ZeroizePy v1.2.0 – Advanced Secure Erasure, Platform Stability Upgrades and Expanded Threat-Model Protections

Merge pull request #14 from xavenordu/patch-8

Reformat pyproject.toml with consistent structure

ZeroizePy v1.1.5 – Advanced Secure Erasure, Platform Stability Upgrades and Expanded Threat-Model Protections

---

ZeroizePy v1.1.5

Release Date: 2025-12-09

New Features

• Introduced a unified wipe_file() high-level helper that automatically selects the safest supported strategy per platform.
• Added internal reference counters to improve tracking of SecureMemory buffer lifecycle events.
• Implemented more granular debug flags for developers testing memory-zeroing visibility across OS configurations.

Behavior Improvements

Linux/macOS

• More stable sparse-file detection on layered and complex filesystems.
• Clearer warnings when wiping unsupported virtual mounts (FUSE, encrypted volumes, etc.).
• Zeroing routines now emit detailed diagnostics when libsodium is unavailable, specifying which features fall back to software-only erasure.

Windows

• Improved memory-locking stability under WSL2 and container environments.
• Reduced false-positive alerts caused by Windows duplicating memory pages internally.
• Reworked file-wipe retry logic to handle lingering file handles held by background services.

File Systems

• Added heuristics to detect deduplication-based block overrides, recommending cryptographic erase where necessary.
• Enhanced detection of logical vs physical size mismatches in sparse or compressed files.

Security Notes

• Immutable Python objects (bytes, str) still cannot be securely zeroed; documentation now includes a compatibility matrix for all buffer types.
• Added guidance explaining how tracing/profiling tools may temporarily retain references to sensitive buffers.
• Reinforced recommendation to pair cryptographic erase with overwrite methods for SSDs and CoW filesystems.

Threat Model Adjustments

ZeroizePy additionally protects against:

• Partial persistence of temporary buffers created implicitly during I/O operations.
• Residual plaintext exposure in multithreaded cleanup routines.

ZeroizePy still cannot defend against:

• Hypervisor-level snapshots in cloud or container environments.
• Kernel modules capable of intercepting memory before zeroing.
• GPU/accelerator memory leaks (support planned in future versions).

Fixes & Internal Improvements

• Resolved timing inconsistencies in wipe loops under heavy I/O load.
• Tightened exception paths to ensure FileAccessError fires before any incomplete wipe.
• Expanded test suite with new stress scenarios for concurrent secure memory operations.
• Revised documentation to clarify logical deletion, overwriting, and cryptographic erasure strategies.

Documentation Updates

• Updated Quick Start with an end-to-end “secure file lifecycle” example.
• Added troubleshooting table for common OS-specific limitations.
• Clarified semantics of SecureMemory.close() vs SecureMemory.zero() to prevent misuse.

---

ZeroizePy v1.1.4 – Enhanced Reliability and Security Refinements

ZeroizePy v1.1.4

Release Date: 2025-12-06

---

New Features

• Introduced a unified wipe_file() high-level helper that automatically selects the safest supported strategy per platform.
• Added internal reference counters to improve tracking of SecureMemory buffer lifecycle events.
• Implemented more granular debug flags for developers testing memory-zeroing visibility across OS configurations.

---

Behavior Improvements

Linux/macOS

• More stable sparse-file detection on layered and complex filesystems.
• Clearer warnings when wiping unsupported virtual mounts (FUSE, encrypted volumes, etc.).
• Zeroing routines now emit detailed diagnostics when libsodium is unavailable, specifying which features fall back to software-only erasure.

Windows

• Improved memory-locking stability under WSL2 and container environments.
• Reduced false-positive alerts caused by Windows duplicating memory pages internally.
• Reworked file-wipe retry logic to handle lingering file handles held by background services.

File Systems

• Added heuristics to detect deduplication-based block overrides, recommending cryptographic erase where necessary.
• Enhanced detection of logical vs physical size mismatches in sparse or compressed files.

---

Security Notes

• Immutable Python objects (bytes, str) still cannot be securely zeroed; documentation now includes a compatibility matrix for all buffer types.
• Added guidance explaining how tracing/profiling tools may temporarily retain references to sensitive buffers.
• Reinforced recommendation to pair cryptographic erase with overwrite methods for SSDs and CoW filesystems.

---

Threat Model Adjustments

ZeroizePy additionally protects against:

• Partial persistence of temporary buffers created implicitly during I/O operations.
• Residual plaintext exposure in multithreaded cleanup routines.

ZeroizePy still cannot defend against:

• Hypervisor-level snapshots in cloud or container environments.
• Kernel modules capable of intercepting memory before zeroing.
• GPU/accelerator memory leaks (support planned in future versions).

---

Fixes & Internal Improvements

• Resolved timing inconsistencies in wipe loops under heavy I/O load.
• Tightened exception paths to ensure FileAccessError fires before any incomplete wipe.
• Expanded test suite with new stress scenarios for concurrent secure memory operations.
• Revised documentation to clarify logical deletion, overwriting, and cryptographic erasure strategies.

