PastWipe • Release Notes
Last updated: 12 November 2025 (Europe/Madrid)These Release Notes describe changes to the PastWipe platform and RepSec™ components. They are informational and non-contractual. By downloading or using any release, you agree to the applicable license(s) and terms referenced below.
Current Release
Version: 0.9.1 (SemVer)
Build: 2025.11.08-rc1
Release date: 8 November 2025
Components:
- RepSec™ SDK 0.9.1
- RepSec™ CLI 0.9.1
- Portal modules 2025.11
- Policy/Attestation schema v0.9
Stability: Stable RC
Upgrade priority: Recommended
Breaking changes: None
Downloads (role-gated)
You have to register to download. Sign in / Register
repsec-sdk-0.9.1.zip
Download SDKSHA256: REPLACE_WITH_SHA256_SDK
Sig: repsec-sdk-0.9.1.zip.asc
repsec-cli-0.9.1.zip
Download CLISHA256: REPLACE_WITH_SHA256_CLI
Sig: repsec-cli-0.9.1.zip.asc
Postman_RepSec_0.9.1.json
Download Postman JSONrepsec-0.9.1-sbom.json
Download SBOMchecksums-0.9.1.txt • checksums-0.9.1.txt.sig
Download checksums Download signatureWhat’s New in 0.9.1
Added
- Attestation-Bound Neutralization Policies: Added policy.v1.conditions for breach-triggered non-reusability.
- CLI command repsec attest --bind to bind datasets to rotating attestations.
- Portal (Pilot): role-gated, time-limited artifact links; automatic expiry and audit trail.
Changed
- Default policy template upgraded to v0.9 (no breaking changes).
- Improved SDK logging redaction; PII scrubbed by default at INFO level.
- Enhanced retry/backoff in the neutralization endpoint client.
Fixed
- Resolved intermittent 503 portal responses during large artifact downloads.
- Corrected CLI exit codes for verify subcommand in non-interactive shells.
Deprecated
- Legacy flag --neutralize-on-leak deprecated; use --bind with policy conditions.
Known Issues
- Windows PowerShell execution policy may block first-run scripts. Workaround: run as Admin and Set-ExecutionPolicy RemoteSigned -Scope CurrentUser.
- Behind strict outbound proxies, signature verification may require manual key import (see Verify).
Security Notes
Resolved in this release
- SDK: hardened temp-file permissions for artifact verification on Unix-like systems.
- Portal: mitigations for token replay using single-use, time-boxed signed URLs.
Vulnerability Disclosure
Report security issues privately to [email protected]. We follow coordinated disclosure. Do not post details publicly until a fix is available.
Upgrade & Rollback
Prerequisites
- Backup any custom policy templates and local config files.
- Ensure outbound HTTPS to verification keyserver (if used) is allowed.
- Validate disk space for parallel install (~2× package size).
Upgrade (SDK/CLI)
# 1) Verify integrity & signature (see "Verify" section)
# 2) Unzip to tools directory, then:
./repsec --version
./repsec verify --self
./repsec attest --bind --dry-run
Rollback
- Keep previous package available (e.g., repsec-sdk-0.9.0.zip).
- Restore prior config.yaml and policy templates from backup.
- Re-run repsec verify --self after rollback.
Compatibility Matrix
| Component | Supported | Notes |
|---|---|---|
| OS | Windows 10/11, macOS 12+, Ubuntu 20.04/22.04+, RHEL 8/9 | ARM64 builds for macOS included. |
| Python (SDK) | 3.9 – 3.12 | 3.13 support planned. |
| Node (CLI wrapper) | 18, 20, 22 | LTS preferred. |
| Browsers (Portal) | Chrome, Edge, Firefox, Safari (last 2 versions) | Private browsing may block signed URL storage. |
Verify Signatures & Hashes
All artifacts are accompanied by SHA256 checksums and detached signatures (.asc). Verification is strongly recommended in regulated environments.
macOS / Linux
# Check SHA256
shasum -a 256 repsec-sdk-0.9.1.zip
# Import PastWipe public key (example)
gpg --keyserver keyserver.ubuntu.com --recv-keys REPLACE_WITH_KEY_ID
# Verify signature
gpg --verify repsec-sdk-0.9.1.zip.asc repsec-sdk-0.9.1.zip
Windows (PowerShell)
# Check SHA256
Get-FileHash .\repsec-sdk-0.9.1.zip -Algorithm SHA256
# GPG for Windows (if installed)
gpg --verify repsec-sdk-0.9.1.zip.asc repsec-sdk-0.9.1.zip
If your environment blocks external keyservers, contact support to obtain an out-of-band public key bundle and fingerprint.
SBOM & Third-Party Notices
Each release provides a CycloneDX JSON SBOM detailing components and licenses. Review third-party attributions before deployment in restricted environments.
- SBOM: repsec-0.9.1-sbom.json
- Third-party notices: Available via portal — see Resources
- VEX (if applicable): Provided when vulnerabilities are non-exploitable in this product context
Support Lifecycle & Versioning Policy
- Versioning: Semantic Versioning (MAJOR.MINOR.PATCH). Breaking changes only in MAJOR.
- Support window: Latest MINOR and the immediately previous MINOR receive fixes (e.g., 0.9.x and 0.8.x).
- End-of-Life: A release is EOL 6 months after the next MINOR is generally available.
- Deprecations: Deprecated flags/APIs are supported for ≥2 PATCH releases before removal.
Legal Notices (Informational)
Non-contractual nature
These Release Notes are for information only and do not constitute a binding commitment, warranty, or offer. Features and timelines may change.
License & Terms of Use
Use of the PastWipe platform and RepSec™ components is governed by the applicable End User License Agreement (EULA), Terms of Service, and Privacy Policy accepted during registration or download. No rights are granted by these notes.
Restrictions
Unless expressly permitted in your license, reverse engineering, decompilation, or circumvention of technical protections is prohibited. Benchmark disclosures require prior written consent if your license so stipulates.
Export Controls & Sanctions
The software may be subject to U.S. and EU export control and sanctions laws. You may not download or use it in embargoed territories or by prohibited parties. You are responsible for compliance in your jurisdiction.
Data Protection
Where applicable, processing of personal data follows your organization’s controller obligations and the contractual data-processing terms between you and PastWipe. Do not feed sensitive production data into test environments unless lawfully authorized and protected.
Open Source Licenses
Third-party open source components are licensed under their respective terms. Attributions are provided in the Third-Party Notices for each release.
Trademarks & IP
PastWipe and RepSec™ are trademarks of PastWipe S.L. All other marks are the property of their respective owners. Patent rights, if any, are reserved. No patent license is granted by these notes.
Previous Releases
0.9.0 — 10 October 2025
- Initial policy binding primitives.
- Portal artifact gate (beta).
- Improved Windows path handling.
- PowerShell exit codes inconsistent (fixed in 0.9.1).
0.8.5 — 15 September 2025
- PII redaction improvements.
- Retry/backoff tuning.
- No breaking changes.
Support & Contact
General support: [email protected] • Security: [email protected]
© 2025 PastWipe S.L. All rights reserved.