Closed ogxd closed 10 months ago
Fixed in 2.2.5 (published)
I consider yanking a version an exceptional measure, because of the consequences it has, especially when gxhash is a transitive dependency. I consider this case exceptional, as this bug would make the hash function malfunction, which can lead to critical issues in many scenarios and can be very difficult to debug. For other cases such as performance regressions, or even security flaws, yanking wouldn't apply.
Context
For input sizes >= 80 bytes and modulo 16 (length of vector size) the construction is proceeding to reading one vector out of the bounds, making such hashes invalid.
This is a major bug for two reasons:
Todo