---

Documentation Updates

• Updated Quick Start with an end-to-end “secure file lifecycle” example.
• Added troubleshooting table for common OS-specific limitations.
• Clarified semantics of SecureMemory.close() vs SecureMemory.zero() to prevent misuse.

ZeroizePy v1.1.3 – Enhanced Reliability and Security Refinements

ZeroizePy v1.1.3

Release Date: 2025-12-05

---

New Features

• Introduced a unified wipe_file() high-level helper that automatically selects the safest supported strategy per platform.
• Added internal reference counters to improve tracking of SecureMemory buffer lifecycle events.
• Implemented more granular debug flags for developers testing memory-zeroing visibility across OS configurations.

---

Behavior Improvements

Linux/macOS

• More stable sparse-file detection on layered and complex filesystems.
• Clearer warnings when wiping unsupported virtual mounts (FUSE, encrypted volumes, etc.).
• Zeroing routines now emit detailed diagnostics when libsodium is unavailable, specifying which features fall back to software-only erasure.

Windows

• Improved memory-locking stability under WSL2 and container environments.
• Reduced false-positive alerts caused by Windows duplicating memory pages internally.
• Reworked file-wipe retry logic to handle lingering file handles held by background services.

File Systems

• Added heuristics to detect deduplication-based block overrides, recommending cryptographic erase where necessary.
• Enhanced detection of logical vs physical size mismatches in sparse or compressed files.

---

Security Notes

• Immutable Python objects (bytes, str) still cannot be securely zeroed; documentation now includes a compatibility matrix for all buffer types.
• Added guidance explaining how tracing/profiling tools may temporarily retain references to sensitive buffers.
• Reinforced recommendation to pair cryptographic erase with overwrite methods for SSDs and CoW filesystems.

---

Threat Model Adjustments

ZeroizePy additionally protects against:

• Partial persistence of temporary buffers created implicitly during I/O operations.
• Residual plaintext exposure in multithreaded cleanup routines.

ZeroizePy still cannot defend against:

• Hypervisor-level snapshots in cloud or container environments.
• Kernel modules capable of intercepting memory before zeroing.
• GPU/accelerator memory leaks (support planned in future versions).

---

Fixes & Internal Improvements

• Resolved timing inconsistencies in wipe loops under heavy I/O load.
• Tightened exception paths to ensure FileAccessError fires before any incomplete wipe.
• Expanded test suite with new stress scenarios for concurrent secure memory operations.
• Revised documentation to clarify logical deletion, overwriting, and cryptographic erasure strategies.

---

Documentation Updates

• Updated Quick Start with an end-to-end “secure file lifecycle” example.
• Added troubleshooting table for common OS-specific limitations.
• Clarified semantics of SecureMemory.close() vs SecureMemory.zero() to prevent misuse.

ZeroizePy v1.1.2 – Enhanced Reliability and Security Refinements

ZeroizePy v1.1.2

Release Date: 2025-12-06

New Features

Introduced a unified wipe_file() high-level helper that automatically chooses the safest supported strategy per platform.

Added internal reference counters to improve tracking of SecureMemory buffer lifecycle events.

Implemented more granular debug flags for developers testing memory-zeroing visibility on different OS configurations.

Behavior Improvements
Linux/macOS

More stable sparse-file detection, especially on complex layered filesystems.

Improved clarity of warnings when attempting to wipe unsupported virtual mounts (FUSE, encrypted volumes, etc.).

Zeroing routines now emit detailed diagnostics when libsodium is unavailable, clarifying which features fall back to software-only erasure.

Windows

Improved memory-locking stability when running under WSL2 or containers.

Reduced false-positive alerts when Windows duplicates memory pages during internal buffer copies.

Reworked file-wipe retry logic to better handle flaky Windows file handles still “held” by background services.

File Systems

Added a new heuristic to detect when filesystems override block writes with deduplication logic, prompting a cryptographic erase recommendation.

Enhanced detection of logical vs. physical size mismatches for sparse and compressed files.

Security Notes

Immutable Python objects (bytes, str) still cannot be securely zeroed. Documentation now includes a clear compatibility matrix for all buffer types.

New section explains how Python-level tracing/profiling tools may briefly retain references to sensitive buffers.

Emphasis added on pairing cryptographic erase with traditional overwrite for maximum resilience on SSDs and CoW filesystems.

Threat Model Adjustments

ZeroizePy additionally protects against:

Partial persistence of temporary buffers created implicitly by I/O helpers.

Residual plaintext exposure during multithreaded cleanup routines.

ZeroizePy still cannot defend against:

Hypervisor-level snapshotting in cloud or container-based environments.

Kernel modules capable of intercepting memory before zeroing completes.

GPU/accelerator memory leaks (future support planned).

Fixes & Internal Improvements

Resolved timing inconsistencies in wipe loops under heavy I/O load.

Tightened exception paths to ensure FileAccessError always fires before incomplete wipes.

