- Support for GHC 9.12
- Support for GHC 9.10
- Add readme to extra-source-files so that it appears on hackage
- Breaking change in order to make the API and the implementation more secure.
- There is a new HaveIBeenPwnedResult_Secure constructor which signals that the given password was not found in any database.
- The
HaveIBeenPwnedResult_Disclosedconstructor has been renamed toHaveIBeenPwnedResult_Pwned, as its behaviour changed. (Valid passwords are no longer signalled by this constructor.)
- Also internally, a "not found in database" is no longer represented as a disclosed count of zero. This improves security in the case of an incorrect database entry, having a disclosed count of 0, which would make this library report that password as "secure", although it actually has been leaked.
- Initial release