Skip to content

release: v1.1.0 with improved state management, security, and concurrency #41

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
merged 1 commit into from
Jun 11, 2025
Merged

release: v1.1.0 with improved state management, security, and concurrency #41

merged 1 commit into from
Jun 11, 2025

Conversation

harrytmthy
Copy link
Owner

Summary

This PR finalizes the v1.1.0 release of SafeBox, delivering major upgrades in lifecycle coordination, cryptographic safety, and multi-threaded performance.

Highlights

Lifecycle Management

  • SafeBoxStateManager: Tracks internal states (STARTING, WRITING, IDLE, CLOSED) to ensure deterministic transitions even under concurrent writes. Prevents invalid state emissions after closure. (#17)
  • Global and Per-instance Observability:
    • SafeBoxGlobalStateObserver monitors file-level state transitions.
    • SafeBoxStateListener allows per-instance state tracking.
      (#12)

Security Hardening

  • XOR-based In-Memory Masking: SafeSecretKey is now XOR-masked using a SHA-256 mask to prevent raw DEK exposure in memory. (#23)
  • On-demand Cipher Lifecycle: AesGcmCipherProvider now creates ciphers only when needed, minimizing sensitive memory retention. (#28)

Cryptographic Concurrency

  • CipherPool: A coroutine-friendly, thread-safe pool for Cipher reuse. Supports load-factor-based scaling, ideal for parallel get() / put() workloads. (#25)
  • SafeBoxExecutor: Internal executor used to schedule async tasks like CipherPool scaling. Designed for future extensibility. (#30)
  • Concurrent Key Access: Both SafeSecretKey and SecureRandomKeyProvider now support multi-threaded access via atomic caching. (#26)

Stability & Compatibility

  • BouncyCastleProvider is now conditionally injected only when ChaCha20 support is missing. Prevents unintentional overrides of external configurations. (#1)
  • compileSdk bumped to 36, ensuring forward compatibility with the latest Android API surface. (#2)

Benchmark Update

  • The README now includes updated v1.1.0 benchmark results, showcasing improvements in:
    • Init time
    • Put performance
    • Commit throughput
    • CipherPool efficiency

GitHub Sponsors & Metadata

  • GitHub Sponsors is now enabled via FUNDING.yml
  • README now includes:
    • Project badges: build status, license, version
    • A new collapsible encryption flow section for better readability

@harrytmthy harrytmthy added this to the 1.1.0 milestone Jun 10, 2025
@harrytmthy harrytmthy self-assigned this Jun 10, 2025
@harrytmthy harrytmthy moved this to In review in SafeBox Roadmap Jun 10, 2025
@harrytmthy harrytmthy merged commit a5f8aca into main Jun 11, 2025
3 checks passed
@harrytmthy harrytmthy deleted the release/1.1.0 branch June 11, 2025 03:07
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees

@harrytmthy harrytmthy

Labels
release
Projects
None yet
Milestone
1.1.0
Development

Successfully merging this pull request may close these issues.
1 participant
@harrytmthy