1.1.1preview (Tool surface scope security hotfix)

[ShadowKnightMK4]

The change log goes over a lot of things. The Big one is listed here.

⚠️ CRITICAL SECURITY ADVISORY (Update Highly recommended. )

Versions prior to v1.1.1-preview are deprecated and unsupported. Previous versions contained a non zero Denial of Service (DoS) vulnerability chance. Improperly configured or maliciously crafted circular VirtualTool dependencies could cause a fatal, uncatchable StackOverflowException, immediately crashing the host process or deadlocking it.

Version 1.1.1-preview and later introduces a hardened graph-traversal engine with cycle detection (HashSet-based reference tracking) and strict recursion depth limits (default 2000) that safely throw a catchable VirtualTool_NestedOverflow exception. All users are highly recommanded to upgrade to this version.. If you must not, it is recommanded to either avoid VirtualTool design or ensure they are vetted against self referencing loops for example.

⚠️ What the fix means:
by default you have a soft limit of 2000 individual virtual tools if using the VirtualTool ButlerSDK system. The ToolSurfaceScope scanner visits each tool in the list only once, skippping it if it already was seen due to the assumption that attribute based flags (like the tool surface scope) cannot can't at runtime. 2000 is the default limit and is customizable via ToolSurfaceFlagChecking.MaxDepthLevel property.

That version has been bumped to v1.1.1preview with a fix and some limits to prevent unbounded

CHANGE In the Windows Vault Key Creator.
It will truncate the file when it saves a vault to the disk first to guard against data corruption.

The rest of the code is equivalent to version 1.1.0preview.

Code and nugets in the code compiled with RELEASE configuration.

---

This discussion was created from the release 1.1.1preview (Tool surface scope security hotfix).