v1.5.1
This is a release of my forked project, from branch fork. See below for full changelog, listing all commits since previous fork release. The primary asset of the release is a direct download link for a ready-to-use build of the application's single executable, as well as an alternative .zip archive containing the same executable. It is built with Go version 1.21.3.
About this fork
This release is from my fork of jstarks/npiperelay, adding some smaller improvements on top of upstream release v0.1.0. The changes are conservative; primary concern is to keep the code updated and secure, considering upstream has not been updated since this first release back in mid 2020. See previous release notes for fork releases starting with v1.0.0 to learn about all changes.
Checksums
The SHA-256 checksums of the binary release assets are published as text file asset npiperelay_checksums.txt. Note that the .zip asset for the amd64 (x64/64-bit) and 386 (x86/32-bit) architectures both contain a single executable with name npiperelay.exe, and it is identical to the .exe asset with same name as the .zip asset, i.e. npiperelay_windows_386.exe and npiperelay_windows_amd64.exe, and should therefore have the same checksum.
These are the SHA-256 checksums of all binary release assets, as published in npiperelay_checksums.txt:
0216c7baaf4d0572a7bed85da62079b86e23b829f04c25fe577a7dd9b1c679e0 npiperelay_windows_386.exe
3f1b09ef38a7e1dd5cd3ab8fbccf6ae0c7742ecefe764815e76d94a21a1c9937 npiperelay_windows_amd64.zip
4f29a6a758e6dd7410741c44a63428ea2e59f98f749b62b89763542cd33bdb8f npiperelay_windows_amd64.exe
ba4f92ca545edf9e57b4c03ee37408f661175e00bcbd913e2c7650f2ba5d3742 npiperelay_windows_386.zip
Antivirus
If your local antivirus treats the downloaded archive or executable as suspicious or malicious, you should try to report it as a false positive, e.g. to Symantec on symsubmit.symantec.com (select "Clean software incorrectly detected"). At the time of the release, no security vendors on VirusTotal flagged the asset download urls as malicious, but some very few (well below 10%) did flag the zip archive and executable files themselves (see report for each of the assets in expandable section below). The implementation is less than 300 lines of go code, plus a single, commonly used, third party dependency. The source code is automatically run through vulnerability analysis, using Go's govulncheck and GitHub's CodeQL, and a long list of code quality checks (linters), using golangci-lint (see .golangci.yml for the complete list). If you do worry, you are free to analyse the code yourself, and you can also build the executable locally from source.
Changelog
Commits since previous fork release:
- a50d680 Bump golang.org/x/sys from 0.12.0 to 0.13.0
- dee0642 Bump golang.org/x/sys from 0.11.0 to 0.12.0
- a325bca Bump goreleaser/goreleaser-action from 4 to 5
- 88b94c7 Skipping CodeQL when running Dependabot Pull Request check
- b8032b3 Bump actions/checkout from 3 to 4 and hide fetch progress
- a7d548c Improvements to the GoReleaser release notes template
- 8e50904 Start running vulnerability scans on schedule
- 50c0ca0 Add CodeQL (GitHub vulnerability analysis) to github workflow
- 6ce1c4e Change GitHub build workflow to use version of go from go.mod
- b932932 Reduce GitHub build workflow run time by fetching only the current commit
(Application executable in release assets built with Go version 1.21.3).