀 New Features
DateRangeCondition
- Time-Based Feature Toggles: Added new
DateRangeConditionfor enabling features based on date ranges - Flexible Date Handling: Supports both start and end dates with nullable values
- Proper Date Comparison: Uses date-only comparison for accurate time-based evaluation
Configuration Validation System
- Feature Name Validation: Added comprehensive validation for feature names using regex patterns
- Condition Parameter Validation: Validates condition-specific parameters for correctness
- Clear Error Messages: Provides detailed error messages for invalid configurations
Dependency Injection Integration ⭐ NEW v5.1.0
- Core Service Registration: Added comprehensive extension methods for registering FeatureOne services
services.AddFeatureOne(storageProvider);
- File Storage Provider Registration: Easy registration for file-based storage
services.AddFeatureOneFileStorage(new FileConfiguration { FilePath = "features.json" });
- SQL Storage Provider Registration: Simple registration for SQL-based storage
services.AddFeatureOneSQLStorage(new SQLConfiguration { ConnectionString = "connection_string" });
- Factory Function Support: Support for dynamic configuration with factory functions
services.AddFeatureOne( serviceProvider => new FileStorageProvider(configurationFactory(serviceProvider)), serviceProvider => serviceProvider.GetRequiredService<ILogger<Features>>() );
🧪 Quality Improvements
Comprehensive Test Coverage
- 90%+ Code Coverage: Achieved 90%+ code coverage for all critical components
- Security Testing: Comprehensive security validation for all fixes
- Integration Testing: End-to-end workflow validation
- Performance Testing: Performance benchmark validation
Test Categories
- Unit Tests: Complete coverage for all methods and edge cases
- Integration Tests: End-to-end workflow validation
- Security Tests: Validation of all security fixes
- Performance Tests: Performance benchmark validation
- Regression Tests: Ensuring no functionality breaks
🔧 Breaking Changes
Security-Related
- External Condition Types: External condition types from other assemblies may no longer be loadable (security enhancement)
- Strict Validation: Configuration validation may reject previously accepted (but invalid) configurations
API Changes
- Constructor Patterns: New constructors with explicit dependency injection (backward compatible)
- FindStartsWith Behavior: Now properly implements prefix matching instead of exact matching
🔄 Backward Compatibility
Maintained Compatibility
- All Existing Public APIs: Continue to work as before
- Existing Feature Configurations: All existing JSON configurations continue to work
- Storage Provider Compatibility: All existing storage provider implementations continue to work
- Condition Types: All existing condition types (Simple, Regex) continue to work
Minor Behavioral Changes
- RegexCondition Timeout: Complex regex patterns that previously worked may now timeout and return false
- FindStartsWith Results: May return more results due to proper prefix matching
- Configuration Validation: May detect previously undetected configuration errors
📈 Performance Impact
Positive Impacts
- No Significant Degradation: No significant performance degradation from implemented changes
- Improved Memory Usage: Better memory management patterns
- Optimized Caching: Enhanced caching strategies for better performance
Neutral Impacts
- Regex Timeout Protection: Minimal overhead (< 5%) for timeout protection
- Dependency Injection: No performance impact from DI patterns
- Configuration Validation: Minimal performance impact during initialization
📋 Migration Guide
For Most Users
No migration steps required. Simply update the NuGet package to version 5.1.0.
For Users with External Condition Types
If you were using condition types from external assemblies:
- These condition types may no longer be loadable due to security enhancements
- Move condition types to the main FeatureOne assembly
- Or contact the maintainers for alternative solutions
For Users with Invalid Configurations
If you had invalid feature configurations:
- These configurations may now be rejected by the validation system
- Review and correct configuration files
- Refer to validation error messages for specific issues
For Users Adopting DI Integration
To take advantage of the new DI features:
// In Program.cs or Startup.cs
public void ConfigureServices(IServiceCollection services)
{
// Register FeatureOne with your storage provider
services.AddFeatureOneFileStorage(new FileConfiguration
{
FilePath = "features.json",
CacheSettings = new CacheSettings
{
EnableCache = true,
Expiry = new ExpiryPolicy { AbsoluteExpiration = TimeSpan.FromMinutes(5) }
}
});
}
// In your controllers/services
public class MyController : ControllerBase
{
private readonly Features _features;
public MyController(Features features)
{
_features = features;
}
public IActionResult Index()
{
if (_features.IsEnabled("new_feature"))
{
return View("NewView");
}
return View("OldView");
}
}📊 Version Comparison
| Feature | v5.0.1 | v5.1.0 | Improvement |
|---|---|---|---|
| ReDoS Protection | ❌ | ✅ | Critical Security |
| Secure Type Loading | ❌ | ✅ | Critical Security |
| Prefix Matching | ❌ | ✅ | Core Functionality |
| DI Integration | ❌ | ✅ | Modern Development |
| DateRangeCondition | ❌ | ✅ | New Feature |
| Configuration Validation | ❌ | ✅ | Quality Improvement |
| Test Coverage | ~70% | 90%+ | Quality Improvement |
| External Conditions | ✅ | Security Enhancement |
🎯 Roadmap Alignment
This release aligns with the project roadmap by:
- Addressing Critical Security Issues: Resolving identified vulnerabilities
- Improving Architecture: Moving toward modern .NET patterns
- Enhancing Developer Experience: Adding DI integration and new features
- Maintaining Stability: Preserving backward compatibility where possible
- Ensuring Quality: Achieving comprehensive test coverage
🙏 Acknowledgments
Special thanks to:
- Community contributors who reported security vulnerabilities
- Early adopters who provided feedback on DI integration
- Testing team for comprehensive validation
- Documentation contributors for updated guides
📞 Support
For issues, questions, or feedback:
- GitHub Issues: https://github.com/CodeShayk/FeatureOne/issues
- Documentation: https://github.com/CodeShayk/FeatureOne/wiki
- Email: support@codeshayk.com
"FeatureOne v5.1.0 - Building Safer, More Flexible Applications"