PastWipe • Release Notes

Last updated: 12 November 2025 (Europe/Madrid)

These Release Notes describe changes to the PastWipe platform and RepSec™ components. They are informational and non-contractual. By downloading or using any release, you agree to the applicable license(s) and terms referenced below.

Current Release

Version: 0.9.1 (SemVer)

Build: 2025.11.08-rc1

Release date: 8 November 2025

Components:

  • RepSec™ SDK 0.9.1
  • RepSec™ CLI 0.9.1
  • Portal modules 2025.11
  • Policy/Attestation schema v0.9

Stability: Stable RC

Upgrade priority: Recommended

Breaking changes: None

Downloads (role-gated)

You have to register to download. Sign in / Register

RepSec SDK 0.9.1

repsec-sdk-0.9.1.zip

Download SDK

SHA256: REPLACE_WITH_SHA256_SDK
Sig: repsec-sdk-0.9.1.zip.asc

RepSec CLI 0.9.1

repsec-cli-0.9.1.zip

Download CLI

SHA256: REPLACE_WITH_SHA256_CLI
Sig: repsec-cli-0.9.1.zip.asc

Postman Collection (0.9.1)

Postman_RepSec_0.9.1.json

Download Postman JSON
SBOM (CycloneDX JSON)

repsec-0.9.1-sbom.json

Download SBOM
Checksums & Signatures

checksums-0.9.1.txt • checksums-0.9.1.txt.sig

Download checksums   Download signature

What’s New in 0.9.1

Added

  • Attestation-Bound Neutralization Policies: Added policy.v1.conditions for breach-triggered non-reusability.
  • CLI command repsec attest --bind to bind datasets to rotating attestations.
  • Portal (Pilot): role-gated, time-limited artifact links; automatic expiry and audit trail.

Changed

  • Default policy template upgraded to v0.9 (no breaking changes).
  • Improved SDK logging redaction; PII scrubbed by default at INFO level.
  • Enhanced retry/backoff in the neutralization endpoint client.

Fixed

  • Resolved intermittent 503 portal responses during large artifact downloads.
  • Corrected CLI exit codes for verify subcommand in non-interactive shells.

Deprecated

  • Legacy flag --neutralize-on-leak deprecated; use --bind with policy conditions.

Known Issues

  • Windows PowerShell execution policy may block first-run scripts. Workaround: run as Admin and Set-ExecutionPolicy RemoteSigned -Scope CurrentUser.
  • Behind strict outbound proxies, signature verification may require manual key import (see Verify).

Security Notes

No known critical vulnerabilities in 0.9.1. We continuously review dependencies; SBOM and VEX statements are provided with each release.

Resolved in this release

  • SDK: hardened temp-file permissions for artifact verification on Unix-like systems.
  • Portal: mitigations for token replay using single-use, time-boxed signed URLs.

Vulnerability Disclosure

Report security issues privately to [email protected]. We follow coordinated disclosure. Do not post details publicly until a fix is available.

Upgrade & Rollback

Prerequisites

  • Backup any custom policy templates and local config files.
  • Ensure outbound HTTPS to verification keyserver (if used) is allowed.
  • Validate disk space for parallel install (~2× package size).

Upgrade (SDK/CLI)

# 1) Verify integrity & signature (see "Verify" section)
# 2) Unzip to tools directory, then:
./repsec --version
./repsec verify --self
./repsec attest --bind --dry-run
          

Rollback

  • Keep previous package available (e.g., repsec-sdk-0.9.0.zip).
  • Restore prior config.yaml and policy templates from backup.
  • Re-run repsec verify --self after rollback.
Note: No schema migrations are introduced in 0.9.1. Rollback is safe.

Compatibility Matrix

ComponentSupportedNotes
OSWindows 10/11, macOS 12+, Ubuntu 20.04/22.04+, RHEL 8/9ARM64 builds for macOS included.
Python (SDK)3.9 – 3.123.13 support planned.
Node (CLI wrapper)18, 20, 22LTS preferred.
Browsers (Portal)Chrome, Edge, Firefox, Safari (last 2 versions)Private browsing may block signed URL storage.

Verify Signatures & Hashes

All artifacts are accompanied by SHA256 checksums and detached signatures (.asc). Verification is strongly recommended in regulated environments.

macOS / Linux

# Check SHA256
shasum -a 256 repsec-sdk-0.9.1.zip
# Import PastWipe public key (example)
gpg --keyserver keyserver.ubuntu.com --recv-keys REPLACE_WITH_KEY_ID
# Verify signature
gpg --verify repsec-sdk-0.9.1.zip.asc repsec-sdk-0.9.1.zip
          

checksums-0.9.1.txtchecksums-0.9.1.txt.sig

Windows (PowerShell)

# Check SHA256
Get-FileHash .\repsec-sdk-0.9.1.zip -Algorithm SHA256
# GPG for Windows (if installed)
gpg --verify repsec-sdk-0.9.1.zip.asc repsec-sdk-0.9.1.zip
          

If your environment blocks external keyservers, contact support to obtain an out-of-band public key bundle and fingerprint.

SBOM & Third-Party Notices

Each release provides a CycloneDX JSON SBOM detailing components and licenses. Review third-party attributions before deployment in restricted environments.

  • SBOM: repsec-0.9.1-sbom.json
  • Third-party notices: Available via portal — see Resources
  • VEX (if applicable): Provided when vulnerabilities are non-exploitable in this product context

Support Lifecycle & Versioning Policy

  • Versioning: Semantic Versioning (MAJOR.MINOR.PATCH). Breaking changes only in MAJOR.
  • Support window: Latest MINOR and the immediately previous MINOR receive fixes (e.g., 0.9.x and 0.8.x).
  • End-of-Life: A release is EOL 6 months after the next MINOR is generally available.
  • Deprecations: Deprecated flags/APIs are supported for ≥2 PATCH releases before removal.

Legal Notices (Informational)

Non-contractual nature

These Release Notes are for information only and do not constitute a binding commitment, warranty, or offer. Features and timelines may change.

License & Terms of Use

Use of the PastWipe platform and RepSec™ components is governed by the applicable End User License Agreement (EULA), Terms of Service, and Privacy Policy accepted during registration or download. No rights are granted by these notes.

Restrictions

Unless expressly permitted in your license, reverse engineering, decompilation, or circumvention of technical protections is prohibited. Benchmark disclosures require prior written consent if your license so stipulates.

Export Controls & Sanctions

The software may be subject to U.S. and EU export control and sanctions laws. You may not download or use it in embargoed territories or by prohibited parties. You are responsible for compliance in your jurisdiction.

Data Protection

Where applicable, processing of personal data follows your organization’s controller obligations and the contractual data-processing terms between you and PastWipe. Do not feed sensitive production data into test environments unless lawfully authorized and protected.

Open Source Licenses

Third-party open source components are licensed under their respective terms. Attributions are provided in the Third-Party Notices for each release.

Trademarks & IP

PastWipe and RepSec™ are trademarks of PastWipe S.L. All other marks are the property of their respective owners. Patent rights, if any, are reserved. No patent license is granted by these notes.

Previous Releases

0.9.0 — 10 October 2025
Highlights
  • Initial policy binding primitives.
  • Portal artifact gate (beta).
Fixes
  • Improved Windows path handling.
Known issues
  • PowerShell exit codes inconsistent (fixed in 0.9.1).
0.8.5 — 15 September 2025
Highlights
  • PII redaction improvements.
Fixes
  • Retry/backoff tuning.
Notes
  • No breaking changes.

Support & Contact

General support: [email protected] • Security: [email protected]

© 2025 PastWipe S.L. All rights reserved.