Expanded test suite with new stress cases for concurrent secure memory operations.

Revised documentation for a clearer distinction between logical deletion, overwriting, and cryptographic erasure strategies.

Documentation Updates

Updated Quick Start with an end-to-end “secure file lifecycle” example.

Added troubleshooting table for common OS-specific limitations.

Clarified semantics of SecureMemory.close() vs SecureMemory.zero() to avoid misuse.

ZeroizePy v1.1.1

ZeroizePy v1.1.1

Release Date: 2025-12-05

New Features

• Improved error handling for SecureMemory allocation failures on all platforms.

• Added internal consistency checks for file wiping operations.

• Expanded Quick Start examples with secure file deletion and memory cleanup snippets.

Cross-Platform Behavior Highlights

Linux/macOS

• Full support for symlink handling and follow_symlinks options.

• Sparse file detection via improved heuristics.

• SecureMemory zeroing remains observable in most test environments (libsodium still recommended for guarded pages).

Windows

• Platform-specific differences preserved; unreliable cases continue to be skipped in tests.

• SecureMemory zeroing observability still limited due to OS-level protections and Python memory copies.

• Memory locking behavior improved when libsodium is available; fallback path refined for clearer warnings.

File Systems

• COW filesystems (btrfs, ZFS) and many SSDs may prevent full physical overwrite; cryptographic erasure remains the recommended strategy.

Security Notes

• Immutable Python objects (bytes, str) cannot be securely zeroed; bytearray or memoryview remain the preferred options.

• Using .close() or context managers ensures deterministic zeroing and resource cleanup.

• OS-level disk-erasure utilities (hdparm, NVMe format, diskutil, BitLocker) remain unsafe for routine use without a full understanding of their implications.

• Python’s garbage collector may temporarily retain memory; cryptographic erase minimizes exposure for encrypted workloads.

Threat Model

ZeroizePy protects against:

• Forensic recovery of overwritten files.

• Accidental retention of plaintext in process memory.

• Recovery attempts after cryptographic key destruction.

• Undeleted temporary files and leaked buffers.

• Unsafe storage of sensitive data in Python bytes.

ZeroizePy cannot defend against:

• Full-disk snapshots (btrfs, ZFS, VM checkpoints).

• SSD wear-leveling remaps.

• Kernel-level memory scanners, DMA access, or hostile VMs.

• Malware running inside the same Python interpreter.

• Cloud-provider block-level backups or snapshots beyond user control.

Partial Mitigations

Risk | Mitigation in ZeroizePy -- | -- SSD wear-leveling | Cryptographic erasure recommended Python copying memory | Encourage bytearray / memoryview usage OS restrictions on locked pages | Fallback paths with explicit warnings Hard failures during deletion | Raises FileAccessError

Fixes & Improvements

• Corrected edge cases in sparse-file handling and wipe procedures.

• Added more robust diagnostic messages for SecureMemory failures.

• Refined APIs and internal cleanup routines based on community usage.

• Updated documentation with clearer platform-specific security considerations.

Changelog Reference

See CHANGELOG.md for the full version history, including previous releases and upcoming planned enhancements.

ZeroizePy v1.1.0 – Quick Start, Threat Model, and Cross-Platform Fixes

ZeroizePy v1.1.0

Release Date: 2025-12-04

New Features

• Added a Quick Start “Hello World” example for fast onboarding.

• Enhanced Windows support for SecureMemory (with caveats due to OS memory handling).

• Added threat model section in documentation.

• Expanded security notes for cross-platform behaviors.

Cross-Platform Behavior Highlights

• Linux/macOS

  • Fully supports symlink handling and follow_symlinks options.

  • Sparse file detection via heuristics.

  • SecureMemory zeroing observable in tests (with libsodium recommended for guarded pages).

• Windows

  • Some behaviors differ; tests skip unreliable cases.

  • SecureMemory zeroing is less observable due to Python memory copies and OS protections.

  • Memory locking relies on libsodium; fallback available but less secure.

• File Systems

  • COW filesystems (btrfs, ZFS) and SSDs may not fully erase overwritten blocks; cryptographic erase recommended.

Security Notes

• Immutable Python objects (bytes, str) cannot be securely zeroed; prefer bytearray or memoryview.

• Always use .close() or context managers to guarantee zeroing of memory buffers.

• OS-level erase wrappers (hdparm, NVMe format, diskutil, BitLocker) are dangerous; use only with full understanding.

• Python garbage collector may temporarily retain memory; cryptographic erasure mitigates risk for encrypted data.

Threat Model

ZeroizePy protects against:

• Forensic recovery of overwritten files.

• Accidental retention of plaintext in process memory.

• Recovery after cryptographic key destruction.

• Undeleted temp files and leaked memory buffers.

• Users mistakenly loading sensitive data into Python bytes.

ZeroizePy cannot defend against:

• Full-disk snapshots (btrfs, ZFS, VM snapshots).

• SSD wear-leveling remapping.

• Kernel-leve...